SlideShare a Scribd company logo

Improve Cybersecurity posture by using ISO/IEC 27032

PECB
PECB

Cybersecurity is a universal concern across today’s enterprise and the need for strategic approach is required for appropriate mitigation. Adopting ISO 27032 will help to: • Understanding the nature of Cyberspace and Cybersecurity • Explore Cybersecurity Ecosystem – Roles & Responsibilities • Achieve Cyber Resilience through implementing defensive and detective cybersecurity controls Presenter: Obadare Peter Adewale is a first generation and visionary cyberpreneur. He is a PECB certified Trainer, Fellow Chartered Information Technology Professional, the First Licensed Penetration Tester in Nigeria, second COBIT 5 Assessor in Africa and PCI DSS QSA. He is also an alumnus of Harvard Business School and MIT Sloan School of Management Executive Education. Link of the recorded session published on YouTube: https://youtu.be/NX5RMGOcyBM

Education
1 of 37
Adewale Obadare Cybersecurity Expert Adewale Obadare is a Fellow Chartered Information Technology Professional (UK), Fellow Institute of Brand Management of Nigeria, the First Licensed Penetration Tester in Nigeria , 2nd COBIT 5 Certified Assessor in Africa and a PCI DSS Qualified Security Assessor (QSA). Contact Information +234 802 331 6951 wale@digitalencode.net www.digitalencode.net ng.linkedin.com/in/obadarepeteradewale
• Introduction • Understanding The Nature of Cyberspace and Cyber security • Explore Cyber security Ecosystem – Roles and Responsibilities • Achieve Cyber Resilience through implementing Defensive, Resilience and Detective Cyber security Controls from ISO/IEC 27032 Agenda
Starting Thought I will like to start with the world of the famous chinese warrior – SUN TZU “It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.”
INTRODUCTION: ISO/IEC 27032 STANDARD “STANDARDS ARE GENERALLY REQUIRED WHEN EXCESSIVE DIVERSITY CREATES INEFFICIENCIES OR IMPEDES EFFECTIVENESS.” -----Edward W Hammond and James J. Cimino
6.Overview 7. Stakeholders in the Cyberspace 8. Assets in the cyberspace 9. Threats against the security in the cyberspace 10. Roles of Stakeholders in Cyber security 11. Guidelines for Stakeholders 12. Cyber security Controls 13. Framework of Information sharing and coordination The main sections are: ISO/IEC 27032 Structure and Content
ISO 27001 – Applicable to both Information on Non-Digital and Digital media/Assets - Auditable ISO 27032 – Applicable to protection of Information on Digital Media/assets - Not Auditable ISO 27001 VS 27032
A Look at Recent Cyber Incidents
December 2013
Anatomy of Target Breach Source: http://securityintelligence.com/target-breach-protect-against-similar-attacks-retailers/#.U9-17GP5dJu
Target Data Breach Numbers • 40 million credit cards + 70 million customer records stolen • $54 million: income to cyber criminals • $400 million: cost of replacing credit cards • $150 million: Target initial response cost • $1 billion: estimated ultimate cost to Target • 140: number of active lawsuits against Target • 2: Number of C-suite executives at Target who were fired • 7: Number of Directors targeted by Institutional Shareholder Services for ouster, claiming failed duties to shareholders
Reputation Damage
http://www.threatgeek.com/2014/03/threattoons-new-normal.html
June 4, 2015
March 2016
March 28, 2016
June 14, 2016
2016 Global Risks For which global risks is your region least prepared?
Cyber & Technology Ranking of Threat Categories Over the Years
Business Continuity Institute – February 2016 This year’s top dozen threats to business continuity are: 1. Cyber attack 2. Data breach 3. Unplanned IT and telecom outages 4. Act of terrorism 5. Security Incidents 6. Interruption to Utility Supply 7. Supply Chain Disruption 8. Adverse weather 9. Availability of Talents & Key Skills 10. Health & Safety incident 11. Fire 12. Transport Network Disruption
“The cyberspace can be described as a virtual environment, which does not exist in any physical form, but rather, a complex environment or space resulting from the emergences of the Internet, plus the people, organizations, and activities on all sorts of technology devices and networks that are connected to it” (ISO 27032) Definition - Cyberspace:
Cyberspace security or Cybersecurity is about the security of this virtual world” “Cybersecurity relates to actions that stakeholders should be taking to establish and maintain security in the Cyberspace” (ISO 27032) Definition - Cybersecurity:
Hacking Identity Theft Phishing/Smishing DDOS Virus/Malmare Cyber Stalking Spoofing Spam Cyber Bullying Types of Cyber Attacks:
Online Cyber Criminal Categories Overlap Hackers Sophisticated Phishers SophisticatedNot
– – – – – – assets Digital Asset Components ISO/IEC 27032
– – – – – – assets Each component has its own security requirements ♣ Software Applications, operating systems, utilities Exploitation of programming errors accounts for a substantial portion of information attacks Easy target for accidental or intentional attacks ♣ Hardware Physical components of IS Physical security deals with protection of physical from theft, vandalism, destruction Issue: security for laptop and notebook computers Digital Asset Components
