SlideShare une entreprise Scribd logo

Security Awareness

Dinesh O Bareja
Dinesh O Bareja

A security awareness presentation created for an audience of senior officials from MTNL (India's foremost telecom PSU). The presentation covers fundamentals of Information Security, it's evolution, present day risks from the IT and Telecom infrastructure perspective.

Technologie
1  sur  95
Télécharger pour lire hors ligne
Digital Crime, Fraud & Forensic investigation s, Governance Risk and Compliance, IT Asset Management , License Management , Cyber Security, Cyber Labs, At MTNL, Mumbai By Dinesh O Bareja November 19, 2013
 Introduction    Audience Us.. Pyramid & Dinesh Todays Program Plan Information Security Fundamentals  Why Security (cases and incidents; critical infrastructure concept for MTNL and telecom, national intranet and lights on concept)  What to Secure (current state analysis, maturity plan, essentials, goals and objectives – certification / compliance / reputation etc  When and How to Secure  First steps and discussions 
Established and well known Cyber Security and Forensics Consulting organization since past decade  Cyber Forensics Labs in 22 states across India  Qualified, experienced and certified team of Forensic and InfoSec professionals  Full range of InfoSec services – strategy, design, implement, maintain, test, response, investigation, protection 
 Managed Security Services as per RBI/IDRBT guidelines  Compliance with ISO, RBI, IDBRT, IT Act etc as applicable  ISMS Policies, Procedures, Audit Program as per ISO27001  Ethical hacking, Software Security  Open Source technology adoption  Security Awareness Training  Forensic and Incident Response…
 Professional Positions   Jharkhand Police – Cyber Defence Research Centre (Cyber Security Advisor)  Bombay Stock Exchange - IGRC (Technical Member)  Open Security Alliance (CEO)   Pyramid Cyber Security & Forensics (Principal Advisor) Indian Honeynet Project (Co Founder) Professional skills and special interest areas   Technologies: SOC, DLP, IRM, SIEM…  Practices: Incident Response, SAM, Forensics, Regulatory guidance..   Security Consulting and Advisory services for IS Architecture, Analysis, Optimization in Government and Enterprises Community: mentoring, training, citizen outreach, India research.. Opinioned Blogger, occasional columnist, wannabe photographer
MTNL was set up on 1st April, 1986 by the Government of India  Started as Bombay Telephone in 1882, in pre-independence era,  MTNL is the largest Broadband service provider in Mumbai  National Critical Infrastructure provides landline services, high speed broadband through ADSL, 3g, VoIP, IPTV among a range of telecom services 
 Introduction Audience  Us.. Pyramid & Dinesh   Information / Data Security  Todays Program Plan  Information Security Fundamentals  Why Security (cases and incidents; critical infrastructure concept for MTNL and telecom, national intranet and lights on concept)  What to Secure (current state analysis, maturity plan, essentials, goals and objectives – certification / compliance / reputation etc  When and How to Secure  First steps and discussions
When data is processed, organized, structured or presented in a given context so as to make it useful, it is called Information. X Data is raw, unorganized facts that need to be processed. Data can be something simple and seemingly random and useless until it is organized. http://www.infogineering.net/datainformation-knowledge.htm Knowledge is a combination of information, experience and insight that may benefit the individual or the organization.
Regulatory Corporate Data Secrets • Credit card data • Intellectual property • Privacy data • Financial information • Health care information • Trade secrets
http://movetheworld.wordpress.com/2008/01/16/evolution-of-information-security-technologies/
DATA Interpret data so that it has some value and meaning for the user INFORMATION A combination of information & data, experience, insight that is built thru’ a brain’s processes KNOWLEDGE
The practice of protecting information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Protecting data or a database from destructive forces and the unwanted actions of unauthorized users.
Even a young man has to use a walking stick ! Technology advancement has brought about dramatic change in life and work and continues it’s march of dynamic growth It was an era of innocence and invention when computing started upto the time when the internet was unveiled Over the years it has metamorphosed into a force we are still trying to understand and has brought with it ‘great expectations’ from the human beings who are in charge!
