Non-IT presentation that delivers a message on the need of understanding the human factor, immortality through technology, the moment of NOW, building bridges, singularity,...
The first 46 slides are NOT relevant since the 'real' presentation starts in slide 47... This is one presentation to attend and cannot be followed just by seeing the slides...
5. El factor humano
Consideraciones sobre planificación de plantilla
• Teniendo en cuenta habilidades de comunicación, capacidades
técnicas, sociales
• Maximizando su experiencia y voluntad de ejecución
6.
7. Tamaño mercado CAGR = 10.4%
Mercado objetivo 50,000 14%
Gestión de infraestructuras
– Gestión de redes y sistemas 37,500 12%
Gestión de almacenamiento
Gestión de Seguridad
25,000 10%
Gestión de datos y aplicaciones
Gestión de desarrollo
12,500 8%
0 6%
Tamaño del mercado – Crece 2003 2004 2005 2006 2007
Tamaño mercado
exponencialmente Crecimiento
8. Crecimiento de Regulaciones de Coste corporativo y de
dispositivos móviles privacidad imagen pública
USB
Unidades Memory
vendidas Sticks
iPhone/
BlackBerry
Palm/Treo
PocketPC
+
Laptops
Desktops
1995 2000 2005 2010
La protección de datos es la prioridad
número 1 para los CISO
9. Procesos y Procedimientos
Servicio de Alerta Temprana
El SOC Local Asignado a la orden de trabajo desarrollará el trabajo siguiendo las
T3 Se ejecuta el PT002 directrices recogidas en PT002 – Procedimiento de Realización de Hacking Ético
bajo demanda
15. Antes Después
Descubrimiento Inventario
Activos en
servicio
Activos
Descubiertos
Ac$vos
Activos
Activos
licenciados
Monitorizados
Gestión de red Seguridad
16.
17.
18.
19. GOBIERNO TI
Demanda Pro
ces
os
Ciclo de vida Personas y
Servicios Proyectos
Negocio IT Portfolio IT
cas
Prá enas
cti
Bu
Servicios Activos
¿Alineación TI?
Proporcionar el mejor valor con los Facilitar a TI que cumpla su Mejorar la eficiencia de TI a través de
recursos disponibles promesa con el negocio procesos y Buenas Prácticas
20.
21. Procesos y Procedimientos
Servicio de Alerta Temprana
Se analiza la petición mediante el
procedimiento PG002 – se asigna
T2 a un SOC Local y se informa al
cliente
Una vez recibida la solicitud y evaluado la
completitud de la misma se ha de llevar a cabo
el PG001 – Procedimiento de asignación de
servicio de Hacking Ético
22. Ges$ón del
Planificar
Servicio
Rendimiento y
Salud Gestión del
Modelar
cambio
Gestión de
Metadatos
Entregar Codificar y automarizar
la aplicación
Aprovisionar
Pruebas
23. Fácil de perder Fácil de copiar Útil si es robada
490 € 147 €
®
147 € 98 €
Bluetooth
Valor en el ‘mercado negro’
La información debe ser protegida independientemente de:
Uso Localización Disposi$vo Acceso
25. Mainframe Unix Bases datos Windows MS Exchange
% funcional
Inte rfaz web 100
Usuario Directorio
A LDAP
Au utos Interfaz web IdM
tos erv
erv ici Entel IdM
ici o d Entrad
a auto
od ep mática
e p as
eti swo
cio rd
ne
s
Administración
Recursos delegada Internet
Humanos Sistema RRHH
27. Gestión del Servicio - Gestión de la entrega
Aprovisionamiento y aseguramiento de la calidad
Gestión del Servicio - Gestión del Soporte
Gestión de proyectos y portfolio
Priorizar proyectos TI en función de su valor para el negocio
Control centralizado de las peticiones
Gestión de activos TI Gestión financiera de TI
Asesorar acerca de activos Activar la medición del servicio
Gestión del cambio en software
Inciar las tareas y actividades de gestión del cambio
31. Cobertura total del entorno Asistente de aplicaciones
Administración centralizada Autenticación flexible
Operativa offline Integración con IAM
Single Sign-Off Encriptación
Gestión de sesiones Gestión de contraseñas
Migración de sesiones Bloqueo de estación
Failover One-Time Passwords
Monitorización estado SSO Aplicaciones sensibles
32. Gestión del DataCenter
Silos de Zonas de
SODC SaaS, IaaS y PaaS
aplicaciones virtualización (Internal Cloud) (External Cloud)
Apps
Servidores
Red
Almacenamiento
De silos………………………… …….………..…a Data Centers dinámicos
Auto‐
Centralizar Estandarizar Consolidar Virtualizar Automa$zar
servicio
33.
34.
