| |
MSS – Managed Security Services
GISPM – Global
Information Security Project Management
by
Dipl. Ing. Dr. Bernhard Bowitz
CISSP,AISP,CISA,CISM,MCP,ISO27001,BSI cert.
What is / are Global Information Security Threats
to be managed by MSS
What is / are Global Information Security Threats to be
managed by MSS
Network and
Application Layer Attacks
Social Engineering Advanced
Persistent Threats
Organized Cybercrime
Disruption or
suspension of servers and network resources connected to the Internet
Easy attack for anyone to
launch, very difficult for enterprises to resolve on their own
DDoS attack
packages readily available to anyone on the black market
DDoS attacks may be launched by
cyber criminals to distract enterprise personnel from noticing
fraudulent transactions such as unauthorized data transfers
Also Called: Denial of Service (DoS) or Distributed Denial of
Service (DDoS)
Frequency: Very Common
Enterprises are frequently targeted by phishing attacks.
-
Users receive spoofed (fake)
emails used to acquire access to their accounts or acquire personall
identifying information
-
Fake emails are carefully
written to mirror actual emails normally sent out
-
Difficult to detect, as the
email source often appears legitimate. Also Called: Phishing or Spear
Phishing
Frequency: Very Common
“Backdoor” to your systems is established using vulnerabilities
-
Gather administrative
credentials and ex-filtrate valuable data
-
Using custom malicious code,
attackers remain undetected for as long as possible to continue to do
damage.
Also Called: APT
Frequency: Increasing Every Year
Risk of intellectual property theft
Ultimately
easier to prevent than to fix
cyber criminals specialize in selling personal information on
the black market
Also Called: Cybercrime Syndicates
Frequency: On The Rise
Major Data Breaches
-
Highly organized hackers using
robust infrastructure to target enterprises
-
steal customer data and sell
stolen data
-
Through a variety of methods,
sensitive information about enterprises and their customers is exposed
-
Business is disrupted
-
customer and company data is
compromised
-
recovery costs are enormous.
Also Called: Hacked, Accidentally Published, Poor Security,
Lost/Stolen Data, Inside Job
Frequency: In The News Every Month
Threats rising
Cyber security breaches are more common now than they have ever
been. While they don’t all make news
headlines, they affect numerous enterprises every single day.
Cloud Security ( such as Microsoft Azure, AWS, HPE…)
-
Developing
Security Concepts for Cloud infrastructures including an abstraction layer
that virtualizes resources and logically presents them to users through
application program interfaces and APIenabled command-line or graphical
interfaces
-
ESA –
enterprise security architecture - cloud computing architecture, cloud
infrastructure migrating back-end components - the hardware elements within
an enterprise data center
-
These include
multi-socket, multi-core servers, persistent storage and local area network
equipment,
such as switches and routers, in a MNC environment
-
working with
Cloud Security, Microsoft Azure, AWS, NetApp, HPE
-
Building a
typical Cloud Infrastructure – Secure Computing Infrastructure – Platform
and Storage
-
Infrastructure – Applications and Services – Cloud Clients
What exactly are these threats?
-
How are they carried out and
how can they impact costumer and user confidence you should know about
-
Solution: A Global Information
Security Manager
-
A Global
Information Security Project Manager
(GISPM)
will be responsible for
initiating and delivering the information security projects for an
enterprise globally
-
Managing
Information Security projects adhering to scope, budget and schedule in
order to improve an enterprises information security position
-
Developing a
cloud infrastructure security process
-
Working with
the division head to execute projects based on the budgeted activities
-
Managing the
projects of the enterprise globally
-
Leading
the regional teams to make sure that the global projects are delivered in
all regions successfully
-
Assessing
situations to determine the importance, urgency and risks, and make clear
decisions which
-
are timely and in the best interests of the organization
-
Leading project
teams distributed in different geographic locations
-
Travelling
globally as per the needs of the projects
-
Working with
teams/stakeholders in different time-zones
-
Working with
the lead Security Manager to understand overall global project and the
activities to be performed regionally
-
Coordinating
the regional activities and making sure that those are delivered as per the
global schedule
-
Reporting
regional status, issues and risks to the IT management (on CEO level) on a
timely basis
-
Travelling
regionally as per the needs of the projects
Responsibilities of a GISPM defining and planning the project:
These activities are driven by the IT globally with the
support/input from the regional IT management
Executing the project:
-
Assigning the
tasks to the resources
-
Ensuring the
execution of the global tasks by the respective team members
-
Coordinating
the execution of the regional tasks with the regional project managers
-
Resolving any
arising conflicts and issues on a timely manner
Controlling the project
-
Monitoring the
progress of the project and making adjustments as necessary to ensure the
successful completion of the project
-
Keeping the
respective division head and key stakeholders informed of the project
progress, risks,issues and mitigating controls
-
Monitoring all
budgeted project expenditures
-
Ensuring that
all financial records for the project are up to date
-
Ensuring
that the project deliverables are on time, within budget and at the required
level of quality
-
Ensuring that
all project information and or decisions are appropriately documented and
secured
Closing the project
-
Evaluating the
outcome of the project and communicating this to the management and to the
key stakeholders
-
Ensuring smooth
handover to the respective teams
-
Gathering
lessons learnt and using those to improve the process for the future
projects, train the local teams
A suitable MSS Project Manager must have
-
Certifications
for example:
CISSP,AISP,CISA,CISM,MCP,ISO27001,BSI GRUNDSCHUTZ, PhD
-
Additionally
shall have BS/MS in a discipline with IT focus degree
-
Minimum 10
years of Project Management experience
-
Minimum 15
years of IT experience
-
Experience in
working at international environments
-
Demonstrates
understanding of information security, web security, network security,
anti-malware and risk management
-
Experience
in creating an effective team environment, building relationships,
negotiation, solving problems and issues, resolving conflicts, managing
resources in a matrix environment and communicating
-
Good planning
and organization skills
-
Excellent
communication skills in English both written and spoken
-
German language
an advantage, as well other languages
-
Judgment and
decision making
-
Analytical
thinking & problem solving
-
Management and
leadership skills
-
Team player
-
Good
negotiation skills
-
Creative
thinking
-
Technical
skills
-
Efficient time
management
-
Taking
initiative
-
Fast adaptation
to new environments
-
Stress
tolerance
-
Ambition and
persistence to deliver under challenging conditions
-
Comfortable to
evolve in a changing environment
-
Conflict
management
-
Understanding
of different cultures
Conclusion
Manage all the projects adhering to scope, budget and schedule
Ensure the delivery of the assigned projects adhering to scope, budget and
schedule = GISPM
HOME Securescrypt.com
|
|