Monday, 14 November 2016

SWIFT Premium Services Forum Europe 2016

Next week in Berlin we will be attending SWIFT's PSF EMEA forum to lead delegates in a panel discussion on developing secure culture within a business.

Open exclusively to subscribers to SWIFT’s Premium suite of services, this exclusive event is an unrivalled opportunity for networking with peers, discussing challenges and exchanging experiences to continue to enhance operational excellence.

The theme for this year’s event is Operations – Collaboration – Excellence exploring through innovative and highly interactive sessions how far collaborative solutions have developed during the last year and identifying new opportunities for working together to address the issues we all face.


Building a culture of security


The need to make Security part of the corporate DNA by building a culture of security in all areas of an organisation has never been more critical.

Whether staff are involved in reinforcing the protection of critical infrastructures and applications against evolving threats, or in meeting more demanding auditing and regulatory requirements, awareness of the important part they play is key in effective defence.

In this plenary session, we will explore how to foster a sense of ownership so that everyone involved in managing critical environments is ready to embrace their critical role.
Wednesday, 9 November 2016

Cyber Crime – managing risk in an interconnected world

Next week we are at the Turnaround Management Association (TMA) UK annual conference. Presenting on the risks and disruption that today's cyber criminals, we will bring this topic to life with real life examples that will amaze you.

Disruption is changing our lives, it touches every industry, clients and customers, but the opportunities for true business leaders and criminals are immense.

Managing Disruption is the 2016 theme for this year's conference. Sign up as a delegate and join us at the magnificent lecture theatre of the British Library.
Saturday, 26 March 2016

A hard perimeter defence alone isn't enough

With the rapid adoption of blended on- and off-premise technology solutions, the traditional security perimeter is fast paling into insignificance. Information increasingly resides beyond the corporate boundary as data moves to mobile devices, cloud services, and other locations outside of the organisation’s network. Users are becoming more mobile and business stakeholders are increasingly specifying the shrink wrapped solutions they wish to consume.

These demands increasingly blur the corporate boundary and make management more complex, presenting an ever increasing challenge for those trying to maintain security of the organisation’s information assets. More than ever, these factors mean that the security approach now needs to be agile, layered, and responsive to users, but lets not forget that the internal threat remains.

Maintaining visibility of where data resides, how it is accessed and where it is used is key to any security strategy. In the past this was very straightforward as all data remained within an organisation on its network, PCs and servers. Even the traffic to the Internet passed through narrow choke points, but no more. Achieving the required visibility is much more complex today.

It’s impossible to adequately secure information without understanding where it rests, who has access to it, and how it is transmitted. While some visibility of data movements still exists within the corporate network, it isn’t complete. Unmanaged devices, particularly those not connecting via the corporate network, may access cloud services directly and as such data movements are largely invisible.

While cyber threats are without doubt an important consideration, we should not forget the internal threat. A robust perimeter may be a good first line of defence, but it does little to protect against those with legitimate physical and logical access within that perimeter. Multiple levels of defence, comprehensive monitoring, alerting and timely investigation and response are now essential components necessary to complement risk and vulnerability assessments.

AgilityIS can work with you, advising on current good practice, to ensure that appropriate security is implemented in a cost effective and pragmatic manner.
Monday, 7 March 2016

Layered context aware security monitoring is a necessity

A successful security management system must be layered, as well as agile. To provide robust security, a combination of preventative and detective controls must be applied to the network, hosts and devices, applications, services and transports as well as to the data itself, creating defence in depth.

Correlating events from multiple sources, both logical and physical, using a security information and event management solution (SIEM) allows anomalies to be identified. The SIEM should be context aware, able to understand normal behaviour patterns including time, location, device, connection method, application and information requested.

Draw on our experience to understand how to obtain the security intelligence you need. Our dedicated team can help you make informed decisions.