35. Escalación de alarmas, Invocación de la
ACCIÓN Gestión de
consola de gestión, Modelo de respuesta
Gestión
Respuestas/Alertas
● correo ● Busca ● móvil ●
Presentación de
eventos/Informe Mostrar el evento, Análisis de tendencias,
Informes de Seguridad, Informes de
CONOCIMIENTO rendimiento, Salud de la Seguridad del sistema,
Descubrimiento de
patrones/Priorización asignar propiedad
Correlación de
eventos Priorización de evntos, Asociación de
eventos, Modelado de Seguridad
Agregación de
eventos
Monitorización
Normalización y
Reducción de los datos, Comparación de
INFORMACIÓN reducción de datos
eventos, De-duplicación de eventos
Filtrado de datos
Monitorización de eventos, Integración de
DATOS Repositorio de datos terceras partes, Soporte de protocolos
Captura de datos ● Syslog ● SNMP ● API ●
41. FÍSICOS VIRTUALIZADOS POOLED
R R
P P
1 2
HW HW HW HW HW
HW
HW HW HW HW HW
HW HW
HW HW HW
HW HW
42. Antivirus
Gestión del cambio/
Autenticación Gestión de parches
Detección
VPN Amenazas
Antivirus
LAN
Clientes
Filtrado
Antispyware URLs
Servidores
Firewall
43. Gestión necesaria en cada
Sistema de ges$ón
nivel
Gestión orientada a
objetivos
Acceso seguro
Gestión del riesgo
Recuperación frente a
desastres
Cargabilidad del uso de los
recursos ‘grid’
44. Quién Qué Dónde Cómo
Recursos Humanos Código Fuente Servidor de beneficios FTP
Atención al Cliente Planes de negocio Web con Spyware HTTP
Marke$ng Registros de cliente Alianza estratégica IM
Administración Planes de adquisición Blog P2P
Finanzas Información de pacientes Cliente SMTP
Ventas Estados financieros Cuadro del Consejo Impresora de red
Departamento Legal Información empleados Corea del Norte
Soporte Técnico Documentos técnicos Competencia
Ingeniería Información competencia Analista
45. 55%
Hardware
25%
25% Equipos de red y
Desarrollo 40% telecomunicaciones
Aplicaciones Gastos
Capital
10%
Software
10%
Mantenimiento
Aplicaciones
10%
Costes TI Lugar físico
60%
Costes
Infraestructura 55%
Personal
5% 20%
Administración Consumo
tráfico
60%
Gastos
Operación 10%
Mantenimiento
10%
Otros
46.
47. Factor humano
Colaboración
Sincronicidad
Inmortalidad
Gen X - GenY
Sostenibilidad
Optimismo
Resilience
Re-evolución
Talking Points:\nExplosive growth of mobile devices – mobile devices are getting more sophisticated and becoming desktop and laptop replacements\n38 U.S. states and a growing number of countries have laws in place to protect confidentiality of sensitive information. Specific industries (e.g. retail with PCI, financial services with GLBA) have also developed their own privacy guidelines and regulations. This trend is growing – not shrinking.\nRunning afoul of these regulations leads to public embarrassment, cost of disclosure, and recovery costs. Gartner estimates that companies can expect to spend between $200 and $1000 per record lost to recover from a data breach.\nAll of these drivers have made data protection the #1 priority of CISO’s, according to a Merrill Lynch CISO survey.\n
\n
\n
\n
\n
\n
\n
\n
3-layer architecture\n
Regarding IC, each organization needs to decide how important each attribute is for their business and this profile expresses the enterprise’s position and appetite for risk\n
\n
Business Service Optimization is about helping companies achieve IT governance and business and IT alignment. Business Service Optimization helps IT translate business demand into IT services and cost-effectively deliver those services to the business. \n\nAnd here’s how you can realize this vision:\n First off, there needs to be a single mechanism and process for capturing business demands. \n Second, IT has to be empowered to respond to those demands by delivering a service to the business. The service definition should include the performance (or service levels) that will be delivered and the costs associated with the service. By providing this kind of insight, IT can enable the business to make prioritization and trade-off decisions. \n Finally, the people, projects, and IT assets that support service delivery need to be optimized. \n\nConsider the following example. Suppose the business is a retailer with an online sales channel. The business has had a successful online store for some time, but they have found that their customer service department is spending a lot of time fielding calls from customers checking their order status and expected arrival dates. In order to reduce the number of calls being made to their customer support desk (and thereby reduce the cost of sale), the company would like to provide customers with an interface they can access to investigate the status of goods ordered. \n\nTo meet this demand, the IT department would need to create a new online application that integrates with the company’s order processing and inventory systems, and can retrieve information from the company’s distribution partners in order to provide the customer with up-to-the-minute insight into where the ordered goods currently are. Ideally, the IT department would let the business know the performance and costs that can be delivered—for instance, that the current architecture would be able to support 500 customers a minute with a response time of 5 seconds or less. If the business needs to support more customers per minute or provide better response times, the IT department should be able to provide insight into what the additional costs would be of server upgrades to attain the desired level of performance. \n
\n
\n
Align IT with your business – from requirements to service levels\nIntegrate application development and application management cycles\n\nCA’s Vision is about Life Cycle Management (LCM)\n\nWhat do we mean with LCM?\nTAM is about aligning application development to better serve the business by delivering an infrastructure to support the design, development, testing, management and service of business critical applications.\n\n\nCA’s vision for LCM is about\nBetter service to the business by alignment of IT Dev. and IT operations\nFaster delivery of higher quality applications\n\n\n\nSimpler environments and rapid deployment of new capabilities\nReduced:\nLabor and skill specialization\nCosts\nComplexity\nCustomization of vendor software\n\nCA’s solutions are integrated to derive immediate value. Examples of such integrations include:\nAllFusion Change Management Suite — Unicenter ServicePlus Service Desk \nAllFusion ERwin Data Modeler — Advantage Gen\nAdvantage Gen — AllFusion Change Management Suite\n
