SlideShare ist ein Scribd-Unternehmen logo

Embedding Security in IT Projects

Als PPTX, PDF herunterladen
Kaali Dass PMP, PhD.
Kaali Dass PMP, PhD.

Security is an important factor in IT project management. This presentation highlights security implications in delivering IT projects by focusing on project management processes, and Software Development Life Cycle. This also highlights how to implement security in Waterfall and Agile delivery methods. In addition, this presentation details delivering quality software by aligning project level strategies with organization’s security strategy and process. Presented on June 2015 at ISSA, Durham, NC, USA.

Business
1 von 21
Embedding Security in IT Projects Dr. Kaali Dass, PMP, PhD. Program Manager Cisco Systems, Inc. June 2015 © 2014-2015 Dr. Kaali Dass
Enterprise IT Security & Maturity…! To Be Hacked!!! Ref: http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014 24 Large Organizations Hacked in 2014
Project Management Institute  Founded in 1969  185 Countries  628,363 PMI Certification Holders  Certifications: PMP, PgMP, CAPM, PfMP, PMI-ACP, PMP-PBA, PMI- RMP, PMI-SP  Chaptered in 1985  14th Largest - Over 2800 Members  Community / Monthly Meetings & Annual Conference  Agile, Leadership, Pharma, Healthcare, Program Mgt, Public Sector NC Chapter Ref: pmi.org
Enterprise Wide IT Projects Large number of Stakeholders Complex Dependencies Multiple Tier Architecture Diverse Technologies In-house development and Vendor Products Open Source Products Lack of Security Awareness Image Ref: http://www.carnegiemuseums.org/
PMI Process Initiation Planning Execution Monitoring and Controlling Closing
About PMI Knowledge Areas Reference: PMBOK Guide 5th Edition Integration Management  Cost Management  Time Management  Scope Management  Risk Management  Human Resource Management  Stakeholder Management  Communications Management  Quality Management  Procurement Management
Project Structure Organization’s Initiatives (Portfolio) Programs Projects 1…N Programs Project 1…N Programs Projects 1..N
Strategy and Planning Programs and Initiatives Projects & Dev Teams IT Security: Organization
IT Security: Projects Initiation Planning Execution Monitoring and Controlling Closing Enterprise Level Review Business and IT Review Infra / Network / Data / Third-party Code and Access Vulnerabilities Lessons Learned
Waterfall Requirements Design Development Testing Implementation Support Delivery Time: Many Months to Years
Agile Manifesto - Values Individuals and Interactions over process and tools Working Software over Comprehensive Documentation Customer Collaboration over Contract Negotiation Responding to Change over Following a Plan Reference: http://agilemanifesto.org/
Agile Product Owner + Scrum Master + Scrum Team Plan and Commit Sprint(s) Demo and Deliver Inspect and Adapt Incremental Capability Continuous Integration Delivered in Weeks Accept Changes Fail Fast, Learn, and Improve
IT Security Layer: IT and Business Business Roles Responsibilities Access Policies Data Retention PCI Compliance SOX and other Privacy Laws Audits & More… IT ACL AuthC / AuthZ Encryption Mobility & IOT Social Media Data Classification Data Access Data at Rest & Transit Virus / Malware Business Continuity & More…
IT Ecosystems, Agility, and Security IAAS / PAAS Semi Automated, Orchestrated, Public / Private Cloud Public Cloud Automated, Elastic, Scalable, Orchestrated Apps / Services PaaS DB VMs Services SaaS Data Centers / Servers Manual Discrete Process Discrete to Continuous Simple to Complex Manual to Automated
Enabling Security in Waterfall Projects Requirements Design Development Testing Implementation Support  Project Plan with Security Focus  Evaluate Third-party Products  Identify and document Security Risks  Business and IT, Internal and External  Security Architecture and design review  Code Review – Automated / Deep Dive  Monitor Risks closely throughout the SDLC and Project life cycle
Enabling Security in Agile Projects  Security Review during Product backlog, and Sprint planning  Definition of Done for Security (Compliance and Security)  Create Security Awareness and training  Automated Code Scan for Security Vulnerabilities  Standardized and Secured Platform  Retrospective after every Sprint specifically for Security
Key Takeaways: Org Level Plan: IT Leadership, IT Security Strategies Prepare: Governance and Policies Predict: Analyze and Predict Prevent: Real time Monitoring, Alerts Security at Project Planning Business & IT collaboration Focus on People, Process, and Technology Security awareness and training Key Takeaways: Project Level
IT Security - Future Plan Predict Prepare Prevent
kdass@cisco.com dassconnect@gmail.com https://www.linkedin.com/in/kaalidass

