MSS – Managed Security Services
GISPM – Global Information Security Project Management
by Dipl. Ing. Dr. Bernhard Bowitz
CISSP,AISP,CISA,CISM,MCP,ISO27001,BSI cert.
What is / are Global Information Security Threats to be managed by MSS
What is / are Global Information Security Threats to be managed by MSS
Social Engineering Advanced Persistent Threats Organized Cybercrime
Easy attack for anyone to launch, very difficult for enterprises to resolve on their own
DDoS attacks may be launched by cyber criminals to distract enterprise personnel from noticing
fraudulent transactions such as unauthorized data transfers
Also Called: Denial of Service (DoS) or Distributed Denial of Service (DDoS)
Frequency: Very Common
Enterprises are frequently targeted by phishing attacks.
Users receive spoofed (fake) emails used to acquire access to their accounts or acquire personall identifying information
Fake emails are carefully written to mirror actual emails normally sent out
Difficult to detect, as the email source often appears legitimate. Also Called: Phishing or Spear Phishing
Frequency: Very Common
“Backdoor” to your systems is established using vulnerabilities
Gather administrative credentials and ex-filtrate valuable data
Using custom malicious code, attackers remain undetected for as long as possible to continue to do damage.
Also Called: APT
Frequency: Increasing Every Year
Risk of intellectual property theft
copy user accounts
loss of customers as a result of business disruption
Ultimately easier to prevent than to fix
cyber criminals specialize in selling personal information on the black market
using ransoms and blackmail
The FBI and U.S. Secret Services for example collaborate in investigating and fighting cybercrimes that target U.S. institutions.
Also Called: Cybercrime Syndicates
Frequency: On The Rise
Major Data Breaches
Highly organized hackers using robust infrastructure to target enterprises
steal customer data and sell stolen data
Through a variety of methods, sensitive information about enterprises and their customers is exposed
Business is disrupted
customer and company data is compromised
recovery costs are enormous.
Also Called: Hacked, Accidentally Published, Poor Security, Lost/Stolen Data, Inside Job
Frequency: In The News Every Month
Threats rising
Cyber security breaches are more common now than they have ever been. While they don’t all make news
headlines, they affect numerous enterprises every single day.
Cloud Security ( such as Microsoft Azure, AWS, HPE…)
Developing Security Concepts for Cloud infrastructures including an abstraction layer that virtualizes resources and logically presents them to users through application program interfaces and APIenabled command-line or graphical interfaces
ESA – enterprise security architecture - cloud computing architecture, cloud infrastructure migrating back-end components - the hardware elements within an enterprise data center
These include multi-socket, multi-core servers, persistent storage and local area network equipment,
such as switches and routers, in a MNC environment
working with Cloud Security, Microsoft Azure, AWS, NetApp, HPE
Building a typical Cloud Infrastructure – Secure Computing Infrastructure – Platform and Storage
Infrastructure – Applications and Services – Cloud Clients
What exactly are these threats?
How are they carried out and how can they impact costumer and user confidence you should know about
Solution: A Global Information Security Manager
A Global Information Security Project Manager (GISPM) will be responsible for initiating and delivering the information security projects for an enterprise globally
Managing Information Security projects adhering to scope, budget and schedule in order to improve an enterprises information security position
Developing a cloud infrastructure security process
Working with the division head to execute projects based on the budgeted activities
Managing the projects of the enterprise globally
Assessing situations to determine the importance, urgency and risks, and make clear decisions which
are timely and in the best interests of the organization
Leading project teams distributed in different geographic locations
Travelling globally as per the needs of the projects
Working with teams/stakeholders in different time-zones
Working with the lead Security Manager to understand overall global project and the activities to be performed regionally
Coordinating the regional activities and making sure that those are delivered as per the global schedule
Reporting regional status, issues and risks to the IT management (on CEO level) on a timely basis
Travelling regionally as per the needs of the projects
Responsibilities of a GISPM defining and planning the project:
These activities are driven by the IT globally with the support/input from the regional IT management
Scoping the project and outlining the work to be done
Calculating the budget
Determining required resources and ensuring that their roles and responsibilities are clear
Calculating the schedule
Executing the project:
Assigning the tasks to the resources
Ensuring the execution of the global tasks by the respective team members
Coordinating the execution of the regional tasks with the regional project managers
Resolving any arising conflicts and issues on a timely manner
Controlling the project
Monitoring the progress of the project and making adjustments as necessary to ensure the successful completion of the project
Keeping the respective division head and key stakeholders informed of the project progress, risks,issues and mitigating controls
Monitoring all budgeted project expenditures
Ensuring that all financial records for the project are up to date
Ensuring that all project information and or decisions are appropriately documented and secured
Closing the project
Evaluating the outcome of the project and communicating this to the management and to the key stakeholders
Ensuring smooth handover to the respective teams
Gathering lessons learnt and using those to improve the process for the future projects, train the local teams
A suitable MSS Project Manager must have
Certifications for example: CISSP,AISP,CISA,CISM,MCP,ISO27001,BSI GRUNDSCHUTZ, PhD
Additionally shall have BS/MS in a discipline with IT focus degree
Minimum 10 years of Project Management experience
Minimum 15 years of IT experience
Experience in working at international environments
Demonstrates understanding of information security, web security, network security, anti-malware and risk management
Good planning and organization skills
German language an advantage, as well other languages
Judgment and decision making
Analytical thinking & problem solving
Management and leadership skills
Team player
Good negotiation skills
Creative thinking
Technical skills
Efficient time management
Taking initiative
Fast adaptation to new environments
Stress tolerance
Ambition and persistence to deliver under challenging conditions
Comfortable to evolve in a changing environment
Conflict management
Understanding of different cultures
Conclusion
Manage all the projects adhering to scope, budget and schedule Ensure the delivery of the assigned projects adhering to scope, budget and schedule = GISPM