http://www.geeksaresexy.net/2013/ 04/26/the-evolution-of-essentialscomic/
http://www.geeksaresexy.net/2013/ 04/26/the-evolution-of-essentialscomic/
Information Technology NOT a support function Information Security NOT a cost center is is
Requires ABSOLUTE management support – absolutely and unconditionally  Management MUST have high level of awareness of risks and must maintain a high level of visibility  Risks, Threats and Metrics arising from IT / IS must be a regular item on the board  Board must receive regular intelligence advisories  Fires, floods, and such disasters will see the CxO on the frontlines… earning respect
 Empower security teams  Define roles and responsibilities  Ensure strong and well defined processes for managing risk, controls, BCP/DR, communication  Automate processes  InfoSec Management systems must have strong governance
 Various standards like ISO27001, ISo22301, ISO 20000, ISO 14000  Frameworks like ITIL, PCI-DSS, NIST  Laws and Regulatory requirements – IT Act, Guidelines, Data Protection etc
IT Security …
11 Domains 11 Domains Organization of Information Security Security Policy Access Control Physical and Environment Security Asset Management 39 Controls Objectives 133 Controls Human Resource Security Communicatio n and Operations Management Information Systems Acquisition Development Maintenance Information Security Incident Managament Compliance Business Continuity Management
 ISO22301 – BCP/DR  ISO19770 – Software License  ISO31000 – Risk Management  ISO27011 – Telecom ISMS  BS10002 – Data Classification  ISO31010 – Risk Terminology
 Policies and Procedures  Risk Management  Asset Information  Data Classification  Incident Management  BCP/DR  Configuration, Change  Compliance Requirements
SHODAN (http://www.shodanhq.com/) is a computer search engine designed by web developer John Matherly (http://twitter.com/achillean)  While SHODAN is a search engine, it is much different than content search engines like Google, Yahoo or Bing  Rather than to locate specific content on a particular search term, SHODAN is designed to help the user find specific nodes (desktops, servers, routers, switches, etc.) with specific content in their banners 
PwC – State of Information Security in India Report 2013
Telecom Security …
 An unexplained suicide  Reputation loss for Vodafone  Rootkit Ericcson AXE MSE  Involvement of CIA ?? Not proven  Case is not yet resolved  Motive is unknown
 CMS/IMS regime  Radia Tapes  Lawful interception  Hardware Security
23.7(i) Security 23.7(i) Security Responsibility - Responsibi lity Complete and Total Responsibility for Security of Networks under which the following must be done – Network Forensics, Network Hardening, Network PT, Risk Assessment 23.7(ii) Security Audit - Conduct a network security audit once a year by network audit certification agency, as per ISO15408 and ISO27001 23.7(iii) Security Testing - Network elements must be tested as per defined standards – IT and IT related against ISO15048, ISMS against ISO27001; Telecom elements against 3GPP. 3GPP2 security standards. Up to 31 Mar 2013 this can be done overseas and after this date in India 23.7(iv) Security Configuration - Include all security features, as per standards, while procuring equipment and implement the same. - Maintain list of all features while equipment is in use - List is subject to inspection by Licensing Authority 23.7(v) Security Personnel - CISO, System Administrators, Nodal Executives for handling NLD/ILD switches, central database, softswitches … all must be Indian Nationals.
 Introduction  Audience  Us.. Pyramid & Dinesh  Information / Data Security  Todays Program Plan  Information Security Fundamentals  Why Security (cases and incidents; critical infrastructure concept for MTNL and telecom, national intranet and lights on concept)  What to Secure (current state analysis, maturity plan, essentials, goals and objectives – certification / compliance / reputation etc  When and How to Secure  First steps and discussions
Hacked on Aug 14, and site was down as on Aug 16 Earlier hack in June 2013, by Anonymous to protest against censorship. Site was down for 6 hours
Stuxnet, Flame, Shomoon, Russian Nuclear Plant (last week) Duqu, Gauss, RUMOURS - ISRO - Fukushima - Baker Hughes - ConocoPhillips - Marathon - Chevron
 Viruses  Piracy  Data Integrity  MMS  Identity Theft, Website defacement  Trojans, Worms, APT  Ransomware
