SlideShare ist ein Scribd-Unternehmen logo

Introduction Sebyde BV | Security Testing | Security Awareness | Secure Development

Als PPTX, PDF herunterladen
Derk Yntema
Derk Yntema
Technologie
1 von 17
SEBYDE Short introduction Secure By Design
Who are we? > SEBYDE (se-bee-de) – Secure by Design > IBM Certified Business Partner > Specialised in: – Security Assessments • Application security scans • Network + Systems – Security Awareness • Change of behaviour and motivation • Security Awareness program © Sebyde BV © 2013 Sebyde BV
Focus of hackers changed From Infrastructure To Applications © Sebyde BV © 2013 Sebyde BV
Reality … > 60-80% of Web applications / Websites have at least one weak security point (vulnerability). > 75% of all hacks are targeted at Web applications / Websites > IBM’s X-Force Report March 2013: 43% of all security issues are caused by Web applications. > 81% of the Web applications do not comply to the PCI DSS regulation (Payment Card Industry). > IDC Research: 25% of all companies are “exploited” via a weak spot in the Web Application security. > Unaware users are infected by websites with “Malware”. > Google : >2 Million search requests per month “How to hack”, “Download hacking tools” and related information. © Sebyde BV © 2013 Sebyde BV
Damage > Theft – Information – Privacy sensitive information – money > System failure – Application not available – Loss of business – DDOS > Repair costs – Software – Information > Reputation – Customer trust – News / media – Costs: ???? – Indirect (ISP) > Fines – EU Privacy act – CBP © Sebyde BV © 2013 Sebyde BV
But still … Security Spendings % of attacks % of Budget Web Applications 75% 75% 10% 10% 90% Network Server Infrastructure 25% © Sebyde BV © 2013 Sebyde BV
The solution: Secure by Design > Prevent weaknesses in the IT security by taking the security aspects into account at the building /programming phase of applications. > Designers and programmers should assume that applications will be attacked immediately after they have been taken into use. > Software Security is an integral part of the development process. © Sebyde BV © 2013 Sebyde BV
Loss of customer trust Law suits Reputation damage Repair costs Fines Test Early Production phase At an incident Early testing safes money. 80% of the development costs are spent at problem solving of applications. Solving vulnerability issues in an application that has already been taken into use costs 100 times more than solving the issues in the development phase. 100x Deployment phase Dynamic testing 15x Test phase Acceptance testing 6,5 x Development Static testing 1x Design Secure by Design © Sebyde BV © 2013 Sebyde BV
Sebyde Services Secure By Design
Sebyde Services Security Scan Secure Development (Reseller) Security Awareness Security Assessments © Sebyde BV © 2013 Sebyde BV
1. Security Scan > Scan your web application(s) for 1400+ exploits > We use a specialised tool, IBM Security Appscan® > We deliver clear reports of the weak security points (vulnerabilities) in the application and an advise how to repair them > Support during the repair of the source code > Fast result > 3 days (Full scan) > 1 day (Vital Few scan) > One-time, subscription © Sebyde BV © 2013 Sebyde BV
2. Secure development Outsourced Audits In-House Audits Development Integration Enterprise Sebyde Security Scan IBM Security Appscan® Standard IBM Security Appscan® Source IBM Security Appscan® Enterprise Dynamic Analysis Software Testing (DAST) or black-box testing of your web application. Can run from a desktop. Used by organisation that want to scan the web applications themselves. For web and non web applications. Static Analysis Software testing (SAST) or whitebox testing to find vulnerabilities in the source code. For example to extend your QA testing procedures. A multi-user environment where multiple scans take place at the same time. It offers a dashboard and consolidated reporting environment. Enables organisations to centrally manage the secure coding performance. IBM Security Appscan® OnDemand SAAS version of IBM Security Appscan® Meant for organisations that are not able or do not want to build up their own testing expertise. The audit is performed by external experts. Either in-house by Sebyde or in the cloud by IBM expert teams. © Sebyde BV © 2013 Sebyde BV
3. Security Awareness Training > 2-3 half-day sessions > Increase security awareness > Make people aware of the risks and dangers of working with information systems and (confidential) company data. > Explanation of many security-related facts that can disturb the business processes > Recognise possible risks > What to do when an incident occurs > Stimulates secure behaviour > Take security aspects into account during the daily activities © Sebyde BV © 2013 Sebyde BV
Specialised Security training Code Titel Duur CEH EC-Council Certified Ethical Hacker 5 days CHFI EC-Council Computer Hacking Forensic Investigator 5 days ECSA-LPT EC Council Security Analyst & Licensed Penetration Tester 5 days ECSP EC-Council Certified Secure Programmer 5 days EDRP EC-Council Disaster Recovery Professional 5 days ENSA EC-Council Network Security Administrator 5 days GK9840 CISSP Certification Preparation 5 days ISO27002F ISO 27002 Foundation (incl. exam ISFS) 2 days ISO27002A ISO 27002 Advanced (incl. exam ISMAS) 3 days These trainings by Global Knowledge © Sebyde BV © 2013 Sebyde BV
4. Security Assessments > Quick Assessment – Company-wide general assessment of the ICT Security > Privacy Impact Assessment – Assessment of security measures at projects and systems that process personal data (privacy sensitive data) > Network Assessment – Penetration test – Open ports, leaks and vulnerable software > System Assessment – Configuration and settings – Physical infrastructure, Services, Software, BIOS, Operating System, etc. © Sebyde BV © 2013 Sebyde BV
Overview Sebyde services People Security Awareness • Management • Employee • Developers Sebyde Secure by Design Proces Security assessment Secure Development Software testing Technique Software services © Sebyde BV © 2013 Sebyde BV
Thanks! If you have any questions, please do not hesitate to contact us! Rob Koch (rob.koch@sebyde.nl) Derk Yntema (derk.yntema@sebyde.nl)