♣ Data – Often the most valuable asset possessed by an organization main target of deliberate attacks and – Proper development and use of database management systems increases data security ♣ People – Can be the weakest link (greatest threat) to security in an organization Policy, education and training, awareness and technology are all used to prevent people from accidentally or intentially damaging or losing information Social engineering can be used to manipulate the actions of people to obtain access information about a system – – Digital Asset Components (Contd)
Architecture Design Implementation Operation Any digital asset can be digitally invaded if there is an issue with any of the following factors: “ADIO” Any System Can Be Digitally Invaded:
ISO/IEC 27032 Clause 12.2 – Application Level Control 1. Display of short notices, which provide clear, concise one-page summaries (using simple language of the company’s essentials policies. 2. Secure handling of session for web applications. 3. Secure Input validation and handling to prevent common attacks such as SQL-Injection. 4. Secure web pages scripting to prevent common attacks such as cross-site scripting.. 5. Code security review and testing by appropriately skilled entities. 6. Service Authentication – by the use of sub domains by providers and possibly the use of HTTPS credentials registered to the organisation Defense In-Depth Using ISO/IEC 27032
ISO/IEC 27032 Clause 12.3 – Server Protection 1. Configure servers, including underlying operating systems in accordance to a baseline security configuration guide. 2. Implement a system to test and 3. Implement a system to test and deploy security updates, and ensure the server operating system and application are kept up-to- date promptly when new security updates are available. 4. Monitor the security performance of the server through regular reviews of the audit trails. 5. Review the security configuration. 6. Run licensed anti-malicious software controls (such as anti- spyware and anti-virus) on the server. 7. Have a good vulnerability management system in place for all online applications. Defense In-Depth Using ISO/IEC 27032
ISO/IEC 27032 Clause 12.4 – End- user controls 1. Use of supported operating systems, with the most updated security patches installed. 2. Use of latest supported software applications, with most patches installed. 3. Use anti-virus and anti-spyware tools – can make use of security tools as a service from service provider 4. Enable script blockers, phishing filters and other available web browser security features. 5. Enable a personal firewall and HIPS 6. Enable automated updates notifications Defense In-Depth Using ISO/IEC 27032
ISO/IEC 27032 Clause 12.5 – Controls against social engineering 1. Put in place appropriate policies 2. Categorisation and classification of information 3. Awareness and Training 4. Cyber security Awareness Test Defense In-Depth Using ISO/IEC 27032
the ♣ Security as Art – No hard and fast rules or universally accepted solutions – Requires knowledge and experience of systems and goals to build the solution that best fits the organization's needs ♣ Security as Science – Defensive, Resilience &Detection Strategies – Technology is a major component of information security solutions – Requires knowledge of technologies, and use of accepted standards and practices ♣ Security as Social Science – People are a critical component in the organization and in security of the organization – Security must consider and address human factors Cyber Security: Art and Science
Conclusion CYBER SECURITY IS everyone’s responsibility and it a Journey NOT a Destination
Conclusion
IT Security Training Courses  ISO/IEC 27032 Lead Cybersecurity Manager 5 Day Course  ISO/IEC 27034 Application Security Foundation 2 Days Course  ISO/IEC 27034 Application Security Lead Implementer 5 Days Course  ISO/IEC 27034 Application Security Lead Auditor 5 Days Course Exam and certification fees are included in the training price. https://www.pecb.com/it-security| www.pecb.com/events
THANK YOU ? +234 802 331 6951 wale@digitalencode.net www.digitalencode.net ng.linkedin.com/in/obadarepeteradewale

Recommended

Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityTharindunuwan9
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 

Recommended

Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityTharindunuwan9
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk AssessmentSmart Assessment
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Maganathin Veeraragaloo
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
ISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxforam74
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesGreenway Health
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons Computer Learning Centers / 5PE
 

More Related Content

What's hot

ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Maganathin Veeraragaloo
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
ISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxforam74
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesGreenway Health
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 

