SlideShare une entreprise Scribd logo

Introduction to Cybersecurity

K
Krutarth Vasavada

Introduction to various areas of Cybersecurity and Information Security. Presented to the engineering graduate students of Atmiya University.

Logiciels
1  sur  23
Télécharger pour lire hors ligne
Cybersecurity Presented to ATMIYA University
Krutarth Vasavada • B.E. (Electronics and Communication), AITS 2002- 06 • M.S. (Computer Engineering), San Jose State University, California, US • Certified Cloud Security Professional, ISC2 • 13+ Years into Software Product Development, Cybersecurity, Information Security Audits, Data Privacy & Compliance • Worked in India, USA, EU (currently) in Automobile, Chemicals, Insurance, Investment Banking, and e-Commerce domains.
Topics Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
What is Cybersecurity? Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use
Why Cybersecurity? CONFIDENTIALITY Unauthorized individuals or entities can not get any information that is not intended for them. INTEGRITY The accuracy and completeness of data must be assured. AVAILABILITY It must be ensured that vital information is available whenever needed.
Areas of Cybersecurity Cloud Computing Concepts and Architecture Legal Issues, Contracts and Electronic Discovery Governance and Enterprise Risk Management Compliance and Audit Management Infrastructure Security Application Security Data Security and Encryption
Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
Brief History of Cybersecurity Attacks Do you remember “million-dollar lottery” emails? Have you received one? This is called phishing email. It is a training topic in itself.
How are we dealing with challenges? To be honest, pretty badly! Here’s the list of data breaches occurred during the year 2020 so far.
Commonly Known Cybersecurity Attacks Denial-of-service (DoS) and distributed denial- of-service (DDoS) Man-in-the-middle (MitM) Phishing Drive-by attack Identity Theft SQL Injection Cross-site scripting (XSS) Eavesdropping Malware/Ransomware
Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
Cybersecurity Drivers for Organizations Continuous Improvement (e.g., ISMS, Security Roadmap, Training & Awareness, Logging & Monitoring) Compliance (e.g., ISO 27001, GDPR, Local Legislation) Audits (e.g., Technical Platform Audit, Penetration Testing, Customer Due Diligence) Contractual Obligations (e.g., Two-factor authentication, HSM for Key Management)
Challenges for Corporations – Global and Local Internal External Fraud Data Breach Unintended information exposure Loss of reputation Asset theft Loss of business/revenue Internal information leak Penalty/Government fine Today, companies face wide range of challenges in the Cyberseucirty domain which can have internal or external causes and implications.
Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
Cybersecurity in Software Development
Cybersecurity and DevSecOps Purpose & Intent "everyone is responsible for cybersecurity" → everyone thinks about cybersecurity, all the time. How to Achieve? People Technology Processes By promoting security throughout the SDLC. Training and awareness provided to development teams Agile doesn’t mean absence of process Codifying security requirements and checklists which allow built-in security type of development Automation and configuration management CI/CD Secure coding practices “Security as Code” Application level auditing (SAST, DAST)
Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
Information Security from Product and Infrastructure Perspective Application Database Customer Controls Data Center Operations, Policies & Compliance Role-based access Logical Separation Between Customers Single sign-on Geographical Preference (US/EU/Asia) ISO 27001 Certified Information Security Management Audit logs AWS Hosting Audit Logs Offsite Backups GDPR Compliant DPA 24x7 Monitoring Daily Backups User Management / Per-Role Authentication Highest Level of Physical Security Regular Penetration Testing Secure Browser Connections Data Encryption (In Transit and At Rest) Task Level Permission More than 85 Global Certifications/Attestations Third-Party Audits Two-Factor Authentication No Direct Access to All Employees Ability to Export Data Certified Disaster Recovery Practices CSA-STAR Participation Secure Architecture Segregation of Duty Configurable Password/IT Policy Continuous Capacity Monitoring Competent In-House Development Team
Personal Data Processing – New Era • Architecture Supporting Secure-by-design / Privacy-by-design Principles • The new architecture will be built based on the following considerations – • “Forget me” requests • Restrict processing • Export data • Keeping data no longer than necessary • Access control • Audit logs • Local legislations • Further Reading https://gdpr-info.eu/art-25-gdpr/
Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
Cybersecurity – Skills Matrix and Career Options INFRASTRUCTURE COMPLIANCE TECHNOLOGY PRODUCT LEADERSHIP SPECIALIZED AREAS Next Generation Firewall Configuration Authentication Infrastructure Hardware Encryption AWS CI/CD ISO 27001 ISO 27018 SOC2 NIST C5 (German Market) Internal/External Audits Security Testing RESTful API OWASP Project Automated Incident Handling Threat Modeling Security Features Product Roadmap Customer Liaison Vendor Management Budget Input/Cost Estimation Risk Analysis Security Awareness Training Ethical Hacking Cryptography Masking/Tokenization Encryption Keys Management
Reference Reading OWASP Project - https://owasp.org/ NIST Cybersecurity Framework - https://www.nist.gov/cyberframework ISO 27001 - https://www.iso.org/isoiec- 27001-information-security.html Web Security Academy - https://portswigger.net/web-security
Questions? Thank you!

