Security as a Service – Category and Threat Definitions

We are currently in phase one of producing the Security as a Service guidance documentation;

–          Agreeing and documenting categories of service and their definitions

–          Agreeing and documenting categories of threats and their definitions

So far the top five categories of service are;

    1. IAM
    2. DLP
    3. Secure Web Gateway
    4. Vulnerability Assessments
    5. Pen Testing
    6. Intrusion Detection
    7. Encryption
    8. Log Management

With several further categories in the mix.  We will be looking to consolidate the above categories and the others identified into sensible easy to understand groupings.   For example it is likely that ‘vulnerability assessment’ and ‘pen testing’ will be a single category.

The top categories of threat identified are currently;

    1. Data Loss Leakage
    2. Traffic Hijacking
    3. Unauthorized Access
    4. Denial of Service
    5. Application Vulnerabilities

With about forty further ideas being assessed in the same way as for categories of service.

Should you have any ideas please do let me know either by posting a comment on this blog or by mailing me on LinkedIn, any assistance is greatly welcomed!

K

 

Cloud Security as a Service RSA conference presentation

An overview of the Cloud Security as a Service (SecaaS) working group goals, outputs and proposed timeline was presented at the RSA conference on the 14th of February.  His has been recorded for prosperity and uploaded to YouTube.  The presentation can be found here;

http://www.youtube.com/watch?v=fzejQuSR_xU

This gives a great update on one of the things I’ll be working on during the next few months.  Check the video out, fell free to ask me any questions you have, and of course if interested get involved and provide feedback via the surveys mentioned in the presentation.

K