Empfohlen

Leading Enterprise Wide Projects
Leading Enterprise Wide ProjectsLeading Enterprise Wide Projects
Leading Enterprise Wide Projects
Kaali Dass PMP, PhD.
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWP
Sridhar Karnam
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Peter1020
 
Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and Complexity
NetIQ
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
centralohioissa
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
Mike Spaulding
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
centralohioissa
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
centralohioissa
 

Empfohlen

Leading Enterprise Wide Projects
Leading Enterprise Wide ProjectsLeading Enterprise Wide Projects
Leading Enterprise Wide Projects
Kaali Dass PMP, PhD.
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWP
Sridhar Karnam
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Peter1020
 
Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and Complexity
NetIQ
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
centralohioissa
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
Mike Spaulding
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
centralohioissa
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
centralohioissa
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
centralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
centralohioissa
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)
Zero Science Lab
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT Initiatives
Dell EMC World
 
The Future of Security Architecture Certification
The Future of Security Architecture CertificationThe Future of Security Architecture Certification
The Future of Security Architecture Certification
danb02
 
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Flexera
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...
centralohioissa
 
Cloud Software - Cloud-based System Security
Cloud Software - Cloud-based System SecurityCloud Software - Cloud-based System Security
Cloud Software - Cloud-based System Security
Net at Work
 
MT85 Challenges at the Edge: Dell Edge Gateways
MT85 Challenges at the Edge: Dell Edge GatewaysMT85 Challenges at the Edge: Dell Edge Gateways
MT85 Challenges at the Edge: Dell Edge Gateways
Dell EMC World
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Ignyte Assurance Platform
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaboration
centralohioissa
 
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Flexera
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Flexera
 
Stay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointStay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check Point
MarcoTechnologies
 
Manage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageManage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usage
Citrix
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
Happiest Minds Technologies
 
Интуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнесаИнтуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнеса
Cisco Russia
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
centralohioissa
 
Four Trends of Next Generation ECM
Four Trends of Next Generation ECMFour Trends of Next Generation ECM
Four Trends of Next Generation ECM
John Newton
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 
The BYOD Security Battleground
The BYOD Security BattlegroundThe BYOD Security Battleground
The BYOD Security Battleground
Watchful Software
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
ParishSummer
 

Weitere ähnliche Inhalte

Was ist angesagt?

Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
centralohioissa
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)
Zero Science Lab
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT Initiatives
Dell EMC World
 
The Future of Security Architecture Certification
The Future of Security Architecture CertificationThe Future of Security Architecture Certification
The Future of Security Architecture Certification
danb02
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...
centralohioissa
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Ignyte Assurance Platform
 
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Flexera
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 

Was ist angesagt? (20)

Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT Initiatives
 
The Future of Security Architecture Certification
The Future of Security Architecture CertificationThe Future of Security Architecture Certification
The Future of Security Architecture Certification
 
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...
 