Protecting your data effectively requires different thinking. Data is easy to lose, easy to transfer, and very enticing to steal. Your security infrastructure must enable your data to protect itself regardless of how it is used, where it is located, what devices access it, and how users access it.\n
\n
\n
\n
<<Click>> - Service Management &#x2013; Service Support can be used as a central clearing house for all IT project requests. At this stage, requests for new projects can be quickly assessed and routed through to the project portfolio management system with all key decision makers and stakeholders identified.\n\n<<Click>> - During the assessment and prioritization phase, IT asset management solutions can be used to identify the technology resources required to support the project. Here such solutions as Unicenter Asset Intelligence can be used to provide management with the analysis needed to facilitate the most cost effective asset investment decisions, and highlight areas that could compromise project success.\n\n<<Click>> - Having identified asset requirements, software change management procedures can then be linked to an approved project. An important benefit here, is that change management becomes much more efficient since activities, tasks and resources are initiated in accordance with projects prioritized by business and IT (another illustration on alignment).\n\n<<Click>> <<Click>>- taking the process one step further IT Financial Management can be used to meter and measure the performance of the business-services, with Service Delivery solutions assisting with service deployment, activation and ongoing assessment of service quality against agreed service levels &#x201C;contracted&#x201D; between IT and the Business.\n
\n
\n
\n
CA SSO is a proven solution with all the necessary capabilities. Many of these features have already been described, but the ones that haven&#x2019;t are:\nOffline Operation - Users can access applications through CA SSO even when they are working remotely or offline. This enables workers to benefit from automated sign-on and improved security even when working with common offline applications such as Lotus Notes applications.\nSecure Encryption &#x2013; CA SSO encrypts login data in the data store and during all communications.\nSingle Sign-Off - When a user logs off CA SSO or their session is automatically terminated, a user&#x2019;s open applications can be gracefully closed down according to predefined parameters. This helps prevent incomplete data or actions from being improperly saved or discarded.\nSession Management &#x2013; CA SSO allows administrators to define session parameters such as the maximum number of sessions that a user can have active at the same time. This minimizes the risk of inappropriate access to sensitive applications when users forget to logoff in shared workstation environments.\nStation Lock &#x2013; Administrators can set inactivity timing for automated logoff if a session has been idle for a certain period of time.\nSession Migration - A user session can be restored later on the same or different workstation with all applications being restored where they were. This is enabled through out-of-the-box integration with Citrix MetaFrame.\nOne-Time Passwords - Application passwords for UNIX applications can be changed after each use to mitigate the risk of net work sniffing insecure protocols such as telnet. This is transparent to the user.\nFailover &#x2013; CA SSO can be configured to survive in the case of most disasters. It provides a hot backup service that is dynamic and automatic.\nServer Watchdog &#x2013; the CA SSO Server Watchdog constantly monitors the status of the Policy Server and can report this status to external devices and network monitoring software.\nSensitive Applications - Organizations can identify applications that are sensitive from a security or other perspective, and require the user to re-authenticate before running such applications.\n
\n
\n
\n
We built upon other disciplines like network management, asset management (CMDB) and storage management (backup & contigency plan) so as to provide a unique repository of information and began escalating in what we called &#x201C;The road to management&#x201D;\n&#x201C;You need to know what you have to be able to protect it&#x201D;\n
\n
\n
\n
\n
3-layer architecture\n
\n
So why is all of this happening? Why, given all the money spent on security, do these problems continue? \nThe answer is surprisingly simple. They exist due to &#x201C;perimeter-centric&#x201D; approaches to information security.\nThe majority of today&#x2019;s security solutions are perimeter-centric in the sense that they secure \nPerimeters (firewalls, VPNs, etc.) \nand resources (laptops, servers).\nWhile these solutions are necessary components of a comprehensive security strategy, they protect proxies to information, rather than the information itself.\nA Perimeter-centric approaches ignores the fact that information lives and moves throughout its lifecycle. \nWhen data leaves the protected assets, or perimeters, it is no longer secured.\nWhat has been done to date is necessary, but insufficient. \nWhat we need is a new approach that also secures the information itself, complementing the perimeter-centric approach \nProvides layered protection that defends in depth\nKeeps security decisions in the hands of security experts\nEnables your data and infrastructure to protect itself against security threats\n