Empfohlen

Cybersecurity on Business Resilience
Cybersecurity on Business ResilienceCybersecurity on Business Resilience
Cybersecurity on Business ResiliencePECB
 
Data Consult - Managed Security Services
Data Consult - Managed Security ServicesData Consult - Managed Security Services
Data Consult - Managed Security ServicesJad Bejjani
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security BenchmarkRahul Khengare
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security TestingPECB
 
Security Essentials
Security EssentialsSecurity Essentials
Security EssentialsAshley Deuble
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
Solving the cybersecurity capacity problem
Solving the cybersecurity capacity problemSolving the cybersecurity capacity problem
Solving the cybersecurity capacity problemNathan Burke
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 

Empfohlen

Cybersecurity on Business Resilience
Cybersecurity on Business ResilienceCybersecurity on Business Resilience
Cybersecurity on Business ResiliencePECB
 
Data Consult - Managed Security Services
Data Consult - Managed Security ServicesData Consult - Managed Security Services
Data Consult - Managed Security ServicesJad Bejjani
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security BenchmarkRahul Khengare
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security TestingPECB
 
Security Essentials
Security EssentialsSecurity Essentials
Security EssentialsAshley Deuble
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
Solving the cybersecurity capacity problem
Solving the cybersecurity capacity problemSolving the cybersecurity capacity problem
Solving the cybersecurity capacity problemNathan Burke
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
ImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePageImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePageAlisa Alvich
 
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...DevOps Indonesia
 
Check Point SMB Proposition
Check Point SMB PropositionCheck Point SMB Proposition
Check Point SMB PropositionGroup of company MUK
 
Outpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24
 
Microsoft Word Morningstar Rfp Security Assessment 2008 V2 1
Microsoft Word Morningstar Rfp Security Assessment 2008 V2 1Microsoft Word Morningstar Rfp Security Assessment 2008 V2 1
Microsoft Word Morningstar Rfp Security Assessment 2008 V2 1Todd Petty
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroSkycure
 
Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24
 
Outpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security failEnclaveSecurity
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
20161021 JS Cybersecurity Service Proposal
20161021 JS Cybersecurity Service Proposal20161021 JS Cybersecurity Service Proposal
20161021 JS Cybersecurity Service ProposalCarl Bradley Pate
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALCYBER SENSE
 
Alert Logic - Corporate Overview
Alert Logic - Corporate OverviewAlert Logic - Corporate Overview
Alert Logic - Corporate Overviewbmiller144
 
Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24
 
第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンス第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンスchomchana trevai
 
Challenges of Vulnerability Management
Challenges of Vulnerability Management Challenges of Vulnerability Management
Challenges of Vulnerability ManagementRahul Neel Mani
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxControlCase
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...IBM Security
 

Weitere ähnliche Inhalte

Was ist angesagt?

ImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePageImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePageAlisa Alvich
 
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...DevOps Indonesia
 
Outpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24
 
Microsoft Word Morningstar Rfp Security Assessment 2008 V2 1
Microsoft Word Morningstar Rfp Security Assessment 2008 V2 1Microsoft Word Morningstar Rfp Security Assessment 2008 V2 1
Microsoft Word Morningstar Rfp Security Assessment 2008 V2 1Todd Petty
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroSkycure
 
Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24
 
Outpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security failEnclaveSecurity
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
20161021 JS Cybersecurity Service Proposal
20161021 JS Cybersecurity Service Proposal20161021 JS Cybersecurity Service Proposal
20161021 JS Cybersecurity Service ProposalCarl Bradley Pate
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALCYBER SENSE
 
Alert Logic - Corporate Overview
Alert Logic - Corporate OverviewAlert Logic - Corporate Overview
Alert Logic - Corporate Overviewbmiller144
 
Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24
 
第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンス第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンスchomchana trevai
 
Challenges of Vulnerability Management
Challenges of Vulnerability Management Challenges of Vulnerability Management
Challenges of Vulnerability ManagementRahul Neel Mani
 

Was ist angesagt? (20)

ImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePageImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePage
 
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
 
Check Point SMB Proposition
Check Point SMB PropositionCheck Point SMB Proposition
Check Point SMB Proposition
 
Outpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust model
 
Microsoft Word Morningstar Rfp Security Assessment 2008 V2 1
Microsoft Word Morningstar Rfp Security Assessment 2008 V2 1Microsoft Word Morningstar Rfp Security Assessment 2008 V2 1
Microsoft Word Morningstar Rfp Security Assessment 2008 V2 1
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security Superhero
 
Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security
 
Outpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessments
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security fail
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
 
20161021 JS Cybersecurity Service Proposal
20161021 JS Cybersecurity Service Proposal20161021 JS Cybersecurity Service Proposal
20161021 JS Cybersecurity Service Proposal
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSAL
 
Alert Logic - Corporate Overview
Alert Logic - Corporate OverviewAlert Logic - Corporate Overview
Alert Logic - Corporate Overview
 
Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk score
 
第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンス第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンス
 
Challenges of Vulnerability Management
Challenges of Vulnerability Management Challenges of Vulnerability Management
Challenges of Vulnerability Management
 

Ähnlich wie Introduction Sebyde BV | Security Testing | Security Awareness | Secure Development

Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxControlCase
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...IBM Security
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Automating Your Tools: How to Free Up Your Security Professionals for Actual ...
Automating Your Tools: How to Free Up Your Security Professionals for Actual ...Automating Your Tools: How to Free Up Your Security Professionals for Actual ...
Automating Your Tools: How to Free Up Your Security Professionals for Actual ...Kevin Fealey
 
Five critical conditions to maximizing security intelligence investments
Five critical conditions to maximizing security intelligence investmentsFive critical conditions to maximizing security intelligence investments
Five critical conditions to maximizing security intelligence investmentsIBM Security
 
Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowNarola Infotech
 
Integrated Security for Software Development and Advanced Penetration Testing...
Integrated Security for Software Development and Advanced Penetration Testing...Integrated Security for Software Development and Advanced Penetration Testing...
Integrated Security for Software Development and Advanced Penetration Testing...Symptai Consulting Limited
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperMohd Anwar Jamal Faiz
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsSolarWinds
 
Comparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment ToolsComparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment ToolsIRJET Journal
 
Implementing Robust Cybersecurity Measures in IT Infrastructures
Implementing Robust Cybersecurity Measures in IT InfrastructuresImplementing Robust Cybersecurity Measures in IT Infrastructures
Implementing Robust Cybersecurity Measures in IT InfrastructuresVRS Technologies
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Rightpvanwoud
 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramMichael Davis
 
Insecurity in security products 2013
Insecurity in security products 2013Insecurity in security products 2013
Insecurity in security products 2013DaveEdwards12
 
Why current security solutions fail
Why current security solutions failWhy current security solutions fail
Why current security solutions failDaveEdwards12
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101 Wade Malone
 
ALM and DevOps in the health industry
ALM and DevOps in the health industryALM and DevOps in the health industry
ALM and DevOps in the health industryAgile Partner S.A.
 