What's hot (20)

ISO 27001
ISO 27001ISO 27001
ISO 27001
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdf
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
ISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptx
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 

Similar to Improve Cybersecurity posture by using ISO/IEC 27032

Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Outpost24
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeNational Retail Federation
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challengescyberprosocial
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimemuhammad awais
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
Network Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptNetwork Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptAkfeteAssefa
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxInfosectrain3
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 

Similar to Improve Cybersecurity posture by using ISO/IEC 27032 (20)

Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk Imperative
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challenges
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crime
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
ITrust Cybersecurity Services - Datasheet EN
ITrust Cybersecurity Services - Datasheet ENITrust Cybersecurity Services - Datasheet EN
ITrust Cybersecurity Services - Datasheet EN
 
Network Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptNetwork Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.ppt
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptx
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
ENSA_Module_3.pptx
ENSA_Module_3.pptxENSA_Module_3.pptx
ENSA_Module_3.pptx
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 

More from PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 

More from PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 

Recently uploaded

Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterMateoGardella
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfSanaAli374401
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 

Recently uploaded (20)

Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 

Improve Cybersecurity posture by using ISO/IEC 27032

  • 1.
  • 2. Adewale Obadare Cybersecurity Expert Adewale Obadare is a Fellow Chartered Information Technology Professional (UK), Fellow Institute of Brand Management of Nigeria, the First Licensed Penetration Tester in Nigeria , 2nd COBIT 5 Certified Assessor in Africa and a PCI DSS Qualified Security Assessor (QSA). Contact Information +234 802 331 6951 wale@digitalencode.net www.digitalencode.net ng.linkedin.com/in/obadarepeteradewale
  • 3. • Introduction • Understanding The Nature of Cyberspace and Cyber security • Explore Cyber security Ecosystem – Roles and Responsibilities • Achieve Cyber Resilience through implementing Defensive, Resilience and Detective Cyber security Controls from ISO/IEC 27032 Agenda
  • 4. Starting Thought I will like to start with the world of the famous chinese warrior – SUN TZU “It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.”
  • 5. INTRODUCTION: ISO/IEC 27032 STANDARD “STANDARDS ARE GENERALLY REQUIRED WHEN EXCESSIVE DIVERSITY CREATES INEFFICIENCIES OR IMPEDES EFFECTIVENESS.” -----Edward W Hammond and James J. Cimino
  • 6. 6.Overview 7. Stakeholders in the Cyberspace 8. Assets in the cyberspace 9. Threats against the security in the cyberspace 10. Roles of Stakeholders in Cyber security 11. Guidelines for Stakeholders 12. Cyber security Controls 13. Framework of Information sharing and coordination The main sections are: ISO/IEC 27032 Structure and Content
  • 7. ISO 27001 – Applicable to both Information on Non-Digital and Digital media/Assets - Auditable ISO 27032 – Applicable to protection of Information on Digital Media/assets - Not Auditable ISO 27001 VS 27032
  • 8. A Look at Recent Cyber Incidents
  • 10. Anatomy of Target Breach Source: http://securityintelligence.com/target-breach-protect-against-similar-attacks-retailers/#.U9-17GP5dJu
  • 11. Target Data Breach Numbers • 40 million credit cards + 70 million customer records stolen • $54 million: income to cyber criminals • $400 million: cost of replacing credit cards • $150 million: Target initial response cost • $1 billion: estimated ultimate cost to Target • 140: number of active lawsuits against Target • 2: Number of C-suite executives at Target who were fired • 7: Number of Directors targeted by Institutional Shareholder Services for ouster, claiming failed duties to shareholders
  • 18. 2016 Global Risks For which global risks is your region least prepared?
  • 19. Cyber & Technology Ranking of Threat Categories Over the Years
  • 20. Business Continuity Institute – February 2016 This year’s top dozen threats to business continuity are: 1. Cyber attack 2. Data breach 3. Unplanned IT and telecom outages 4. Act of terrorism 5. Security Incidents 6. Interruption to Utility Supply 7. Supply Chain Disruption 8. Adverse weather 9. Availability of Talents & Key Skills 10. Health & Safety incident 11. Fire 12. Transport Network Disruption
  • 21. “The cyberspace can be described as a virtual environment, which does not exist in any physical form, but rather, a complex environment or space resulting from the emergences of the Internet, plus the people, organizations, and activities on all sorts of technology devices and networks that are connected to it” (ISO 27032) Definition - Cyberspace:
