SlideShare ist ein Scribd-Unternehmen logo

Introduction to Cybersecurity

K
Krutarth Vasavada

Introduction to various areas of Cybersecurity and Information Security. Presented to the engineering graduate students of Atmiya University.

Software
1 von 23
Downloaden Sie, um offline zu lesen
Cybersecurity Presented to ATMIYA University
Krutarth Vasavada • B.E. (Electronics and Communication), AITS 2002- 06 • M.S. (Computer Engineering), San Jose State University, California, US • Certified Cloud Security Professional, ISC2 • 13+ Years into Software Product Development, Cybersecurity, Information Security Audits, Data Privacy & Compliance • Worked in India, USA, EU (currently) in Automobile, Chemicals, Insurance, Investment Banking, and e-Commerce domains.
Topics Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
What is Cybersecurity? Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use
Why Cybersecurity? CONFIDENTIALITY Unauthorized individuals or entities can not get any information that is not intended for them. INTEGRITY The accuracy and completeness of data must be assured. AVAILABILITY It must be ensured that vital information is available whenever needed.
Areas of Cybersecurity Cloud Computing Concepts and Architecture Legal Issues, Contracts and Electronic Discovery Governance and Enterprise Risk Management Compliance and Audit Management Infrastructure Security Application Security Data Security and Encryption
Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
Brief History of Cybersecurity Attacks Do you remember “million-dollar lottery” emails? Have you received one? This is called phishing email. It is a training topic in itself.
How are we dealing with challenges? To be honest, pretty badly! Here’s the list of data breaches occurred during the year 2020 so far.
Commonly Known Cybersecurity Attacks Denial-of-service (DoS) and distributed denial- of-service (DDoS) Man-in-the-middle (MitM) Phishing Drive-by attack Identity Theft SQL Injection Cross-site scripting (XSS) Eavesdropping Malware/Ransomware
Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
Cybersecurity Drivers for Organizations Continuous Improvement (e.g., ISMS, Security Roadmap, Training & Awareness, Logging & Monitoring) Compliance (e.g., ISO 27001, GDPR, Local Legislation) Audits (e.g., Technical Platform Audit, Penetration Testing, Customer Due Diligence) Contractual Obligations (e.g., Two-factor authentication, HSM for Key Management)
Challenges for Corporations – Global and Local Internal External Fraud Data Breach Unintended information exposure Loss of reputation Asset theft Loss of business/revenue Internal information leak Penalty/Government fine Today, companies face wide range of challenges in the Cyberseucirty domain which can have internal or external causes and implications.
Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
Cybersecurity in Software Development
Cybersecurity and DevSecOps Purpose & Intent "everyone is responsible for cybersecurity" → everyone thinks about cybersecurity, all the time. How to Achieve? People Technology Processes By promoting security throughout the SDLC. Training and awareness provided to development teams Agile doesn’t mean absence of process Codifying security requirements and checklists which allow built-in security type of development Automation and configuration management CI/CD Secure coding practices “Security as Code” Application level auditing (SAST, DAST)
Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
Information Security from Product and Infrastructure Perspective Application Database Customer Controls Data Center Operations, Policies & Compliance Role-based access Logical Separation Between Customers Single sign-on Geographical Preference (US/EU/Asia) ISO 27001 Certified Information Security Management Audit logs AWS Hosting Audit Logs Offsite Backups GDPR Compliant DPA 24x7 Monitoring Daily Backups User Management / Per-Role Authentication Highest Level of Physical Security Regular Penetration Testing Secure Browser Connections Data Encryption (In Transit and At Rest) Task Level Permission More than 85 Global Certifications/Attestations Third-Party Audits Two-Factor Authentication No Direct Access to All Employees Ability to Export Data Certified Disaster Recovery Practices CSA-STAR Participation Secure Architecture Segregation of Duty Configurable Password/IT Policy Continuous Capacity Monitoring Competent In-House Development Team
Personal Data Processing – New Era • Architecture Supporting Secure-by-design / Privacy-by-design Principles • The new architecture will be built based on the following considerations – • “Forget me” requests • Restrict processing • Export data • Keeping data no longer than necessary • Access control • Audit logs • Local legislations • Further Reading https://gdpr-info.eu/art-25-gdpr/
Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
Cybersecurity – Skills Matrix and Career Options INFRASTRUCTURE COMPLIANCE TECHNOLOGY PRODUCT LEADERSHIP SPECIALIZED AREAS Next Generation Firewall Configuration Authentication Infrastructure Hardware Encryption AWS CI/CD ISO 27001 ISO 27018 SOC2 NIST C5 (German Market) Internal/External Audits Security Testing RESTful API OWASP Project Automated Incident Handling Threat Modeling Security Features Product Roadmap Customer Liaison Vendor Management Budget Input/Cost Estimation Risk Analysis Security Awareness Training Ethical Hacking Cryptography Masking/Tokenization Encryption Keys Management
Reference Reading OWASP Project - https://owasp.org/ NIST Cybersecurity Framework - https://www.nist.gov/cyberframework ISO 27001 - https://www.iso.org/isoiec- 27001-information-security.html Web Security Academy - https://portswigger.net/web-security
Questions? Thank you!