Low Orbit Cannon – used by Anonymous to launch DDOS attacks  Blackhole Exploit Kit (pre-made attack tools and packages.  Available for download it is a full-fledged, highly sophisticated attack suite - a widelyused, web-based software package which includes a collection of tools that leverage web browser security gaps. It enables the downloading of viruses, bots, trojans and other forms of malicious software onto the computers of unsuspecting victims. Prices for such kit range from $50 for a single day’s usage, up to $1,500 for a full year)  Managed Crime Services  Card Markets  Information Exchange  Cyber Mercenaries for Hire  Botnets (available for as low as $500)
 Introduction  Audience  Us.. Pyramid & Dinesh  Information / Data Security  Todays Program Plan  Information Security Fundamentals  Why Security (cases and incidents; critical infrastructure concept for MTNL and telecom, national intranet and lights on concept)  What to Secure (current state analysis, maturity plan, essentials, goals and objectives – certification / compliance / reputation etc  When and How to Secure  First steps and discussions
 Documented policies, procedures, audit procedures  Risk Management  Access Management – privilege users, passwords, onboarding, off boarding  HR – background checks  Configuration, Change, Patch, Backup  Network Traffic and Forensics  Threat Intelligence  End Point Protection
 Infrastructure Security Assessment  Training  Awareness  Mobile device management  Asset Management  Compliance (internal and external)  Application Security  Incident Management & Response
 Encryption  Version Control with source code review to thwart logic bombs
 Introduction Audience  Us.. Pyramid & Dinesh  Information / Data Security      Todays Program Plan Information Security Fundamentals Why Security (cases and incidents; critical infrastructure concept for MTNL and telecom, national intranet and lights on concept) What to Secure (current state analysis, maturity plan, essentials, goals and objectives – certification / compliance / reputation etc  When and How to Secure  First steps and discussions
The revelation of PRISM has changed the way we look at the future. What was to happen is already happening – the NSA can keep tabs on the global population! Microsoft, Google, Adobe and all the big names in technology are implicated - we have been dreaming and planning to get out of commercial systems into the open source domain and these events have pushed the future into the present
 Policies / Procedures / Documentation  DLP  SIEM  Network Forensics  Secure Web Application  Periodic VA and PT  Audit and Review
 Malware  APT  Data Breach  Denial of Service  Slow response in the face of change  Lack of actionable intelligence  Insufficient Capability and Capacity  Weak Incident Response and Crisis Management
 Insecure Applications  Lack of awareness  Internal - Human Error  Fraud  Default Passwords, hardening  Phishing / Vishing  Logic Bombs
 Introduction Audience  Us.. Pyramid & Dinesh  Information / Data Security  Todays Program Plan  Information Security Fundamentals  Why Security (cases and incidents; critical infrastructure concept for MTNL and telecom, national intranet and lights on concept)  What to Secure (current state analysis, maturity plan, essentials, goals and objectives – certification / compliance / reputation etc  When and How to Secure   Next steps and discussions
 Cloud  Mobile  Computers will be wearable, blowable  Smart grid  Driverless car
 Crackers for Hire (cyber mercenaries)  Cyber Espionage  Ransomware / Lockout  Denial of Service  Technology Obsolescence  Fake Employees  Internal Frauds
risks – tech / business flight timings sales what phone to buy/gift global events how to do a web checkin gadgets ……. people issues enterprise targets enterprise finance all processes business IT networks org growth systems © freedigitalphotos (royaltyfree, attribution) onboarding /exits background checks compliance liabilities contribute ideas email
          Current State Evaluation – People, Process and Technology Gap Analysis as per ISO / ITA Forensics as a Service Incident Response Policy Development aligned to Enterprise and National Strategies Build internal Governance Structures Emergency & Crisis Response Team Awareness Program IS Controls Implementation Training
Questions
Head Office: FB-05, NSIC Software Technology Park Extn, Okhla Industrial Estate, New Delhi-110020, T: +91-9650894671 F: +91-11-26322980 E: contact@pyramidcyber.com Mumbai Office: 308 Orbitz Premises Chincholi Bunder Road, Malad West Mumbai 400064 T: +91.9769890505 E: dinesh.bareja@pyramidcyber.com www.pyramidcyber.com
 http://en.wikipedia.org/wiki/Information_Security  http://en.wikipedia.org/wiki/Data_security  Raoul - tstf.net  http://www.infogineering.net/data-informationknowledge.htm  Google  Various internet resources

