setting up an security operations center soc a step by
play

Setting up an Security Operations Center (SOC) A step by step - PowerPoint PPT Presentation

Ministry of Science, People First, Performance Now Technology and Innovation Setting up an Security Operations Center (SOC) A step by step approach Abdul Rahman Mohamed Abdul Rahman Mohamed VP, IT Strategy, Risk & Delivery Group IT,


  1. Ministry of Science, People First, Performance Now Technology and Innovation Setting up an Security Operations Center (SOC) – A step by step approach Abdul Rahman Mohamed Abdul Rahman Mohamed VP, IT Strategy, Risk & Delivery Group IT, Malaysia Airlines 07 November 2012

  2. Ministry of Science, People First, Performance Now Technology and Innovation My apology…. I am standing between you and home sweet home. I’ll be On-Time.

  3. Ministry of Science, People First, Performance Now Technology and Innovation About the speaker… • • 19 years of experience 19 years of experience • Was CISSP and CISM • Oil and Gas, Banking and Consultancy • IT Strategy & Transformation, Governance, Risk & Security, IT Service Delivery, Project Management Management

  4. Ministry of Science, People First, Performance Now Technology and Innovation We are here to share our experience… • In setting up an internal SoC, as well as its journey and evolution • Its value to our business • The lesson learned • DISCLAIMER: It works for us.

  5. Ministry of Science, People First, Performance Now Technology and Innovation Allow me to introduce the Air Travel Industry….

  6. Ministry of Science, People First, Performance Now Technology and Innovation The Airline industry is glamorous, and a quick way to lose money….. “How do you become a millionaire ? First become a Billionaire First, become a Billionaire, then you run an Airline” – Sir Richard Branson

  7. Group IT is the enabler and IT partner of THE PREFFERED PREMIUM CARRIER … Ministry of Science, People First, Performance Now Technology and Innovation 2 + 6 2 + 6 Data Centers Data Centers (incl MHNet, SITA, Enrich) (incl MHNet, SITA, Enrich) Bergen Bergen Stockholm Stockholm Oslo Helsinki Stavenger Sandefjord Aberdeen 56 56 Gothenburg Glasgow Edinburgh Copenhagen Belfast Teesside Leeds Dublin Amsterdam applications applications Manchester London Frankfurt Vienna Brussels Munich Milan Geneva Tashkent Barcelona Rome Beijing Beijing Seoul Seoul Madrid Madrid Inch’on Inch’on Kansai Tokyo 16K 16K Athens Nagoya 14-15 mil 14-15 mil Fukuoka IT Devices IT Devices Shanghai Bahrain Guangzhou Pax /annum Pax /annum Hong Kong Doha Hanoi (2010/11) (2010/11) Muscat Yangon M Manila il Bangkok Siem Reap 45 45 Phnom Penh Phuket Cebu Ho Chi Minh Over 90 Over 90 Langkawi KUALA LUMPUR Colombo Penang FTEs FTEs Medan Kota Kinabalu Stations Stations Singapore Kuching (MW,FY,MH) (MW,FY,MH) Dar es Salaam Jakarta TANZANIA Surabaya Denpasar Over 12 Over 12 Maputo Darwin MOZAMBIQUE 20K 20K Harare, ZIMBABWE Cairns Key IT Partners Key IT Partners Broome Townsville Victoria Falls, ZIMBABWE Mauritius Hamilton Island Mackay (out of 84) (out of 84) Staff Staff Gaborone, BOTSWANA Windhoek, NAMIBIA Rockhampton Fraser Coast Johannesburg Sunshine Coast Brisbane Durban Gold Coast G ld C Maseru, LESOTHO Ballina Byron Perth Coffs Coast Adelaide Newcastle Port Elizabeth East London Sydney Melbourne Canberra Launceston Hobart Figures per December 2011

  8. Ministry of Science, People First, Performance Now Technology and Innovation Lets get to the actual presentation

  9. Ministry of Science, People First, Performance Now Technology and Innovation The steps that we took in establishing the SoC…. • Find the right resources • Find the business value of your SoC •Get the Sponsors and know your stakeholders • Begin with the end in mind • Begin with the end in mind • Start small • Leverage Leverage • Can pause but keep evolving • “Marketecture”

