Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Sword & Shield Strategic Security Assessment
1. Sword & Shield’s Strategic Security Assessment
A Holistic Assessment of your Security and Compliance Posture
1
Image From ISACA
2. 2
The security safeguards and regulatory compliance initiatives for your organization
are multifaceted, often encompassing a combination of technical and administrative
initiatives.
Perhaps you’ve just come to the realization that you need to have a better
understanding of how all the security puzzle pieces fit together.
3. Data Governance One
3
Think about your environment including
your processes, technology, your
people, your company culture, and the
need to securely protect your
information including your intellectual
property from internal and external
threats.
Image from Overtis Systems
4. During a recent strategic security that I was working on
for a large company in the entertainment industry, I
came across a risk finding that I had encountered many
times before but not on the scale I was accustomed to
seeing.
Data Governance
Your more technically minded staff may be concerned about the
configuration and effectiveness of your organization’s
• Firewalls
• Access Control
• Virtualization Technologies
• Server and workstation hardening best practices
• Content filtering solutions
• Encryption technologies
• Intrusion Detection Systems
• ..more
4
5. During a recent strategic security that I was working on
for a large company in the entertainment industry, I
came across a risk finding that I had encountered many
times before but not on the scale I was accustomed to
seeing.
Data Governance
Your administrative and technical management should be concerned
about:
• Effective policies and procedures
• Effective security awareness training
• Changes to regulatory compliance requirements
• Protecting your public facing presence (company website)
• Cloud service data protection agreements
• Preparedness for responding to a security incident
• Business continuity capabilities
• ..more
5
6. During a recent strategic security that I was working on
for a large company in the entertainment industry, I
came across a risk finding that I had encountered many
times before but not on the scale I was accustomed to
seeing.
Data Governance
The company leadership is concerned with:
• Balancing security and compliance while still getting the job done
• Changes to the company culture when introducing new security
mandates
• Making the correct security investment that will provide the most
return for the money spent
6
7. During a recent strategic security that I was working on
for a large company in the entertainment industry, I
came across a risk finding that I had encountered many
times before but not on the scale I was accustomed to
seeing.
Data Governance
OR:
• The proper vetting, selection and use of cloud services solutions
• What makes sense in your organization for using cloud services?
• Just how secure are cloud solutions when it comes to securing your
data?
7
8. During a recent strategic security that I was working on
for a large company in the entertainment industry, I
came across a risk finding that I had encountered many
times before but not on the scale I was accustomed to
seeing.
Data Governance
The Strategic Security Assessment can be broken down into:
• Administrative Safeguards
• Technical Safeguards
• Data Governance
• Risk Assessment
• System Architecture
• Cloud Services
8
9. During a recent strategic security that I was working on
for a large company in the entertainment industry, I
came across a risk finding that I had encountered many
times before but not on the scale I was accustomed to
seeing.
Data Governance
Sword & Shield’s Information Systems Strategic Security Assessment
will provide you with a comprehensive look into your people,
processes, technology, and organizational strategies for achieving and
maintaining a secure and compliant environment.
Our subject matter experts are not simply applying book knowledge
when assessing your environment. Our assessors are seasoned
specialists in the field of system and network security, system
architecture, regulatory compliance requirements such as NIST, HIPAA,
PCI, EI3PA and much more.
9
10. During a recent strategic security that I was working on
for a large company in the entertainment industry, I
came across a risk finding that I had encountered many
times before but not on the scale I was accustomed to
seeing.
Data Governance
Administrative Safeguards covered in this assessment include but are
not limited to:
• Policies and Procedures
• Staff Training Programs for Privacy and Security Awareness
• Data Governance and Data Classification
• Risk Assessment
• System Architecture
• Business Continuity Plans
• Incident and Breach Response Plans
• Specific Regulatory Compliance Requirements
• Service Agreements for Cloud Services Review
10
11. During a recent strategic security that I was working on
for a large company in the entertainment industry, I
came across a risk finding that I had encountered many
times before but not on the scale I was accustomed to
seeing.
Data Governance
Technical Controls covered in the Strategic Security Assessment include
but are not limited to:
• Access Control
• Encryption
• Audit Controls
• Transmission Security
• Intrusion Detection
• Patch Management
• Physical/Facility Security
• Virtualization Security
• System Hardening
• Active Directory
11
12. During a recent strategic security that I was working on
for a large company in the entertainment industry, I
came across a risk finding that I had encountered many
times before but not on the scale I was accustomed to
seeing.
Data Governance
The Strategic Security Assessment Network Architecture Review
includes an expert assessment of:
• Current Network Technologies In Use
• Network Segmentation
• Managed or hosted services models including hybrid architectures
• Cloud Services
• Firewalls
• Intrusion Detection
• ..more
12
13. During a recent strategic security that I was working on
for a large company in the entertainment industry, I
came across a risk finding that I had encountered many
times before but not on the scale I was accustomed to
seeing.
Data Governance
We also review your facility and physical access controls
13
14. During a recent strategic security that I was working on
for a large company in the entertainment industry, I
came across a risk finding that I had encountered many
times before but not on the scale I was accustomed to
seeing.
Data Governance
Deliverables include a comprehensive Strategic Assessment Report and
a Security Roadmap with remediation recommendations based on the
assessment findings.
14
15. During a recent strategic security that I was working on
for a large company in the entertainment industry, I
came across a risk finding that I had encountered many
times before but not on the scale I was accustomed to
seeing.
Data Governance
The Sword & Shield Strategic Assessment provides the all
inclusive information about your current security and
compliance posture that you need to know.
15
16. During a recent strategic security that I was working on
for a large company in the entertainment industry, I
came across a risk finding that I had encountered many
times before but not on the scale I was accustomed to
seeing.
Data Governance
Questions?
16
Notas do Editor
Emphasis on this assessment being holistic and comprehensive
Discuss the increasing difficulty maintaining a good handle on all things security and compliance in the customer’s organization.
Network security is more than a pen test or applying the latest security patches to a network device. Those are very important tasks but are part of the bigger security picture.
Here are many of the technical controls that will be assessed.
Policies and procedures such as BYOD, use of social media, change management, acceptable use, server security, anti-virus, workforce clearance, etc. to name a few,
Also, disaster recovery planning, incident response planning, making sure your cloud service agreements provide data destruction and data reclamation clauses.
The assessment can potentially save the company money by reviewing technology in place, how it is configured or tuned and what solutions are the most economical for closing the gap on a particular security deficiency.
Cloud storage services are everywhere and many employees are using personal cloud services that fall outside of their employer’s business controls. Could this be happening in your environment.
Again the Strategic Assessment takes the comprehensive approach an assessment in each of these areas,
Our staff includes seasoned experts with industry certifications on a large variety of security products. We have firewall specialists, compliance specialists, PCI QSA’s HIPAA compliance experts, former staff that have worked in highly classified government installations and much more.
Not an all inclusive list but covers the big hitters.
This is not an all inclusive list here but covers the big hitters.
Again, some of the mandatory items assessed.
Self explanatory
The deliverables are detailed and comprehensive. Security deficiencies are assigned a risk value of low to high and are ranked by order of criticality in the final reports and in the roadmap.
Scoping and pricing are determined by a lot of factors. Generally, the minimum number of hours for an engagement such as this is 50 but for very small shops, this can be reduced to 35-40. For medium to large organizations, the estimated labor effort can increase to 150-200 hours. Please engage our Enterprise Solutions staff for questions related to scoping. A short conversation between sales, the customer, and our service delivery team will help expedite the sales cycle.