3. Overview
• Brief introduction to what this niche segment
is all about
• IT Security comprises:
o People, Processes & Technologies
o Network, Application, Database, Endpoint, Messaging
o Policy definition, Policy enforcement, Monitoring &
Reporting
4/5/2010 Soumitri 3
4. Industry Perspective - People
• Identity and Access Management
– Identity Management
• Enterprise Employee Directory
– Access Management
• Single Sign On, Web Sign On, Tokens, Smart Cards, etc
– Privilege Management
• Layered solutions, Segregation of Duties
– Audit & Reporting
– Education & Training
4/5/2010 Soumitri 4
8. What is DLP?
• Data Leak Protection:
“Systems that identify, monitor, and protect data in use, data in motion,
and data at rest through deep content inspection, contextual security
analysis of transaction and with a centralized management framework”
• Data at Rest – Endpoint actions
• Data in Motion – Network actions
• Data in Use – Data storage
• Systems are designed to detect and prevent the unauthorized
use and transmission of confidential information
4/5/2010 Soumitri 8
9. DLP Process
1) Define Confidential Policy
2) Discover Exposed Data
3) Enforce Policy
4) Feedback & Corrective Mechanism
5) Report Generation and Management
4/5/2010 Soumitri 9
11. Conclusion
• Internal IT Security is an evolving technology
• It is a niche area requiring domain & technical
expertise
• Compliance: PCI, SOX, BASEL II, GLBA
– At least one compliance knowledge is needed
• Certifications: SSCP, CISSP
• More Info: International Information Systems
Security Certification Consortium website
4/5/2010 Soumitri 11
12. Conclusion (2)
• Career Path: External Security Consultants, IT
Security Officer, CISO
• Management & Communication skills are
required
• Firm Knowledge of:
– Organization’s strategic objectives
– Management issues
– Impact of Security policies on Business functions
– Comprehensive Technical Info
– Future Trends
4/5/2010 Soumitri 12