Empfohlen

Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
cyber security
cyber securitycyber security
cyber securityabithajayavel
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecuritydivyanshigarg4
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 

Empfohlen

Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
cyber security
cyber securitycyber security
cyber securityabithajayavel
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecuritydivyanshigarg4
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxChandanChandu928137
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityForam Gosai
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
Cyber security
Cyber securityCyber security
Cyber securitySapna Patil
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Amazon Web Services
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 

Was ist angesagt? (20)

Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptx
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Information security
Information securityInformation security
Information security
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 

Ähnlich wie Introduction to Cybersecurity

Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Amazon Web Services
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...PlatformSecurityManagement
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Ulf Mattsson
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloudInterop
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data LeakagePatty Buckley
 
Security Review of Software (Asset Management)
Security Review of Software (Asset Management)Security Review of Software (Asset Management)
Security Review of Software (Asset Management)Krutarth Vasavada
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_PackageRandy B.
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Information security[277]
Information security[277]Information security[277]
Information security[277]Timothy Warren
 
Build a Cyber Resilient Network with Symantec
Build a Cyber Resilient Network with SymantecBuild a Cyber Resilient Network with Symantec
Build a Cyber Resilient Network with SymantecArrow ECS UK
 
WITDOM Credit Risk Scoring use case at ISSE 2017
WITDOM Credit Risk Scoring use case at ISSE 2017WITDOM Credit Risk Scoring use case at ISSE 2017
WITDOM Credit Risk Scoring use case at ISSE 2017Elsa Prieto
 
CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2ShivamSharma909
 

Ähnlich wie Introduction to Cybersecurity (20)

Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
 
Security Review of Software (Asset Management)
Security Review of Software (Asset Management)Security Review of Software (Asset Management)
Security Review of Software (Asset Management)
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_Package
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Information security[277]
Information security[277]Information security[277]
Information security[277]
 
Build a Cyber Resilient Network with Symantec
Build a Cyber Resilient Network with SymantecBuild a Cyber Resilient Network with Symantec
Build a Cyber Resilient Network with Symantec
 
WITDOM Credit Risk Scoring use case at ISSE 2017
WITDOM Credit Risk Scoring use case at ISSE 2017WITDOM Credit Risk Scoring use case at ISSE 2017
WITDOM Credit Risk Scoring use case at ISSE 2017
 
Secure the modern Enterprise
Secure the modern EnterpriseSecure the modern Enterprise
Secure the modern Enterprise
 
CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2
 

Kürzlich hochgeladen

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 

Kürzlich hochgeladen (20)