Recommandé

Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Dinesh O Bareja
 
Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance AwarenessDinesh O Bareja
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires SuperhumansDinesh O Bareja
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptxGovt. P.G. College Sendhwa, Barwani (M.P.)
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 

Recommandé

Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Dinesh O Bareja
 
Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance AwarenessDinesh O Bareja
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires SuperhumansDinesh O Bareja
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptxGovt. P.G. College Sendhwa, Barwani (M.P.)
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small BusinessJulius Clark, CISSP, CISA
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
Information security
Information securityInformation security
Information securityVijayananda Mohire
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Dinesh O Bareja
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security AwarenessThe Network Support Company
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small BusinessJulius Clark, CISSP, CISA
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Securityscoopnewsgroup
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Business - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of ITBusiness - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of ITDinesh O Bareja
 
Mind Your Manners On Linked In
Mind Your Manners On Linked InMind Your Manners On Linked In
Mind Your Manners On Linked InDinesh O Bareja
 

Contenu connexe

Tendances

The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Dinesh O Bareja
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Securityscoopnewsgroup
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 

Tendances (20)

Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for Investors
 
Information security
Information securityInformation security
Information security
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and Resources
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness
 
Information security
Information securityInformation security
Information security
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Security
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.
 

En vedette

Business - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of ITBusiness - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of ITDinesh O Bareja
 
Mind Your Manners On Linked In
Mind Your Manners On Linked InMind Your Manners On Linked In
Mind Your Manners On Linked InDinesh O Bareja
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India ReadyDinesh O Bareja
 
Community Disaster Incident Response
Community Disaster Incident ResponseCommunity Disaster Incident Response
Community Disaster Incident ResponseDinesh O Bareja
 
ISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introductionISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introductionDinesh O Bareja
 
Indian Thoughts in Information Security
Indian Thoughts in Information SecurityIndian Thoughts in Information Security
Indian Thoughts in Information SecurityDinesh O Bareja
 
Bug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentBug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentDinesh O Bareja
 
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaGovernance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaDinesh O Bareja
 
Common Sense 101 - so much to learn about CS
Common Sense 101 - so much to learn about CSCommon Sense 101 - so much to learn about CS
Common Sense 101 - so much to learn about CSDinesh O Bareja
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its PreventionDinesh O Bareja
 

En vedette (11)

Business - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of ITBusiness - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of IT
 
Mind Your Manners On Linked In
Mind Your Manners On Linked InMind Your Manners On Linked In
Mind Your Manners On Linked In
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India Ready
 
Community Disaster Incident Response
Community Disaster Incident ResponseCommunity Disaster Incident Response
Community Disaster Incident Response
 
ISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introductionISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introduction
 
Indian Thoughts in Information Security
Indian Thoughts in Information SecurityIndian Thoughts in Information Security
Indian Thoughts in Information Security
 
Bug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentBug Bounty Programs : Good for Government
Bug Bounty Programs : Good for Government
 
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaGovernance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
 
Common Sense 101 - so much to learn about CS
Common Sense 101 - so much to learn about CSCommon Sense 101 - so much to learn about CS
Common Sense 101 - so much to learn about CS
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
 

Similaire à Security Awareness

2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)Andris Soroka
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionGianmarco Ferri
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedTiffany Graham
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challengescyberprosocial
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptxrabeetkashif
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdfkarthikvcyber
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.pptkarthikvcyber
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze DataExchangeAgency
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...360 BSI
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE360 BSI
 

Similaire à Security Awareness (20)

2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtection
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challenges
 
CCA study group
CCA study groupCCA study group
CCA study group
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptx
 
ITrust Cybersecurity Services - Datasheet EN
ITrust Cybersecurity Services - Datasheet ENITrust Cybersecurity Services - Datasheet EN
ITrust Cybersecurity Services - Datasheet EN
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdf
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanian
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.ppt
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
 
Main Menu
Main MenuMain Menu
Main Menu
 
Cobit 2
Cobit 2Cobit 2
Cobit 2
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
 

Plus de Dinesh O Bareja

WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers Dinesh O Bareja
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
 
Finance and Accounting professionals to bridge the gap with IT
Finance and Accounting professionals to bridge the gap with ITFinance and Accounting professionals to bridge the gap with IT
Finance and Accounting professionals to bridge the gap with ITDinesh O Bareja
 
Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Dinesh O Bareja
 
India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013Dinesh O Bareja
 
OSA - Internet Security in India
OSA - Internet Security in IndiaOSA - Internet Security in India
OSA - Internet Security in IndiaDinesh O Bareja
 

Plus de Dinesh O Bareja (8)

WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers
 
Cybersecurity 2.0
Cybersecurity 2.0Cybersecurity 2.0
Cybersecurity 2.0
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRC
 