Ähnlich wie Introduction Sebyde BV | Security Testing | Security Awareness | Secure Development (20)

Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
2022-security-plan-template.pptx
2022-security-plan-template.pptx2022-security-plan-template.pptx
2022-security-plan-template.pptx
 
Automating Your Tools: How to Free Up Your Security Professionals for Actual ...
Automating Your Tools: How to Free Up Your Security Professionals for Actual ...Automating Your Tools: How to Free Up Your Security Professionals for Actual ...
Automating Your Tools: How to Free Up Your Security Professionals for Actual ...
 
Five critical conditions to maximizing security intelligence investments
Five critical conditions to maximizing security intelligence investmentsFive critical conditions to maximizing security intelligence investments
Five critical conditions to maximizing security intelligence investments
 
Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should Know
 
Integrated Security for Software Development and Advanced Penetration Testing...
Integrated Security for Software Development and Advanced Penetration Testing...Integrated Security for Software Development and Advanced Penetration Testing...
Integrated Security for Software Development and Advanced Penetration Testing...
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White Paper
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
 
Agile and Secure Development
Agile and Secure DevelopmentAgile and Secure Development
Agile and Secure Development
 
Comparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment ToolsComparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment Tools
 
Implementing Robust Cybersecurity Measures in IT Infrastructures
Implementing Robust Cybersecurity Measures in IT InfrastructuresImplementing Robust Cybersecurity Measures in IT Infrastructures
Implementing Robust Cybersecurity Measures in IT Infrastructures
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit Program
 
Insecurity in security products 2013
Insecurity in security products 2013Insecurity in security products 2013
Insecurity in security products 2013
 
Why current security solutions fail
Why current security solutions failWhy current security solutions fail
Why current security solutions fail
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101
 
ALM and DevOps in the health industry
ALM and DevOps in the health industryALM and DevOps in the health industry
ALM and DevOps in the health industry
 

Mehr von Derk Yntema

Sebyde Nieuwsbrief #12
Sebyde Nieuwsbrief #12Sebyde Nieuwsbrief #12
Sebyde Nieuwsbrief #12Derk Yntema
 
Notariaat magazine juni 2015
Notariaat magazine juni 2015Notariaat magazine juni 2015
Notariaat magazine juni 2015Derk Yntema
 
Members magazine q2 2015
Members magazine q2 2015Members magazine q2 2015
Members magazine q2 2015Derk Yntema
 
Members magazine q1 2015
Members magazine q1 2015Members magazine q1 2015
Members magazine q1 2015Derk Yntema
 
Bent u bestand tegen digitale inbraken
Bent u bestand tegen digitale inbrakenBent u bestand tegen digitale inbraken
Bent u bestand tegen digitale inbrakenDerk Yntema
 
Nieuwsbrief #8 Sebyde Academy: 10 vuistregels voor cybersecurity
Nieuwsbrief #8 Sebyde Academy: 10 vuistregels voor cybersecurityNieuwsbrief #8 Sebyde Academy: 10 vuistregels voor cybersecurity
Nieuwsbrief #8 Sebyde Academy: 10 vuistregels voor cybersecurityDerk Yntema
 
Ponemon institute: 2014 cost of a data breach
Ponemon institute: 2014 cost of a data breachPonemon institute: 2014 cost of a data breach
Ponemon institute: 2014 cost of a data breachDerk Yntema
 
Sebyde Nieuwsbrief #3, februari 2014
Sebyde Nieuwsbrief #3, februari 2014Sebyde Nieuwsbrief #3, februari 2014
Sebyde Nieuwsbrief #3, februari 2014Derk Yntema
 
Sebyde Nieuwsbrief #1, december 2013
Sebyde Nieuwsbrief #1, december 2013Sebyde Nieuwsbrief #1, december 2013
Sebyde Nieuwsbrief #1, december 2013Derk Yntema
 
Infographic web site security testen
Infographic web site security testenInfographic web site security testen
Infographic web site security testenDerk Yntema
 
ZON Presentatie 8 oktober
ZON Presentatie 8 oktoberZON Presentatie 8 oktober
ZON Presentatie 8 oktoberDerk Yntema
 