Cloud Software - Cloud-based System Security
Cloud Software - Cloud-based System SecurityCloud Software - Cloud-based System Security
Cloud Software - Cloud-based System Security
 
MT85 Challenges at the Edge: Dell Edge Gateways
MT85 Challenges at the Edge: Dell Edge GatewaysMT85 Challenges at the Edge: Dell Edge Gateways
MT85 Challenges at the Edge: Dell Edge Gateways
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaboration
 
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
 
Stay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointStay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check Point
 
Manage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageManage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usage
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
 
Интуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнесаИнтуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнеса
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
Four Trends of Next Generation ECM
Four Trends of Next Generation ECMFour Trends of Next Generation ECM
Four Trends of Next Generation ECM
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
 

Ähnlich wie Embedding Security in IT Projects

Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
sucesuminas
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
Career Communications Group
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
TrustArc
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
rkadayam
 
general_resume_12 1 linked in
general_resume_12 1 linked ingeneral_resume_12 1 linked in
general_resume_12 1 linked in
John Masiliunas
 

Ähnlich wie Embedding Security in IT Projects (20)

The BYOD Security Battleground
The BYOD Security BattlegroundThe BYOD Security Battleground
The BYOD Security Battleground
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
ITU GATE Startup Acceleration Program Silicon-Valley-Grade IT Strategy - IT a...
ITU GATE Startup Acceleration Program Silicon-Valley-Grade IT Strategy - IT a...ITU GATE Startup Acceleration Program Silicon-Valley-Grade IT Strategy - IT a...
ITU GATE Startup Acceleration Program Silicon-Valley-Grade IT Strategy - IT a...
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365
 
Business value of Enterprise Security Architecture
Business value of Enterprise Security Architecture Business value of Enterprise Security Architecture
Business value of Enterprise Security Architecture
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
 
Enterprise Architecture - Information Security
Enterprise Architecture - Information SecurityEnterprise Architecture - Information Security
Enterprise Architecture - Information Security
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.ppt
 
general_resume_12 1 linked in
general_resume_12 1 linked ingeneral_resume_12 1 linked in
general_resume_12 1 linked in
 
Guardium Suite_seguridad de los datos...
Guardium Suite_seguridad de los datos...Guardium Suite_seguridad de los datos...
Guardium Suite_seguridad de los datos...
 
Silicon Valley Grade IT and Cloud Maturity Assessment for Startup Ecosystem i...
Silicon Valley Grade IT and Cloud Maturity Assessment for Startup Ecosystem i...Silicon Valley Grade IT and Cloud Maturity Assessment for Startup Ecosystem i...
Silicon Valley Grade IT and Cloud Maturity Assessment for Startup Ecosystem i...
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Need
 
David Adams - Linkedin Information Architect Business Analyst - Web / Social ...
David Adams - Linkedin Information Architect Business Analyst - Web / Social ...David Adams - Linkedin Information Architect Business Analyst - Web / Social ...
David Adams - Linkedin Information Architect Business Analyst - Web / Social ...
 
Path Maker Security Presentation
Path Maker Security PresentationPath Maker Security Presentation
Path Maker Security Presentation
 

Mehr von Kaali Dass PMP, PhD.

Next Generation Project Management: Evolving, Transforming and Adapting to th...
Next Generation Project Management: Evolving, Transforming and Adapting to th...Next Generation Project Management: Evolving, Transforming and Adapting to th...
Next Generation Project Management: Evolving, Transforming and Adapting to th...
Kaali Dass PMP, PhD.
 
Critical Success Factors in Leading Healthcare IT Projects
Critical Success Factors in Leading Healthcare IT ProjectsCritical Success Factors in Leading Healthcare IT Projects
Critical Success Factors in Leading Healthcare IT Projects
Kaali Dass PMP, PhD.
 

Mehr von Kaali Dass PMP, PhD. (18)

Effective Delivery Strategies to handle predictable and unpredictable project...
Effective Delivery Strategies to handle predictable and unpredictable project...Effective Delivery Strategies to handle predictable and unpredictable project...
Effective Delivery Strategies to handle predictable and unpredictable project...
 
Delight Your Customers with Four Eyes of Quality: Agile Quality Improvement S...
Delight Your Customers with Four Eyes of Quality: Agile Quality Improvement S...Delight Your Customers with Four Eyes of Quality: Agile Quality Improvement S...
Delight Your Customers with Four Eyes of Quality: Agile Quality Improvement S...
 