Finance and Accounting professionals to bridge the gap with IT
Finance and Accounting professionals to bridge the gap with ITFinance and Accounting professionals to bridge the gap with IT
Finance and Accounting professionals to bridge the gap with IT
 
Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0
 
India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013
 
OSA - Internet Security in India
OSA - Internet Security in IndiaOSA - Internet Security in India
OSA - Internet Security in India
 

Dernier

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 

Dernier (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

Security Awareness

  • 1. Digital Crime, Fraud & Forensic investigation s, Governance Risk and Compliance, IT Asset Management , License Management , Cyber Security, Cyber Labs, At MTNL, Mumbai By Dinesh O Bareja November 19, 2013
  • 2.  Introduction    Audience Us.. Pyramid & Dinesh Todays Program Plan Information Security Fundamentals  Why Security (cases and incidents; critical infrastructure concept for MTNL and telecom, national intranet and lights on concept)  What to Secure (current state analysis, maturity plan, essentials, goals and objectives – certification / compliance / reputation etc  When and How to Secure  First steps and discussions 
  • 3. Established and well known Cyber Security and Forensics Consulting organization since past decade  Cyber Forensics Labs in 22 states across India  Qualified, experienced and certified team of Forensic and InfoSec professionals  Full range of InfoSec services – strategy, design, implement, maintain, test, response, investigation, protection 
  • 4.  Managed Security Services as per RBI/IDRBT guidelines  Compliance with ISO, RBI, IDBRT, IT Act etc as applicable  ISMS Policies, Procedures, Audit Program as per ISO27001  Ethical hacking, Software Security  Open Source technology adoption  Security Awareness Training  Forensic and Incident Response…
  • 5.  Professional Positions   Jharkhand Police – Cyber Defence Research Centre (Cyber Security Advisor)  Bombay Stock Exchange - IGRC (Technical Member)  Open Security Alliance (CEO)   Pyramid Cyber Security & Forensics (Principal Advisor) Indian Honeynet Project (Co Founder) Professional skills and special interest areas   Technologies: SOC, DLP, IRM, SIEM…  Practices: Incident Response, SAM, Forensics, Regulatory guidance..   Security Consulting and Advisory services for IS Architecture, Analysis, Optimization in Government and Enterprises Community: mentoring, training, citizen outreach, India research.. Opinioned Blogger, occasional columnist, wannabe photographer
  • 6. MTNL was set up on 1st April, 1986 by the Government of India  Started as Bombay Telephone in 1882, in pre-independence era,  MTNL is the largest Broadband service provider in Mumbai  National Critical Infrastructure provides landline services, high speed broadband through ADSL, 3g, VoIP, IPTV among a range of telecom services 
  • 7.  Introduction Audience  Us.. Pyramid & Dinesh   Information / Data Security  Todays Program Plan  Information Security Fundamentals  Why Security (cases and incidents; critical infrastructure concept for MTNL and telecom, national intranet and lights on concept)  What to Secure (current state analysis, maturity plan, essentials, goals and objectives – certification / compliance / reputation etc  When and How to Secure  First steps and discussions
  • 8. When data is processed, organized, structured or presented in a given context so as to make it useful, it is called Information. X Data is raw, unorganized facts that need to be processed. Data can be something simple and seemingly random and useless until it is organized. http://www.infogineering.net/datainformation-knowledge.htm Knowledge is a combination of information, experience and insight that may benefit the individual or the organization.
  • 9. Regulatory Corporate Data Secrets • Credit card data • Intellectual property • Privacy data • Financial information • Health care information • Trade secrets
  • 11. DATA Interpret data so that it has some value and meaning for the user INFORMATION A combination of information & data, experience, insight that is built thru’ a brain’s processes KNOWLEDGE
  • 12. The practice of protecting information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Protecting data or a database from destructive forces and the unwanted actions of unauthorized users.
  • 13.
  • 14. Even a young man has to use a walking stick ! Technology advancement has brought about dramatic change in life and work and continues it’s march of dynamic growth It was an era of innocence and invention when computing started upto the time when the internet was unveiled Over the years it has metamorphosed into a force we are still trying to understand and has brought with it ‘great expectations’ from the human beings who are in charge!