  • 22. Cyberspace security or Cybersecurity is about the security of this virtual world” “Cybersecurity relates to actions that stakeholders should be taking to establish and maintain security in the Cyberspace” (ISO 27032) Definition - Cybersecurity:
  • 23. Hacking Identity Theft Phishing/Smishing DDOS Virus/Malmare Cyber Stalking Spoofing Spam Cyber Bullying Types of Cyber Attacks:
  • 24. Online Cyber Criminal Categories Overlap Hackers Sophisticated Phishers SophisticatedNot
  • 26. – – – – – – assets Each component has its own security requirements ♣ Software Applications, operating systems, utilities Exploitation of programming errors accounts for a substantial portion of information attacks Easy target for accidental or intentional attacks ♣ Hardware Physical components of IS Physical security deals with protection of physical from theft, vandalism, destruction Issue: security for laptop and notebook computers Digital Asset Components
  • 27. ♣ Data – Often the most valuable asset possessed by an organization main target of deliberate attacks and – Proper development and use of database management systems increases data security ♣ People – Can be the weakest link (greatest threat) to security in an organization Policy, education and training, awareness and technology are all used to prevent people from accidentally or intentially damaging or losing information Social engineering can be used to manipulate the actions of people to obtain access information about a system – – Digital Asset Components (Contd)
  • 28. Architecture Design Implementation Operation Any digital asset can be digitally invaded if there is an issue with any of the following factors: “ADIO” Any System Can Be Digitally Invaded:
  • 29. ISO/IEC 27032 Clause 12.2 – Application Level Control 1. Display of short notices, which provide clear, concise one-page summaries (using simple language of the company’s essentials policies. 2. Secure handling of session for web applications. 3. Secure Input validation and handling to prevent common attacks such as SQL-Injection. 4. Secure web pages scripting to prevent common attacks such as cross-site scripting.. 5. Code security review and testing by appropriately skilled entities. 6. Service Authentication – by the use of sub domains by providers and possibly the use of HTTPS credentials registered to the organisation Defense In-Depth Using ISO/IEC 27032
  • 30. ISO/IEC 27032 Clause 12.3 – Server Protection 1. Configure servers, including underlying operating systems in accordance to a baseline security configuration guide. 2. Implement a system to test and 3. Implement a system to test and deploy security updates, and ensure the server operating system and application are kept up-to- date promptly when new security updates are available. 4. Monitor the security performance of the server through regular reviews of the audit trails. 5. Review the security configuration. 6. Run licensed anti-malicious software controls (such as anti- spyware and anti-virus) on the server. 7. Have a good vulnerability management system in place for all online applications. Defense In-Depth Using ISO/IEC 27032
  • 31. ISO/IEC 27032 Clause 12.4 – End- user controls 1. Use of supported operating systems, with the most updated security patches installed. 2. Use of latest supported software applications, with most patches installed. 3. Use anti-virus and anti-spyware tools – can make use of security tools as a service from service provider 4. Enable script blockers, phishing filters and other available web browser security features. 5. Enable a personal firewall and HIPS 6. Enable automated updates notifications Defense In-Depth Using ISO/IEC 27032
  • 32. ISO/IEC 27032 Clause 12.5 – Controls against social engineering 1. Put in place appropriate policies 2. Categorisation and classification of information 3. Awareness and Training 4. Cyber security Awareness Test Defense In-Depth Using ISO/IEC 27032
  • 33. the ♣ Security as Art – No hard and fast rules or universally accepted solutions – Requires knowledge and experience of systems and goals to build the solution that best fits the organization's needs ♣ Security as Science – Defensive, Resilience &Detection Strategies – Technology is a major component of information security solutions – Requires knowledge of technologies, and use of accepted standards and practices ♣ Security as Social Science – People are a critical component in the organization and in security of the organization – Security must consider and address human factors Cyber Security: Art and Science
  • 34. Conclusion CYBER SECURITY IS everyone’s responsibility and it a Journey NOT a Destination
  • 36. IT Security Training Courses  ISO/IEC 27032 Lead Cybersecurity Manager 5 Day Course  ISO/IEC 27034 Application Security Foundation 2 Days Course  ISO/IEC 27034 Application Security Lead Implementer 5 Days Course  ISO/IEC 27034 Application Security Lead Auditor 5 Days Course Exam and certification fees are included in the training price. https://www.pecb.com/it-security| www.pecb.com/events
  • 37. THANK YOU ? +234 802 331 6951 wale@digitalencode.net www.digitalencode.net ng.linkedin.com/in/obadarepeteradewale