  10. Ministry of Science, People First, Performance Now Technology and Innovation In any endeavors, we have to have the right 1 resource for the job that meet the following criteria: “Committed to Integrity; Committed to Performance and Committed to Change.” Jeff Immelt CEO GE CEO, GE

  11. Ministry of Science, People First, Performance Now Technology and Innovation “There is no such thing as an IT project there is only business project” project, there is only business project Paul Coby Paul Coby Ex CIO British Airways

  12. Ministry of Science, People First, Performance Now Technology and Innovation “Else… You syok sendiri” di i” Abdul Rahman Mohamed Future CIO

  13. Ministry of Science, People First, Performance Now Technology and Innovation 2 We established the SoC for the airline business…. • Alignment with corporate strategies and Business Transformation Plan (BTP2): • No compromise on safety and security • No compromise on safety and security • Serve Customer, Make Money, Save Money • Compliance with regulatory requirements (local and international) e.g. Anti Trust/Competition Law, Data Privacy, PCI, National Cyber Security Policy (NCSP) y, , y y y ( ) • Increase in IT Outsourcing activity and the need for near realtime transparency

  14. Ministry of Science, People First, Performance Now Technology and Innovation The projects was actually owned by Corporate The projects was actually owned by Corporate 3 Security but funded by IT…. Board Safety and Security Committee Board Safety and Security Committee Management Committee Group IT Corp. CSSHE CSSHE* Services IT Strategy Corporate Security IT Risk Advisory & Governance Service Delivery Services Info/IT Security Risk Mgmt Operations Information Risk & Security Business Assurance Audit & Business SITO*** Security SACC** Advisory Assurance IT Security Corp. Risk & Corp. Security Corp. Security Operations Operations G Governance * Corporate Safety, Security, Health & Environment ** Security Assurance Control Center *** Strategic IT Outsourcing

  15. Ministry of Science, People First, Performance Now Technology and Innovation There are external stakeholders as well…. Board Safety and Security Committee Board Safety and Security Committee Management Committee Group IT Corp. CSSHE* CSSHE Services IT Strategy Corporate Security IT Risk Advisory & Governance Service Delivery Services Info/IT Security Risk Mgmt Operations Information Risk & Security Business Assurance Audit & Business SITO*** Security SACC** Advisory Assurance IT Security Corp. Risk & Corp. Security Corp. Security Operations Operations Governance G * Corporate Safety, Security, Health & Environment ** Security Assurance Control Center *** Strategic IT Outsourcing

  16. Ministry of Science, People First, Performance Now Technology and Innovation O Once we established the business justification, we bli h d h b i j ifi i 4 would envision the end in mind….

  17. Ministry of Science, People First, Performance Now Technology and Innovation This is half of your journey….

  18. Ministry of Science, People First, Performance Now Technology and Innovation We started our journey with a 5 year vision…. PHASE 1 PHASE 1 PHASE 3 PHASE 3 PHASE 4 PHASE 4 PHASE 2 PHASE 2 Assurance and visibility to Optimized for Stakeholder’s Integration to Integration to Business Business Confidence in IT Controls Corporate GRC • Corp Info Security Policy • Policy Alignment • Comprehensive view • Integrate with icy • Information Security Information Security • Link with Corp Security Link with Corp Security • Link dashboard to external/ Link dashboard to external/ corporate corporate Poli Dashboard dashboard service provider GRC framework • Content Security Services • Info Leakage Prevention • IT Compliance Mgmt ess / Tech • Svc Provider assessment • Digital Rights Mgmt • Sec Incident & Event Proce Te • IT Risk Management • IT Risk Management • Identity & Access Mgmt • Identity & Access Mgmt Mgmt Mgmt • IT Assets Mgmt • Info Retention & e- • Threat Vulnerability Mgmt Discovery • Assurance testing People • Awareness: Classroom • Handbook, Video • E-Awareness, Portal • Certification P enefits sults / • Assurance of control • Integration with • Integration of security • Transparency effectiveness corporate security processes and technology • Visibility Be Res • Information Security business objectives • Obtain stakeholder’s visible at Corp. Security confidence

Recommend


More recommend