  • 17.
  • 18. Information Technology NOT a support function Information Security NOT a cost center is is
  • 19. Requires ABSOLUTE management support – absolutely and unconditionally  Management MUST have high level of awareness of risks and must maintain a high level of visibility  Risks, Threats and Metrics arising from IT / IS must be a regular item on the board  Board must receive regular intelligence advisories  Fires, floods, and such disasters will see the CxO on the frontlines… earning respect
  • 20.  Empower security teams  Define roles and responsibilities  Ensure strong and well defined processes for managing risk, controls, BCP/DR, communication  Automate processes  InfoSec Management systems must have strong governance
  • 21.  Various standards like ISO27001, ISo22301, ISO 20000, ISO 14000  Frameworks like ITIL, PCI-DSS, NIST  Laws and Regulatory requirements – IT Act, Guidelines, Data Protection etc
  • 22.
  • 23.
  • 25. 11 Domains 11 Domains Organization of Information Security Security Policy Access Control Physical and Environment Security Asset Management 39 Controls Objectives 133 Controls Human Resource Security Communicatio n and Operations Management Information Systems Acquisition Development Maintenance Information Security Incident Managament Compliance Business Continuity Management
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.  ISO22301 – BCP/DR  ISO19770 – Software License  ISO31000 – Risk Management  ISO27011 – Telecom ISMS  BS10002 – Data Classification  ISO31010 – Risk Terminology
  • 33.  Policies and Procedures  Risk Management  Asset Information  Data Classification  Incident Management  BCP/DR  Configuration, Change  Compliance Requirements
  • 34.
  • 35.
  • 36.
  • 37. SHODAN (http://www.shodanhq.com/) is a computer search engine designed by web developer John Matherly (http://twitter.com/achillean)  While SHODAN is a search engine, it is much different than content search engines like Google, Yahoo or Bing  Rather than to locate specific content on a particular search term, SHODAN is designed to help the user find specific nodes (desktops, servers, routers, switches, etc.) with specific content in their banners 
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43. PwC – State of Information Security in India Report 2013
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.  An unexplained suicide  Reputation loss for Vodafone  Rootkit Ericcson AXE MSE  Involvement of CIA ?? Not proven  Case is not yet resolved  Motive is unknown
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.  CMS/IMS regime  Radia Tapes  Lawful interception  Hardware Security
  • 57. 23.7(i) Security 23.7(i) Security Responsibility - Responsibi lity Complete and Total Responsibility for Security of Networks under which the following must be done – Network Forensics, Network Hardening, Network PT, Risk Assessment 23.7(ii) Security Audit - Conduct a network security audit once a year by network audit certification agency, as per ISO15408 and ISO27001 23.7(iii) Security Testing - Network elements must be tested as per defined standards – IT and IT related against ISO15048, ISMS against ISO27001; Telecom elements against 3GPP. 3GPP2 security standards. Up to 31 Mar 2013 this can be done overseas and after this date in India 23.7(iv) Security Configuration - Include all security features, as per standards, while procuring equipment and implement the same. - Maintain list of all features while equipment is in use - List is subject to inspection by Licensing Authority 23.7(v) Security Personnel - CISO, System Administrators, Nodal Executives for handling NLD/ILD switches, central database, softswitches … all must be Indian Nationals.
  • 58.
  • 59.
  • 60.
  • 61.  Introduction  Audience  Us.. Pyramid & Dinesh  Information / Data Security  Todays Program Plan  Information Security Fundamentals  Why Security (cases and incidents; critical infrastructure concept for MTNL and telecom, national intranet and lights on concept)  What to Secure (current state analysis, maturity plan, essentials, goals and objectives – certification / compliance / reputation etc  When and How to Secure  First steps and discussions
  • 62. Hacked on Aug 14, and site was down as on Aug 16 Earlier hack in June 2013, by Anonymous to protest against censorship. Site was down for 6 hours
  • 63.
  • 64.
  • 65.
  • 66. Stuxnet, Flame, Shomoon, Russian Nuclear Plant (last week) Duqu, Gauss, RUMOURS - ISRO - Fukushima - Baker Hughes - ConocoPhillips - Marathon - Chevron
  • 67.
  • 68.  Viruses  Piracy  Data Integrity  MMS  Identity Theft, Website defacement  Trojans, Worms, APT  Ransomware