Enterprise IT Projects: Agile Release Planning Strategies
Enterprise IT Projects: Agile Release Planning StrategiesEnterprise IT Projects: Agile Release Planning Strategies
Enterprise IT Projects: Agile Release Planning Strategies
 
Level Up Your Skills to Lead IT Projects Successfully
Level Up Your Skills to Lead IT Projects SuccessfullyLevel Up Your Skills to Lead IT Projects Successfully
Level Up Your Skills to Lead IT Projects Successfully
 
Next Generation Project Management: Evolving, Transforming and Adapting to th...
Next Generation Project Management: Evolving, Transforming and Adapting to th...Next Generation Project Management: Evolving, Transforming and Adapting to th...
Next Generation Project Management: Evolving, Transforming and Adapting to th...
 
Critical Success Factors in Leading Healthcare IT Projects
Critical Success Factors in Leading Healthcare IT ProjectsCritical Success Factors in Leading Healthcare IT Projects
Critical Success Factors in Leading Healthcare IT Projects
 
Research to Realworld Projects
Research to Realworld ProjectsResearch to Realworld Projects
Research to Realworld Projects
 
Portfolio Planning in Higher Education Industry
Portfolio Planning in Higher Education IndustryPortfolio Planning in Higher Education Industry
Portfolio Planning in Higher Education Industry
 
Managing Government Projects
Managing Government ProjectsManaging Government Projects
Managing Government Projects
 
Foundational Skills to Lead Enterprise Programs
Foundational Skills to Lead Enterprise ProgramsFoundational Skills to Lead Enterprise Programs
Foundational Skills to Lead Enterprise Programs
 
Leading Transformation Programs in Large / Global Organizations
Leading Transformation Programs in Large / Global OrganizationsLeading Transformation Programs in Large / Global Organizations
Leading Transformation Programs in Large / Global Organizations
 
Building Quality Culture In Agile Software Development
Building Quality Culture In Agile Software DevelopmentBuilding Quality Culture In Agile Software Development
Building Quality Culture In Agile Software Development
 
Quality strategies in Agile Transformation
Quality strategies in Agile TransformationQuality strategies in Agile Transformation
Quality strategies in Agile Transformation
 
Resilience: The Key to Leadership Success
Resilience: The Key to Leadership SuccessResilience: The Key to Leadership Success
Resilience: The Key to Leadership Success
 
Cloud Computing and the Changing IT Model
Cloud Computing and the Changing IT ModelCloud Computing and the Changing IT Model
Cloud Computing and the Changing IT Model
 
Applying Quality to the Project and Product Management Process
Applying Quality to the Project and Product Management ProcessApplying Quality to the Project and Product Management Process
Applying Quality to the Project and Product Management Process
 
Leading through change
Leading through changeLeading through change
Leading through change
 
Building a culture of collaborative innovation
Building a culture of collaborative innovation Building a culture of collaborative innovation
Building a culture of collaborative innovation
 

Kürzlich hochgeladen

Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptx
Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptxBlinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptx
Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptx
Saksham Gupta
 
Inside the Black Box of Venture Capital (VC)
Inside the Black Box of Venture Capital (VC)Inside the Black Box of Venture Capital (VC)
Inside the Black Box of Venture Capital (VC)
Alejandro Cremades
 
zidauu _business communication.pptx /pdf
zidauu _business communication.pptx /pdfzidauu _business communication.pptx /pdf
zidauu _business communication.pptx /pdf
zukhrafshabbir
 
Cracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptxCracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptx
Workforce Group
 
How Do Venture Capitalists Make Decisions?
How Do Venture Capitalists Make Decisions?How Do Venture Capitalists Make Decisions?
How Do Venture Capitalists Make Decisions?
Alejandro Cremades
 

Kürzlich hochgeladen (20)

Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptx
Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptxBlinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptx
Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptx
 
Vendors of country report usefull datass
Vendors of country report usefull datassVendors of country report usefull datass
Vendors of country report usefull datass
 
Inside the Black Box of Venture Capital (VC)
Inside the Black Box of Venture Capital (VC)Inside the Black Box of Venture Capital (VC)
Inside the Black Box of Venture Capital (VC)
 