Recommandé

Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 

Recommandé

Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
OWASP Delhi
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
Edureka!
 
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Amazon Web Services
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 

Contenu connexe

Tendances

Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
Edureka!
 

Tendances (20)

Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
 

Similaire à Introduction to Cybersecurity

Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Amazon Web Services
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Ulf Mattsson
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
Interop
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
Patty Buckley
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_Package
Randy B.
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
Jim Kaplan CIA CFE
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
sucesuminas
 

Similaire à Introduction to Cybersecurity (20)

Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
 
Security Review of Software (Asset Management)
Security Review of Software (Asset Management)Security Review of Software (Asset Management)
Security Review of Software (Asset Management)
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_Package
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Information security[277]
Information security[277]Information security[277]
Information security[277]
 
Build a Cyber Resilient Network with Symantec
Build a Cyber Resilient Network with SymantecBuild a Cyber Resilient Network with Symantec
Build a Cyber Resilient Network with Symantec
 
WITDOM Credit Risk Scoring use case at ISSE 2017
WITDOM Credit Risk Scoring use case at ISSE 2017WITDOM Credit Risk Scoring use case at ISSE 2017
WITDOM Credit Risk Scoring use case at ISSE 2017
 
Secure the modern Enterprise
Secure the modern EnterpriseSecure the modern Enterprise
Secure the modern Enterprise
 
CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2
 

Dernier

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
masabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 

Dernier (20)