Presentatie php benelux groep
Presentatie php benelux groepPresentatie php benelux groep
Presentatie php benelux groepDerk Yntema
 
Introductie Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introductie Sebyde BV | Security Testing | Security Awareness | Secure Devel...Introductie Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introductie Sebyde BV | Security Testing | Security Awareness | Secure Devel...Derk Yntema
 

Mehr von Derk Yntema (14)

Sebyde Nieuwsbrief #12
Sebyde Nieuwsbrief #12Sebyde Nieuwsbrief #12
Sebyde Nieuwsbrief #12
 
Nieuwsbrief #11
Nieuwsbrief #11Nieuwsbrief #11
Nieuwsbrief #11
 
Notariaat magazine juni 2015
Notariaat magazine juni 2015Notariaat magazine juni 2015
Notariaat magazine juni 2015
 
Members magazine q2 2015
Members magazine q2 2015Members magazine q2 2015
Members magazine q2 2015
 
Members magazine q1 2015
Members magazine q1 2015Members magazine q1 2015
Members magazine q1 2015
 
Bent u bestand tegen digitale inbraken
Bent u bestand tegen digitale inbrakenBent u bestand tegen digitale inbraken
Bent u bestand tegen digitale inbraken
 
Nieuwsbrief #8 Sebyde Academy: 10 vuistregels voor cybersecurity
Nieuwsbrief #8 Sebyde Academy: 10 vuistregels voor cybersecurityNieuwsbrief #8 Sebyde Academy: 10 vuistregels voor cybersecurity
Nieuwsbrief #8 Sebyde Academy: 10 vuistregels voor cybersecurity
 
Ponemon institute: 2014 cost of a data breach
Ponemon institute: 2014 cost of a data breachPonemon institute: 2014 cost of a data breach
Ponemon institute: 2014 cost of a data breach
 
Sebyde Nieuwsbrief #3, februari 2014
Sebyde Nieuwsbrief #3, februari 2014Sebyde Nieuwsbrief #3, februari 2014
Sebyde Nieuwsbrief #3, februari 2014
 
Sebyde Nieuwsbrief #1, december 2013
Sebyde Nieuwsbrief #1, december 2013Sebyde Nieuwsbrief #1, december 2013
Sebyde Nieuwsbrief #1, december 2013
 
Infographic web site security testen
Infographic web site security testenInfographic web site security testen
Infographic web site security testen
 
ZON Presentatie 8 oktober
ZON Presentatie 8 oktoberZON Presentatie 8 oktober
ZON Presentatie 8 oktober
 
Presentatie php benelux groep
Presentatie php benelux groepPresentatie php benelux groep
Presentatie php benelux groep
 
Introductie Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introductie Sebyde BV | Security Testing | Security Awareness | Secure Devel...Introductie Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introductie Sebyde BV | Security Testing | Security Awareness | Secure Devel...
 

Kürzlich hochgeladen

Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Kürzlich hochgeladen (20)

Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

Introduction Sebyde BV | Security Testing | Security Awareness | Secure Development

