This provides an update on the new ICT challenges for Security and how to address them in a practical way. This presentation was conducted at Burj AlArab in Dubai during the Gitex conference organized by Datamatix.

1. Implementing New Approaches of Global ICT Security Management +973-36040991 [email_address]

4. eCrime 2009 – UAE Costly

5. Complexity is a big issue FIREWALLS EMAIL HYGIENE COMPLIANCE POLICY IM / VolP SECURITY 1990 2000 2005 2010 TIME VolP & Unified Messaging Content Control Spam +AV Control Perimeter Security

6. ICT Risks are changing

7. More sophisticated Attacks

8. Criminals Hacking is now a business

9. Hacker don’t follow rules?

10. There is much more?

11. Importance of Critical Infrastructures

12. People is the biggest problem?

13. Technology Process People Technology is not enough

14. Scope of Security Management & Value

15. Security focus on Business

16. Integrated Security Mgmt Business Security Management Physical Security Management ICT Security Management

17. Infrastructure Best Practices

18. Risk Classification

19. Managing Risk Threats Vulnerabilities Controls Risks Assets Security Requirements Business Impact exploit expose increase increase increase have protect against met by indicate reduce

20. Business View Service and Continuity Customer Focus Managing Risks Operation Risk Controls Auditing Governance & Compliance IT Infrastructure Disaster Recovery High Availability Views of Security and Risk Management

23. How to achieve organization goals and objectives Organization Goals and Objectives How to perform the activities that are needed Artifacts used to perform activities References to use for efficient performance Best Practices Structure

24. Managed Security Framework Desktop Network Servers Databases Storage Applications Monitoring, Automation Tools ITIL Compliant Best Practices Aggregated Reporting / Portal / I2MP, Service Desk Redundancy / High Availability / Disaster Recovery Onsite Offsite Vendor A Vendor B Call Center Center of Excellence

26. CIO Security Metrics

27. Not enough security – system is at risk Too much security – system is unusable Practical Security Mix

28. Protection Detection Response SECURITY P>D+R Security = Time Anti-virus VPN Firewall Access Control Intrusion Prevention Managed Services Patch Mgmt CIRT Vulnerability Testing Intrusion Detection Log Correlation CCTV

29. Security in Depth

30. Security in Depth Revised People Technology Process Prevent Respond/ Recover Detect

31. Knowledge fills gaps SETA = Security +Training + Awareness + Education

32. Transformation Optimization Due Diligence Transition Plan Implementation Process

33. Chose right balance Controls & Trade-Offs Secure Fast/Easy Cheap

34. ICT Security Skilled Resources Logical Physical Integration Best Practices Continuous Model Security with 20/20 Vision

35. Questions