  • 69. Low Orbit Cannon – used by Anonymous to launch DDOS attacks  Blackhole Exploit Kit (pre-made attack tools and packages.  Available for download it is a full-fledged, highly sophisticated attack suite - a widelyused, web-based software package which includes a collection of tools that leverage web browser security gaps. It enables the downloading of viruses, bots, trojans and other forms of malicious software onto the computers of unsuspecting victims. Prices for such kit range from $50 for a single day’s usage, up to $1,500 for a full year)  Managed Crime Services  Card Markets  Information Exchange  Cyber Mercenaries for Hire  Botnets (available for as low as $500)
  • 70.
  • 71.  Introduction  Audience  Us.. Pyramid & Dinesh  Information / Data Security  Todays Program Plan  Information Security Fundamentals  Why Security (cases and incidents; critical infrastructure concept for MTNL and telecom, national intranet and lights on concept)  What to Secure (current state analysis, maturity plan, essentials, goals and objectives – certification / compliance / reputation etc  When and How to Secure  First steps and discussions
  • 72.
  • 73.  Documented policies, procedures, audit procedures  Risk Management  Access Management – privilege users, passwords, onboarding, off boarding  HR – background checks  Configuration, Change, Patch, Backup  Network Traffic and Forensics  Threat Intelligence  End Point Protection
  • 74.  Infrastructure Security Assessment  Training  Awareness  Mobile device management  Asset Management  Compliance (internal and external)  Application Security  Incident Management & Response
  • 75.  Encryption  Version Control with source code review to thwart logic bombs
  • 76.  Introduction Audience  Us.. Pyramid & Dinesh  Information / Data Security      Todays Program Plan Information Security Fundamentals Why Security (cases and incidents; critical infrastructure concept for MTNL and telecom, national intranet and lights on concept) What to Secure (current state analysis, maturity plan, essentials, goals and objectives – certification / compliance / reputation etc  When and How to Secure  First steps and discussions
  • 77.
  • 78.
  • 79. The revelation of PRISM has changed the way we look at the future. What was to happen is already happening – the NSA can keep tabs on the global population! Microsoft, Google, Adobe and all the big names in technology are implicated - we have been dreaming and planning to get out of commercial systems into the open source domain and these events have pushed the future into the present
  • 80.  Policies / Procedures / Documentation  DLP  SIEM  Network Forensics  Secure Web Application  Periodic VA and PT  Audit and Review
  • 81.
  • 82.  Malware  APT  Data Breach  Denial of Service  Slow response in the face of change  Lack of actionable intelligence  Insufficient Capability and Capacity  Weak Incident Response and Crisis Management
  • 83.  Insecure Applications  Lack of awareness  Internal - Human Error  Fraud  Default Passwords, hardening  Phishing / Vishing  Logic Bombs
  • 84.  Introduction Audience  Us.. Pyramid & Dinesh  Information / Data Security  Todays Program Plan  Information Security Fundamentals  Why Security (cases and incidents; critical infrastructure concept for MTNL and telecom, national intranet and lights on concept)  What to Secure (current state analysis, maturity plan, essentials, goals and objectives – certification / compliance / reputation etc  When and How to Secure   Next steps and discussions
  • 85.
  • 86.
  • 87.  Cloud  Mobile  Computers will be wearable, blowable  Smart grid  Driverless car
  • 88.  Crackers for Hire (cyber mercenaries)  Cyber Espionage  Ransomware / Lockout  Denial of Service  Technology Obsolescence  Fake Employees  Internal Frauds
  • 89.
  • 90. risks – tech / business flight timings sales what phone to buy/gift global events how to do a web checkin gadgets ……. people issues enterprise targets enterprise finance all processes business IT networks org growth systems © freedigitalphotos (royaltyfree, attribution) onboarding /exits background checks compliance liabilities contribute ideas email
  • 91.
  • 92.           Current State Evaluation – People, Process and Technology Gap Analysis as per ISO / ITA Forensics as a Service Incident Response Policy Development aligned to Enterprise and National Strategies Build internal Governance Structures Emergency & Crisis Response Team Awareness Program IS Controls Implementation Training
  • 94. Head Office: FB-05, NSIC Software Technology Park Extn, Okhla Industrial Estate, New Delhi-110020, T: +91-9650894671 F: +91-11-26322980 E: contact@pyramidcyber.com Mumbai Office: 308 Orbitz Premises Chincholi Bunder Road, Malad West Mumbai 400064 T: +91.9769890505 E: dinesh.bareja@pyramidcyber.com www.pyramidcyber.com