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 

Introduction to Cybersecurity

  • 2. Krutarth Vasavada • B.E. (Electronics and Communication), AITS 2002- 06 • M.S. (Computer Engineering), San Jose State University, California, US • Certified Cloud Security Professional, ISC2 • 13+ Years into Software Product Development, Cybersecurity, Information Security Audits, Data Privacy & Compliance • Worked in India, USA, EU (currently) in Automobile, Chemicals, Insurance, Investment Banking, and e-Commerce domains.
  • 3. Topics Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
  • 4. What is Cybersecurity? Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use
  • 5. Why Cybersecurity? CONFIDENTIALITY Unauthorized individuals or entities can not get any information that is not intended for them. INTEGRITY The accuracy and completeness of data must be assured. AVAILABILITY It must be ensured that vital information is available whenever needed.
  • 6. Areas of Cybersecurity Cloud Computing Concepts and Architecture Legal Issues, Contracts and Electronic Discovery Governance and Enterprise Risk Management Compliance and Audit Management Infrastructure Security Application Security Data Security and Encryption
  • 7. Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
  • 8. Brief History of Cybersecurity Attacks Do you remember “million-dollar lottery” emails? Have you received one? This is called phishing email. It is a training topic in itself.
  • 9. How are we dealing with challenges? To be honest, pretty badly! Here’s the list of data breaches occurred during the year 2020 so far.
  • 10. Commonly Known Cybersecurity Attacks Denial-of-service (DoS) and distributed denial- of-service (DDoS) Man-in-the-middle (MitM) Phishing Drive-by attack Identity Theft SQL Injection Cross-site scripting (XSS) Eavesdropping Malware/Ransomware
  • 11. Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
  • 12. Cybersecurity Drivers for Organizations Continuous Improvement (e.g., ISMS, Security Roadmap, Training & Awareness, Logging & Monitoring) Compliance (e.g., ISO 27001, GDPR, Local Legislation) Audits (e.g., Technical Platform Audit, Penetration Testing, Customer Due Diligence) Contractual Obligations (e.g., Two-factor authentication, HSM for Key Management)
  • 13. Challenges for Corporations – Global and Local Internal External Fraud Data Breach Unintended information exposure Loss of reputation Asset theft Loss of business/revenue Internal information leak Penalty/Government fine Today, companies face wide range of challenges in the Cyberseucirty domain which can have internal or external causes and implications.
  • 14. Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
  • 16. Cybersecurity and DevSecOps Purpose & Intent "everyone is responsible for cybersecurity" → everyone thinks about cybersecurity, all the time. How to Achieve? People Technology Processes By promoting security throughout the SDLC. Training and awareness provided to development teams Agile doesn’t mean absence of process Codifying security requirements and checklists which allow built-in security type of development Automation and configuration management CI/CD Secure coding practices “Security as Code” Application level auditing (SAST, DAST)
  • 17. Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
  • 18. Information Security from Product and Infrastructure Perspective Application Database Customer Controls Data Center Operations, Policies & Compliance Role-based access Logical Separation Between Customers Single sign-on Geographical Preference (US/EU/Asia) ISO 27001 Certified Information Security Management Audit logs AWS Hosting Audit Logs Offsite Backups GDPR Compliant DPA 24x7 Monitoring Daily Backups User Management / Per-Role Authentication Highest Level of Physical Security Regular Penetration Testing Secure Browser Connections Data Encryption (In Transit and At Rest) Task Level Permission More than 85 Global Certifications/Attestations Third-Party Audits Two-Factor Authentication No Direct Access to All Employees Ability to Export Data Certified Disaster Recovery Practices CSA-STAR Participation Secure Architecture Segregation of Duty Configurable Password/IT Policy Continuous Capacity Monitoring Competent In-House Development Team
  • 19. Personal Data Processing – New Era • Architecture Supporting Secure-by-design / Privacy-by-design Principles • The new architecture will be built based on the following considerations – • “Forget me” requests • Restrict processing • Export data • Keeping data no longer than necessary • Access control • Audit logs • Local legislations • Further Reading https://gdpr-info.eu/art-25-gdpr/
  • 20. Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
  • 21. Cybersecurity – Skills Matrix and Career Options INFRASTRUCTURE COMPLIANCE TECHNOLOGY PRODUCT LEADERSHIP SPECIALIZED AREAS Next Generation Firewall Configuration Authentication Infrastructure Hardware Encryption AWS CI/CD ISO 27001 ISO 27018 SOC2 NIST C5 (German Market) Internal/External Audits Security Testing RESTful API OWASP Project Automated Incident Handling Threat Modeling Security Features Product Roadmap Customer Liaison Vendor Management Budget Input/Cost Estimation Risk Analysis Security Awareness Training Ethical Hacking Cryptography Masking/Tokenization Encryption Keys Management
  • 22. Reference Reading OWASP Project - https://owasp.org/ NIST Cybersecurity Framework - https://www.nist.gov/cyberframework ISO 27001 - https://www.iso.org/isoiec- 27001-information-security.html Web Security Academy - https://portswigger.net/web-security