The Delivery of Managed Security Services
- When?
- Friday 25 February 2011, 10:00 to 12:00
- Where?
- 39BB02
- Open to:
- Staff, Students
- Speaker:
- Mr Tony Dyhouse, Principal Cyber Security Consultant, QinetiQ
The second in the Technologies and Applications seminar series, presented by Tony Dyhouse.
Tony Dyhouse will discuss some standards applicable to the fields of Information Assurance and Service Delivery; illustrating areas of commonality with regard to aim and approach. Different mechanisms for the protection of CIA will be discussed from a point of view of risk transference and third party provision of services, including a look at potential conflict of interest and how that can be addressed. Finally, a view on advancing technology and Cloud services.
Presentation Outline
Standards in both worlds
· A cursory glance at some of the British and International standards that apply to Service Delivery and to Information Security.
· The aims of the standards, and where there is commonality in that aim.
· MSP v MSSP
Confidentiality
· Considerations and mechanisms for protecting Confidentiality
· Pertinent Questions to ask an MSSP
Integrity
· Considerations and mechanisms for protecting Integrity
· Pertinent Questions to ask an MSSP
Availability
· Considerations and mechanisms for protecting Availability
· Pertinent Questions to ask an MSSP
Guarding the Guard
· The conflict of interest problem
· Mechanism for tri-partite relationship
· CESG Memo 37
The Cloud
· Business drivers and advantages
· Service considerations
Tony Dyhouse is Principal Cyber Security Consultant of the Cyber Security programme within the Digital Systems Knowledge Transfer Network. He’s employed by QinetiQ and works within their Information Risk Management department. He provides consultancy in all areas of Information Security, specialising in protective monitoring, intrusion detection, penetration testing, incident response and forensic investigations. His team specialises in the delivery of accreditation services, system architecture reviews and information assurance audits across government and Critical National Infrastructure organisations as well as private sector.
Tony’s career spans over 25 years in the IT industry and includes experience in SCADA, telemetry, the operational management of WANs and LANs as well as security technologies. He has been instrumental in the adoption of ITIL compliant service delivery for many security related services. His work has been applied to public and private sectors and Tony is a great advocate of fostering better communication and cooperation between these sectors within the UK. With this in mind he participates in several forums and working groups relating to the threats, old and new, faced by a converging world.
Tony is also a qualified hypnotist and can be great fun at parties.