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 

Introduction to Cybersecurity

  • 2. Krutarth Vasavada • B.E. (Electronics and Communication), AITS 2002- 06 • M.S. (Computer Engineering), San Jose State University, California, US • Certified Cloud Security Professional, ISC2 • 13+ Years into Software Product Development, Cybersecurity, Information Security Audits, Data Privacy & Compliance • Worked in India, USA, EU (currently) in Automobile, Chemicals, Insurance, Investment Banking, and e-Commerce domains.
  • 3. Topics Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
  • 4. What is Cybersecurity? Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use
  • 5. Why Cybersecurity? CONFIDENTIALITY Unauthorized individuals or entities can not get any information that is not intended for them. INTEGRITY The accuracy and completeness of data must be assured. AVAILABILITY It must be ensured that vital information is available whenever needed.
  • 6. Areas of Cybersecurity Cloud Computing Concepts and Architecture Legal Issues, Contracts and Electronic Discovery Governance and Enterprise Risk Management Compliance and Audit Management Infrastructure Security Application Security Data Security and Encryption
  • 7. Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
  • 8. Brief History of Cybersecurity Attacks Do you remember “million-dollar lottery” emails? Have you received one? This is called phishing email. It is a training topic in itself.
  • 9. How are we dealing with challenges? To be honest, pretty badly! Here’s the list of data breaches occurred during the year 2020 so far.
  • 10. Commonly Known Cybersecurity Attacks Denial-of-service (DoS) and distributed denial- of-service (DDoS) Man-in-the-middle (MitM) Phishing Drive-by attack Identity Theft SQL Injection Cross-site scripting (XSS) Eavesdropping Malware/Ransomware
  • 11. Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
  • 12. Cybersecurity Drivers for Organizations Continuous Improvement (e.g., ISMS, Security Roadmap, Training & Awareness, Logging & Monitoring) Compliance (e.g., ISO 27001, GDPR, Local Legislation) Audits (e.g., Technical Platform Audit, Penetration Testing, Customer Due Diligence) Contractual Obligations (e.g., Two-factor authentication, HSM for Key Management)
  • 13. Challenges for Corporations – Global and Local Internal External Fraud Data Breach Unintended information exposure Loss of reputation Asset theft Loss of business/revenue Internal information leak Penalty/Government fine Today, companies face wide range of challenges in the Cyberseucirty domain which can have internal or external causes and implications.
  • 14. Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
  • 16. Cybersecurity and DevSecOps Purpose & Intent "everyone is responsible for cybersecurity" → everyone thinks about cybersecurity, all the time. How to Achieve? People Technology Processes By promoting security throughout the SDLC. Training and awareness provided to development teams Agile doesn’t mean absence of process Codifying security requirements and checklists which allow built-in security type of development Automation and configuration management CI/CD Secure coding practices “Security as Code” Application level auditing (SAST, DAST)
  • 17. Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
  • 18. Information Security from Product and Infrastructure Perspective Application Database Customer Controls Data Center Operations, Policies & Compliance Role-based access Logical Separation Between Customers Single sign-on Geographical Preference (US/EU/Asia) ISO 27001 Certified Information Security Management Audit logs AWS Hosting Audit Logs Offsite Backups GDPR Compliant DPA 24x7 Monitoring Daily Backups User Management / Per-Role Authentication Highest Level of Physical Security Regular Penetration Testing Secure Browser Connections Data Encryption (In Transit and At Rest) Task Level Permission More than 85 Global Certifications/Attestations Third-Party Audits Two-Factor Authentication No Direct Access to All Employees Ability to Export Data Certified Disaster Recovery Practices CSA-STAR Participation Secure Architecture Segregation of Duty Configurable Password/IT Policy Continuous Capacity Monitoring Competent In-House Development Team
  • 19. Personal Data Processing – New Era • Architecture Supporting Secure-by-design / Privacy-by-design Principles • The new architecture will be built based on the following considerations – • “Forget me” requests • Restrict processing • Export data • Keeping data no longer than necessary • Access control • Audit logs • Local legislations • Further Reading https://gdpr-info.eu/art-25-gdpr/
  • 20. Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
  • 21. Cybersecurity – Skills Matrix and Career Options INFRASTRUCTURE COMPLIANCE TECHNOLOGY PRODUCT LEADERSHIP SPECIALIZED AREAS Next Generation Firewall Configuration Authentication Infrastructure Hardware Encryption AWS CI/CD ISO 27001 ISO 27018 SOC2 NIST C5 (German Market) Internal/External Audits Security Testing RESTful API OWASP Project Automated Incident Handling Threat Modeling Security Features Product Roadmap Customer Liaison Vendor Management Budget Input/Cost Estimation Risk Analysis Security Awareness Training Ethical Hacking Cryptography Masking/Tokenization Encryption Keys Management
  • 22. Reference Reading OWASP Project - https://owasp.org/ NIST Cybersecurity Framework - https://www.nist.gov/cyberframework ISO 27001 - https://www.iso.org/isoiec- 27001-information-security.html Web Security Academy - https://portswigger.net/web-security