Understanding UAE Labour Law: Key Points for Employers and Employees
Understanding UAE Labour Law: Key Points for Employers and EmployeesUnderstanding UAE Labour Law: Key Points for Employers and Employees
Understanding UAE Labour Law: Key Points for Employers and Employees
 
zidauu _business communication.pptx /pdf
zidauu _business communication.pptx /pdfzidauu _business communication.pptx /pdf
zidauu _business communication.pptx /pdf
 
Copyright: What Creators and Users of Art Need to Know
Copyright: What Creators and Users of Art Need to KnowCopyright: What Creators and Users of Art Need to Know
Copyright: What Creators and Users of Art Need to Know
 
A Brief Introduction About Jacob Badgett
A Brief Introduction About Jacob BadgettA Brief Introduction About Jacob Badgett
A Brief Introduction About Jacob Badgett
 
MichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdfMichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdf
 
Potato Flakes Manufacturing Plant Project Report.pdf
Potato Flakes Manufacturing Plant Project Report.pdfPotato Flakes Manufacturing Plant Project Report.pdf
Potato Flakes Manufacturing Plant Project Report.pdf
 
Salesforce Loyalty Management A Comprehensive.pdf
Salesforce Loyalty Management A Comprehensive.pdfSalesforce Loyalty Management A Comprehensive.pdf
Salesforce Loyalty Management A Comprehensive.pdf
 
Cracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptxCracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptx
 
Unleash Data Power with EnFuse Solutions' Comprehensive Data Management Servi...
Unleash Data Power with EnFuse Solutions' Comprehensive Data Management Servi...Unleash Data Power with EnFuse Solutions' Comprehensive Data Management Servi...
Unleash Data Power with EnFuse Solutions' Comprehensive Data Management Servi...
 
How Do Venture Capitalists Make Decisions?
How Do Venture Capitalists Make Decisions?How Do Venture Capitalists Make Decisions?
How Do Venture Capitalists Make Decisions?
 
Unveiling the Dynamic Gemini_ Personality Traits and Sign Dates.pptx
Unveiling the Dynamic Gemini_ Personality Traits and Sign Dates.pptxUnveiling the Dynamic Gemini_ Personality Traits and Sign Dates.pptx
Unveiling the Dynamic Gemini_ Personality Traits and Sign Dates.pptx
 
How to refresh to be fit for the future world
How to refresh to be fit for the future worldHow to refresh to be fit for the future world
How to refresh to be fit for the future world
 
Special Purpose Vehicle (Purpose, Formation & examples)
Special Purpose Vehicle (Purpose, Formation & examples)Special Purpose Vehicle (Purpose, Formation & examples)
Special Purpose Vehicle (Purpose, Formation & examples)
 
Pitch Deck Teardown: Terra One's $7.5m Seed deck
Pitch Deck Teardown: Terra One's $7.5m Seed deckPitch Deck Teardown: Terra One's $7.5m Seed deck
Pitch Deck Teardown: Terra One's $7.5m Seed deck
 
The Ultimate Guide to IPTV App Development Process_ Step-By-Step Instructions
The Ultimate Guide to IPTV App Development Process_ Step-By-Step InstructionsThe Ultimate Guide to IPTV App Development Process_ Step-By-Step Instructions
The Ultimate Guide to IPTV App Development Process_ Step-By-Step Instructions
 
LinkedIn Masterclass Techweek 2024 v4.1.pptx
LinkedIn Masterclass Techweek 2024 v4.1.pptxLinkedIn Masterclass Techweek 2024 v4.1.pptx
LinkedIn Masterclass Techweek 2024 v4.1.pptx
 
HAL Financial Performance Analysis and Future Prospects
HAL Financial Performance Analysis and Future ProspectsHAL Financial Performance Analysis and Future Prospects
HAL Financial Performance Analysis and Future Prospects
 

