SlideShare a Scribd company logo

Quality in Cyber security Awareness

Download as PPTX, PDF
Fadi Abdulwahab
Fadi Abdulwahab

Let's focus on Human Firewall as we focus on Application or Network Firewall because Human/Awareness is the First Step in Mitigating security risks.

Technology
1 of 27
‫التقنية‬ ‫جودة‬ ‫منتدى‬ ‫السبت‬18‫رجب‬1437‫هـ‬/Saturday, 15 April 2017 Fadi Ahmad Abdulwahab Fabdulwahab@outlook.com Development Manager @ SURE www.sure.com.sa Quality in Cyber Security Awareness Technology Quality Forum Source: https://goo.gl/q0iDBc Source: https://goo.gl/gsTnPa
What is Cyber Security? – All are Related Information Security (Data) Computer Security Network Security Software Security IT Security (Process) Human Security
But What is it? • Saving my accounts in banksConfidentiality • No changes in my accountsIntegrity • Accessing my accountsAvailability
Security is not only Software or Hardware Governments need to keep their countries secure Financial institutions need to secure our transactions Organizations need to secure their intellectual property Businesses need to secure their customers’ information Hospitals need to secure human lives
Why Cyber Security?  Security is getting worse  3B users, 1B websites and 9B connected devices  Nothing is 100 % Secure
Financial vs. Reputation By 2017, the Global Cyber Security Market is expected to skyrocket to $120.1 billion from $64.7 billion in 2011 The Estimated Annual Cost of Global Cybercrime is $375 Billion Source: http://www.marketsandmarkets.com/Market-Reports/cyber-security-market-505.html?gclid=CKza6bOmo9MCFQu3Gwod5AMBtg
Shamoon & Ransomware virus
Shamoon & Ransomware virus
Wearepartoftheproblem
Wearepartoftheproblem
We are part of the problem - Rubber Ducky USB
We are part of the problem - Wifi Pineapple
Some Companies Lie - Marketing  100% Secure or Hack Proof  All software has bugs
Some Companies Lie - Reputation
Some Companies Lie - Reputation
Who is Right? - Policies The only secure password is the one you can’t remember
Ask Wrong Questions?
Ask Wrong Questions?
The Attacks Will Continue Sources: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
HTTPs ≠ HTTPs (with Quality)
HTTPs ≠ HTTPs (with Quality)
Pen Testing - False Positive/True Negative
People’s Role in Cyber Security People make the hardware and software People write the code that is insecure People manage the tools that stop attacks People categorize, prioritize and directly impact outcomes People set the rules and try to follow them
Quality in Cyber Security Awareness ftware Security • Software developers are the first and best line of defense for the security of their code Human Security • Awareness is the First Step in Mitigating security risks • Education with practice • Trust but verify All Types of Security • It's everyone's responsibility • Technology, Process and Human
National Transformation Program 2020 Cost cutting Use resources correctly Reduce risks
Maximize Your Quality – Before Go Live  https://beforegolive.com  For IT community and environments  Best practices and recommendations  OWASP Top 10, CIS benchmark
Thank you for Attending  Fadi Ahmad Abdulwahab  Specialist in (Web Security – Performance - High Availability – Cloud )  Author for  Maximizing SharePoint Security whitepaper  Maximizing SharePoint Availability whitepaper  Blog https://fabdulwahab.com  Twitter @fadi_Abdulwahab  fabdulwahab@outlook.com

Recommended

Static analysis for security
Static analysis for securityStatic analysis for security
Static analysis for security
Fadi Abdulwahab
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding Practices
Thomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
Jannis Kirschner
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
Rajakrishnan S, MCA,MBA,MA Phil,PMP,CSM,ISTQB-Test Mgr,ITIL
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
Cybersecurity Education and Research Centre
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
Sathyanarayana Panduranga
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Secure Coding - Are we doing it wrong
Secure Coding - Are we doing it wrongSecure Coding - Are we doing it wrong
Secure Coding - Are we doing it wrong
bryns
 

Recommended

Static analysis for security
Static analysis for securityStatic analysis for security
Static analysis for security
Fadi Abdulwahab
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding Practices
Thomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
Jannis Kirschner
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
Rajakrishnan S, MCA,MBA,MA Phil,PMP,CSM,ISTQB-Test Mgr,ITIL
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
Cybersecurity Education and Research Centre
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
Sathyanarayana Panduranga
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Secure Coding - Are we doing it wrong
Secure Coding - Are we doing it wrongSecure Coding - Are we doing it wrong
Secure Coding - Are we doing it wrong
bryns
 
OWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference GuideOWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference Guide
Ludovic Petit
 
Threat Detection using Analytics & Machine Learning
Threat Detection using Analytics & Machine LearningThreat Detection using Analytics & Machine Learning
Threat Detection using Analytics & Machine Learning
Priyanka Aash
 
Droidcon mobile security
Droidcon mobile securityDroidcon mobile security
Droidcon mobile security
Judy Ngure
 
Web application security
Web application securityWeb application security
Web application security
Kapil Sharma
 
Risky project Enterprise
Risky project EnterpriseRisky project Enterprise
Risky project Enterprise
Intaver Insititute
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Rochester Security Summit
 
Step by step guide for web application security testing
Step by step guide for web application security testingStep by step guide for web application security testing
Step by step guide for web application security testing
Avyaan, Web Security Company in India
 
Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011
Atlantic Security Conference
 
OWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web DevelopersOWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web Developers
Benjamin Floyd
 
Risk Based Software Planning
Risk Based Software PlanningRisk Based Software Planning
Risk Based Software Planning
Muhammad Alhalaby
 
Security Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementSecurity Compliance Web Application Risk Management
Security Compliance Web Application Risk Management
Marco Morana
 
XSS filter on Server side
XSS filter on Server sideXSS filter on Server side
XSS filter on Server side
cuteboysmith
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
phanleson
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk management
Infosys
 
Manual Code Review
Manual Code ReviewManual Code Review
Manual Code Review
n|u - The Open Security Community
 
The bare minimum that you should know about web application security testing ...
The bare minimum that you should know about web application security testing ...The bare minimum that you should know about web application security testing ...
The bare minimum that you should know about web application security testing ...
Ken DeSouza
 
Security Review of Software (Asset Management)
Security Review of Software (Asset Management)Security Review of Software (Asset Management)
Security Review of Software (Asset Management)
Krutarth Vasavada
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10
Shivam Porwal
 
DevSecOps: Securing Applications with DevOps
DevSecOps: Securing Applications with DevOpsDevSecOps: Securing Applications with DevOps
DevSecOps: Securing Applications with DevOps
Wouter de Kort
 
The difference between Penetration Testing and Red Team
The difference between Penetration Testing and Red TeamThe difference between Penetration Testing and Red Team
The difference between Penetration Testing and Red Team
Nimrod Levy
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Rishi Singh
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
Ivanti
 

More Related Content

What's hot

Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Rochester Security Summit
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
phanleson
 
The bare minimum that you should know about web application security testing ...
The bare minimum that you should know about web application security testing ...The bare minimum that you should know about web application security testing ...
The bare minimum that you should know about web application security testing ...
Ken DeSouza
 

What's hot (20)

OWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference GuideOWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference Guide
 
Threat Detection using Analytics & Machine Learning
Threat Detection using Analytics & Machine LearningThreat Detection using Analytics & Machine Learning
Threat Detection using Analytics & Machine Learning
 
Droidcon mobile security
Droidcon mobile securityDroidcon mobile security
Droidcon mobile security
 
Web application security
Web application securityWeb application security
Web application security
 
Risky project Enterprise
Risky project EnterpriseRisky project Enterprise
Risky project Enterprise
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Step by step guide for web application security testing
Step by step guide for web application security testingStep by step guide for web application security testing
Step by step guide for web application security testing
 
Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011
 
OWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web DevelopersOWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web Developers
 
Risk Based Software Planning
Risk Based Software PlanningRisk Based Software Planning
Risk Based Software Planning
 
Security Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementSecurity Compliance Web Application Risk Management
Security Compliance Web Application Risk Management
 
XSS filter on Server side
XSS filter on Server sideXSS filter on Server side
XSS filter on Server side
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk management
 
Manual Code Review
Manual Code ReviewManual Code Review
Manual Code Review
 
The bare minimum that you should know about web application security testing ...
The bare minimum that you should know about web application security testing ...The bare minimum that you should know about web application security testing ...
The bare minimum that you should know about web application security testing ...
 
Security Review of Software (Asset Management)
Security Review of Software (Asset Management)Security Review of Software (Asset Management)
Security Review of Software (Asset Management)
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10
 
DevSecOps: Securing Applications with DevOps
DevSecOps: Securing Applications with DevOpsDevSecOps: Securing Applications with DevOps
DevSecOps: Securing Applications with DevOps
 
The difference between Penetration Testing and Red Team
The difference between Penetration Testing and Red TeamThe difference between Penetration Testing and Red Team
The difference between Penetration Testing and Red Team
 

Similar to Quality in Cyber security Awareness

BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023
CBIZ, Inc.
 
