You’re the IT Heroes

You’re the IT HeroesJohn Craddock johncra@xtseminars.co.uk

When All Fails

The Heroes

Who Do We Blame?

Microsoft !

We can build systems that are truly reliable

NO

But is that fair Today?

What Does It Take?• Governance• Knowing what we have• Well practised policies and procedures– Security, management and deployment

• Monitoring• Closing the loop• Budget

Governance

CXOs

IT ArchitecturalBoard

Security ReviewBoard

Defines how we operate

Ultimate decision on infrastructure changes

Rules for delegated administration

Teeth required! Interest required!

Business Requirements

Knowing What you’ve Got

If you don’t know what you’ve got you can’t protect it

If It All Fails• Make sure you can recover it– You must have well documented and tested

disaster recovery plans• Test them regularly• Make sure enough staff are trained

• Know when to invoke the plan

Change Control• Document all changes• Automate as many processes as you can• Test test test• You need a test and reference environment– Reference should “mirror” production and be

under change control

Updates

Updates are essential

Monitoring

Good monitoring and planned response

Stop an event turning into aDisaster

Closing the Loop

All Process Loops Must Close

Security PolicySecurity RiskManagement

Process

Identifies threats,risks and mitigations

Document Processes and

Procedures

What you say you do and

how you do it

Operations

What you really do

Statement of what you must do to

secure the environment

How do you get the budget?

You Need to Sell the Process• Talk to an asset owner: – “How much would it cost the company if the

sales agents could not work for a day”• $200,000 per day

• How long would it take your team to clean malware off all the sales computers?– 3 days– Loss: 3 x $200,000 = $600,000

• How much would it cost to instigate a security process that mitigated the risk?– Estimated 6 weeks for team, cost $50,000

What’s she after? Her smile’s too

big

Gooddocumentation

Money Please….

Currently we don’t have an effective security process. The chances of sales computers being compromised is high.

While we recover the systems the company will loose $600,000

If we had a good security management in process in place, the risks of being

compromised are low.Initial project costs estimated at $50,000

$600,000 vs $50,000 and of course it

could happen more than

once!

Oh, and if we lost the confidentiality of customer’s personal identity

information, YOU could end up in PRISON!

Some Great Tools

Incident Management

Operations Management

ConfigurationManagement

Change Management

Joining up the storyOrchestrationAutomationWorkflow

How Cool Is That?

Don’t be the fire-fighting Hero

Form the perfect orchestra

Be a Super Hero