you’re the it heroes
DESCRIPTION
You’re the IT Heroes. John Craddock [email protected]. When All Fails. The Heroes. Who Do We Blame?. Microsoft !. But is that fair Today?. NO. We can build systems that are truly reliable. What Does It Take?. Governance Knowing what we have - PowerPoint PPT PresentationTRANSCRIPT
You’re the IT HeroesJohn Craddock [email protected]
When All Fails
The Heroes
Who Do We Blame?
Microsoft !
We can build systems that are truly reliable
NO
But is that fair Today?
What Does It Take?• Governance• Knowing what we have• Well practised policies and procedures– Security, management and deployment
• Monitoring• Closing the loop• Budget
Governance
CXOs
IT ArchitecturalBoard
Security ReviewBoard
Defines how we operate
Ultimate decision on infrastructure changes
Rules for delegated administration
Teeth required! Interest required!
Business Requirements
Knowing What you’ve Got
If you don’t know what you’ve got you can’t protect it
If It All Fails• Make sure you can recover it– You must have well documented and tested
disaster recovery plans• Test them regularly• Make sure enough staff are trained
• Know when to invoke the plan
Change Control• Document all changes• Automate as many processes as you can• Test test test• You need a test and reference environment– Reference should “mirror” production and be
under change control
Updates
Updates are essential
Monitoring
Good monitoring and planned response
Stop an event turning into aDisaster
Closing the Loop
All Process Loops Must Close
Security PolicySecurity RiskManagement
Process
Identifies threats,risks and mitigations
Document Processes and
Procedures
What you say you do and
how you do it
Operations
What you really do
Statement of what you must do to
secure the environment
How do you get the budget?
You Need to Sell the Process• Talk to an asset owner: – “How much would it cost the company if the
sales agents could not work for a day”• $200,000 per day
• How long would it take your team to clean malware off all the sales computers?– 3 days– Loss: 3 x $200,000 = $600,000
• How much would it cost to instigate a security process that mitigated the risk?– Estimated 6 weeks for team, cost $50,000
What’s she after? Her smile’s too
big
Gooddocumentation
Money Please….
Currently we don’t have an effective security process. The chances of sales computers being compromised is high.
While we recover the systems the company will loose $600,000
If we had a good security management in process in place, the risks of being
compromised are low.Initial project costs estimated at $50,000
$600,000 vs $50,000 and of course it
could happen more than
once!
Oh, and if we lost the confidentiality of customer’s personal identity
information, YOU could end up in PRISON!
Some Great Tools
Incident Management
Operations Management
ConfigurationManagement
Change Management
Joining up the storyOrchestrationAutomationWorkflow
How Cool Is That?
Don’t be the fire-fighting Hero
Form the perfect orchestra
Be a Super Hero