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
NRBsanv
 

Similar to Quality in Cyber security Awareness (20)

Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptx
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3
 
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Cyber security
Cyber securityCyber security
Cyber security
 
Should i study cyber security
Should i study cyber securityShould i study cyber security
Should i study cyber security
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
 
Understanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health CareUnderstanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health Care
 
Securing the digital front door
Securing the digital front doorSecuring the digital front door
Securing the digital front door
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
ERAU webinar november 2016 cyber security
ERAU webinar november 2016 cyber security ERAU webinar november 2016 cyber security
ERAU webinar november 2016 cyber security
 
Cybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity ForumCybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity Forum
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Recently uploaded (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Quality in Cyber security Awareness

  • 1. ‫التقنية‬ ‫جودة‬ ‫منتدى‬ ‫السبت‬18‫رجب‬1437‫هـ‬/Saturday, 15 April 2017 Fadi Ahmad Abdulwahab Fabdulwahab@outlook.com Development Manager @ SURE www.sure.com.sa Quality in Cyber Security Awareness Technology Quality Forum Source: https://goo.gl/q0iDBc Source: https://goo.gl/gsTnPa
  • 2. What is Cyber Security? – All are Related Information Security (Data) Computer Security Network Security Software Security IT Security (Process) Human Security
  • 3. But What is it? • Saving my accounts in banksConfidentiality • No changes in my accountsIntegrity • Accessing my accountsAvailability
  • 4. Security is not only Software or Hardware Governments need to keep their countries secure Financial institutions need to secure our transactions Organizations need to secure their intellectual property Businesses need to secure their customers’ information Hospitals need to secure human lives
  • 5. Why Cyber Security?  Security is getting worse  3B users, 1B websites and 9B connected devices  Nothing is 100 % Secure
  • 6. Financial vs. Reputation By 2017, the Global Cyber Security Market is expected to skyrocket to $120.1 billion from $64.7 billion in 2011 The Estimated Annual Cost of Global Cybercrime is $375 Billion Source: http://www.marketsandmarkets.com/Market-Reports/cyber-security-market-505.html?gclid=CKza6bOmo9MCFQu3Gwod5AMBtg
  • 11. We are part of the problem - Rubber Ducky USB
  • 12. We are part of the problem - Wifi Pineapple
  • 13. Some Companies Lie - Marketing  100% Secure or Hack Proof  All software has bugs
  • 14. Some Companies Lie - Reputation
  • 15. Some Companies Lie - Reputation
  • 16. Who is Right? - Policies The only secure password is the one you can’t remember
  • 19. The Attacks Will Continue Sources: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
  • 20. HTTPs ≠ HTTPs (with Quality)
  • 21. HTTPs ≠ HTTPs (with Quality)
  • 22. Pen Testing - False Positive/True Negative
  • 23. People’s Role in Cyber Security People make the hardware and software People write the code that is insecure People manage the tools that stop attacks People categorize, prioritize and directly impact outcomes People set the rules and try to follow them
  • 24. Quality in Cyber Security Awareness ftware Security • Software developers are the first and best line of defense for the security of their code Human Security • Awareness is the First Step in Mitigating security risks • Education with practice • Trust but verify All Types of Security • It's everyone's responsibility • Technology, Process and Human
  • 25. National Transformation Program 2020 Cost cutting Use resources correctly Reduce risks
  • 26. Maximize Your Quality – Before Go Live  https://beforegolive.com  For IT community and environments  Best practices and recommendations  OWASP Top 10, CIS benchmark
  • 27. Thank you for Attending  Fadi Ahmad Abdulwahab  Specialist in (Web Security – Performance - High Availability – Cloud )  Author for  Maximizing SharePoint Security whitepaper  Maximizing SharePoint Availability whitepaper  Blog https://fabdulwahab.com  Twitter @fadi_Abdulwahab  fabdulwahab@outlook.com

Editor's Notes

  1. Also HTTPs example
  2. Reputation
  3. 1/5 internet user from China 80% mobile devices connect to internet instead of web browser in 2017
  4. Alibaba , 17 min , 1 billion Amazon 15 min down loss 5.3 millions Shamoon (Email , Site or USB) Samba Bank
  5. Alibaba , 17 min , 1 billion Amazon 15 min down loss 5.3 millions Shamoon (Email , Site or USB) Samba Bank
  6. awareness
  7. awareness
  8. Weak hashing
  9. What is the security features? Data privacy
  10. What is the security features? Data privacy
  11. Put the things in right way Improve the quality in all chain Our reaction against shamoon is still not completed