Embedding Security in IT Projects

  • 1. Embedding Security in IT Projects Dr. Kaali Dass, PMP, PhD. Program Manager Cisco Systems, Inc. June 2015 © 2014-2015 Dr. Kaali Dass
  • 2. Enterprise IT Security & Maturity…! To Be Hacked!!! Ref: http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014 24 Large Organizations Hacked in 2014
  • 3.
  • 4. Project Management Institute  Founded in 1969  185 Countries  628,363 PMI Certification Holders  Certifications: PMP, PgMP, CAPM, PfMP, PMI-ACP, PMP-PBA, PMI- RMP, PMI-SP  Chaptered in 1985  14th Largest - Over 2800 Members  Community / Monthly Meetings & Annual Conference  Agile, Leadership, Pharma, Healthcare, Program Mgt, Public Sector NC Chapter Ref: pmi.org
  • 5. Enterprise Wide IT Projects Large number of Stakeholders Complex Dependencies Multiple Tier Architecture Diverse Technologies In-house development and Vendor Products Open Source Products Lack of Security Awareness Image Ref: http://www.carnegiemuseums.org/
  • 6. PMI Process Initiation Planning Execution Monitoring and Controlling Closing
  • 7. About PMI Knowledge Areas Reference: PMBOK Guide 5th Edition Integration Management  Cost Management  Time Management  Scope Management  Risk Management  Human Resource Management  Stakeholder Management  Communications Management  Quality Management  Procurement Management
  • 8. Project Structure Organization’s Initiatives (Portfolio) Programs Projects 1…N Programs Project 1…N Programs Projects 1..N
  • 9.
  • 10. Strategy and Planning Programs and Initiatives Projects & Dev Teams IT Security: Organization
  • 11. IT Security: Projects Initiation Planning Execution Monitoring and Controlling Closing Enterprise Level Review Business and IT Review Infra / Network / Data / Third-party Code and Access Vulnerabilities Lessons Learned
  • 13. Agile Manifesto - Values Individuals and Interactions over process and tools Working Software over Comprehensive Documentation Customer Collaboration over Contract Negotiation Responding to Change over Following a Plan Reference: http://agilemanifesto.org/
  • 14. Agile Product Owner + Scrum Master + Scrum Team Plan and Commit Sprint(s) Demo and Deliver Inspect and Adapt Incremental Capability Continuous Integration Delivered in Weeks Accept Changes Fail Fast, Learn, and Improve
  • 15. IT Security Layer: IT and Business Business Roles Responsibilities Access Policies Data Retention PCI Compliance SOX and other Privacy Laws Audits & More… IT ACL AuthC / AuthZ Encryption Mobility & IOT Social Media Data Classification Data Access Data at Rest & Transit Virus / Malware Business Continuity & More…
  • 16. IT Ecosystems, Agility, and Security IAAS / PAAS Semi Automated, Orchestrated, Public / Private Cloud Public Cloud Automated, Elastic, Scalable, Orchestrated Apps / Services PaaS DB VMs Services SaaS Data Centers / Servers Manual Discrete Process Discrete to Continuous Simple to Complex Manual to Automated
  • 17. Enabling Security in Waterfall Projects Requirements Design Development Testing Implementation Support  Project Plan with Security Focus  Evaluate Third-party Products  Identify and document Security Risks  Business and IT, Internal and External  Security Architecture and design review  Code Review – Automated / Deep Dive  Monitor Risks closely throughout the SDLC and Project life cycle
  • 18. Enabling Security in Agile Projects  Security Review during Product backlog, and Sprint planning  Definition of Done for Security (Compliance and Security)  Create Security Awareness and training  Automated Code Scan for Security Vulnerabilities  Standardized and Secured Platform  Retrospective after every Sprint specifically for Security
  • 19. Key Takeaways: Org Level Plan: IT Leadership, IT Security Strategies Prepare: Governance and Policies Predict: Analyze and Predict Prevent: Real time Monitoring, Alerts Security at Project Planning Business & IT collaboration Focus on People, Process, and Technology Security awareness and training Key Takeaways: Project Level
  • 20. IT Security - Future Plan Predict Prepare Prevent

Hinweis der Redaktion

  1. http://map.ipviking.com/
  2. http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014
  3. Map.ipviking.com