  • 2. Who are we? > SEBYDE (se-bee-de) – Secure by Design > IBM Certified Business Partner > Specialised in: – Security Assessments • Application security scans • Network + Systems – Security Awareness • Change of behaviour and motivation • Security Awareness program © Sebyde BV © 2013 Sebyde BV
  • 3. Focus of hackers changed From Infrastructure To Applications © Sebyde BV © 2013 Sebyde BV
  • 4. Reality … > 60-80% of Web applications / Websites have at least one weak security point (vulnerability). > 75% of all hacks are targeted at Web applications / Websites > IBM’s X-Force Report March 2013: 43% of all security issues are caused by Web applications. > 81% of the Web applications do not comply to the PCI DSS regulation (Payment Card Industry). > IDC Research: 25% of all companies are “exploited” via a weak spot in the Web Application security. > Unaware users are infected by websites with “Malware”. > Google : >2 Million search requests per month “How to hack”, “Download hacking tools” and related information. © Sebyde BV © 2013 Sebyde BV
  • 5. Damage > Theft – Information – Privacy sensitive information – money > System failure – Application not available – Loss of business – DDOS > Repair costs – Software – Information > Reputation – Customer trust – News / media – Costs: ???? – Indirect (ISP) > Fines – EU Privacy act – CBP © Sebyde BV © 2013 Sebyde BV
  • 6. But still … Security Spendings % of attacks % of Budget Web Applications 75% 75% 10% 10% 90% Network Server Infrastructure 25% © Sebyde BV © 2013 Sebyde BV
  • 7. The solution: Secure by Design > Prevent weaknesses in the IT security by taking the security aspects into account at the building /programming phase of applications. > Designers and programmers should assume that applications will be attacked immediately after they have been taken into use. > Software Security is an integral part of the development process. © Sebyde BV © 2013 Sebyde BV
  • 8. Loss of customer trust Law suits Reputation damage Repair costs Fines Test Early Production phase At an incident Early testing safes money. 80% of the development costs are spent at problem solving of applications. Solving vulnerability issues in an application that has already been taken into use costs 100 times more than solving the issues in the development phase. 100x Deployment phase Dynamic testing 15x Test phase Acceptance testing 6,5 x Development Static testing 1x Design Secure by Design © Sebyde BV © 2013 Sebyde BV
  • 11. 1. Security Scan > Scan your web application(s) for 1400+ exploits > We use a specialised tool, IBM Security Appscan® > We deliver clear reports of the weak security points (vulnerabilities) in the application and an advise how to repair them > Support during the repair of the source code > Fast result > 3 days (Full scan) > 1 day (Vital Few scan) > One-time, subscription © Sebyde BV © 2013 Sebyde BV
  • 12. 2. Secure development Outsourced Audits In-House Audits Development Integration Enterprise Sebyde Security Scan IBM Security Appscan® Standard IBM Security Appscan® Source IBM Security Appscan® Enterprise Dynamic Analysis Software Testing (DAST) or black-box testing of your web application. Can run from a desktop. Used by organisation that want to scan the web applications themselves. For web and non web applications. Static Analysis Software testing (SAST) or whitebox testing to find vulnerabilities in the source code. For example to extend your QA testing procedures. A multi-user environment where multiple scans take place at the same time. It offers a dashboard and consolidated reporting environment. Enables organisations to centrally manage the secure coding performance. IBM Security Appscan® OnDemand SAAS version of IBM Security Appscan® Meant for organisations that are not able or do not want to build up their own testing expertise. The audit is performed by external experts. Either in-house by Sebyde or in the cloud by IBM expert teams. © Sebyde BV © 2013 Sebyde BV
  • 13. 3. Security Awareness Training > 2-3 half-day sessions > Increase security awareness > Make people aware of the risks and dangers of working with information systems and (confidential) company data. > Explanation of many security-related facts that can disturb the business processes > Recognise possible risks > What to do when an incident occurs > Stimulates secure behaviour > Take security aspects into account during the daily activities © Sebyde BV © 2013 Sebyde BV
  • 14. Specialised Security training Code Titel Duur CEH EC-Council Certified Ethical Hacker 5 days CHFI EC-Council Computer Hacking Forensic Investigator 5 days ECSA-LPT EC Council Security Analyst & Licensed Penetration Tester 5 days ECSP EC-Council Certified Secure Programmer 5 days EDRP EC-Council Disaster Recovery Professional 5 days ENSA EC-Council Network Security Administrator 5 days GK9840 CISSP Certification Preparation 5 days ISO27002F ISO 27002 Foundation (incl. exam ISFS) 2 days ISO27002A ISO 27002 Advanced (incl. exam ISMAS) 3 days These trainings by Global Knowledge © Sebyde BV © 2013 Sebyde BV
  • 15. 4. Security Assessments > Quick Assessment – Company-wide general assessment of the ICT Security > Privacy Impact Assessment – Assessment of security measures at projects and systems that process personal data (privacy sensitive data) > Network Assessment – Penetration test – Open ports, leaks and vulnerable software > System Assessment – Configuration and settings – Physical infrastructure, Services, Software, BIOS, Operating System, etc. © Sebyde BV © 2013 Sebyde BV
  • 16. Overview Sebyde services People Security Awareness • Management • Employee • Developers Sebyde Secure by Design Proces Security assessment Secure Development Software testing Technique Software services © Sebyde BV © 2013 Sebyde BV
  • 17. Thanks! If you have any questions, please do not hesitate to contact us! Rob Koch (rob.koch@sebyde.nl) Derk Yntema (derk.yntema@sebyde.nl)