3. Omer M. Yassin
LCCSA (Lucideus Certified
Cyber Security Analyst)
Lucideus , India
About Me:
02
B.Sc. Electrical and
electronic engineering
Majored in software and electronics
systems
UofKTeaching assented for
information security course
UofK
Information security specialist
EBS
Fb/oyessin
Omar.m.yassin@outlook.com
Contacts
4. We are currently not planning on conquering the world.
– Sergey Brin
Mission
03
What are we going to talk about ?.
• Secure Software development life cycle (S-SDLC).
• Social media security.
• Information security ethics.
5. Put a relevant subtitle in this line about your businessSecure Software Development life cycle
A Software Development Life Cycle (SDLC) is a framework that
defines the process used by organizations to build an
application from its inception to its decommission
What is SDLC ?
SDLC phases :
• Planning and requirements
• Architecture and design
• Test planning
• Coding
• Testing and results
• Release and maintenance
requirements
Design
CodingTesting
Deployment
6. There SDLC, Why do I need SSDLC ??
This Fire Fighting approach wont work any longer !
• More secure software as security is a continuous concern
• Awareness of security considerations by stakeholders
• Early detection of flaws in the system
• Cost reduction as a result of early detection and resolution of issues
• Overall reduction of intrinsic business risks for the organization
Advantages of pursuing an SSDLC approach
06
7. How does it work?
07
Include security in EVERY THING !!!
9. Will this ever work ?
YES IT WOULD !!
Many SSDLC models have been proposed. Here are a few of them:
•MS Security Development Lifecycle (MS SDL)
•NIST 800-64
•OWASP CLASP (Comprehensive, Lightweight Application Security Process)
•Cigital’s Security Touchpoints
09
10. How Do I Get Started?
Education Code Tools Advise
Nothing Starts perfect … work your way to it
10
11. Do I really need to worry about that ?
I have Nothing its only my PC
Why Would a hacker hack
me really ?
Yes, You Actually Are A Target !
12. You Can easily be one of those
Check :: https://norse-corp.com
13. Why are you a target ?
Automation
No one is excluded
Easy Peasy
Tools free and available
Why not try it
.
13
14. Key recommendations
Uses these and develop your own.
Your self
Use common
sense it’s the
best defense
Updating
Make sure that
your computer
or mobile
device is always
up to date
Passwords
Use Strong
password and
unique for
each account
Credit cards
Check your
financial
statement
more often
Network
Use passwords
to protect your
home/work
network
5 Important Keys
1 2 3 4 5
14
15. How about watching this cool video
Not cute cats something even more fun
It’s time for a break
18. Privacy.
• impacting Your Future
• Attacks Against You
• Accidently Harming Your Employer/university
19. Security
Simple
Protect each of your accounts
with a strong, unique
password and do not share
them with anyone
else.
Login
If you do use privacy settings,
make sure you review and test
them regularly.
Privacy Settings
20. Be suspicious of emails that claim
to come from social media sites.
Malicious Links/Scams: Be cautious
of suspicious links or potential
scams posted on social media
sites.
Email
Social media sites use encryption
called HTTPS to secure your online
connections to the site.
Encryption
21. Most social media sites provide mobile apps to
access your online accounts. Make sure you
download these mobile apps from a trusted site
and that your smartphone is protected with a
strong password
Secure
Mobile Apps
23. We are not all bad , some of us are good
people too.
There is a fine line between the ‘hats’ and the distinction often
becomes blurred. Often a matter of perspective.
24. Code of ethics
• Contribute to society and human well-being
• Avoid harm to others
• Be honest and trustworthy
• Be fair and take action not to discriminate
• Honor property rights including copyrights and patents
• Give proper credit for intellectual property
• Respect the privacy of others
• Honor confidentiality
• Know and respect existing laws pertaining to professional work.
• Improve public understanding of computing and its consequences.
• Access computing and communication resources only when
authorized to do so
26. EBS – Electronic banking services
Get in Touch
Location
Central Bank Of Sudan
Khartoum
+249 183 740 840
+249 183 790 864
info@ebs-sd.com
56
27. You are your own Information security adviser
Thanks for having us
Enjoy your day !
Notes de l'éditeur
What is it that we are going to talk about today.
Well like a wise man once said we aren’t planning on conquring the world right now .;. We will someday but for now we are going to stick to these topics.
Me coming from both a software and security back ground I choose to talk about the secure software development life cycle because of its importan in todays buniss and we are going to ebefre talk about gernal thing we shoud keep in our mind when using social media how to stay secure presove our privcey and finaly will go over some ethic an information security people have or at least know,/…
1- One of the first of its kind, the MS SDL was proposed by Microsoft in association with the phases of a classic SDLC.
2- Provides security considerations within the SDLC. Standards were developed by the National Institute of Standards and Technology to be observed by US federal agencies.
3- Simple to implement and based on the MS SDL. It also maps the security activities to roles in an organization.
4- Proposed by Gary McGraw in Building Security In. These touchpoints, as seen below, present an artifact-centric approach (designed to operate on documents, diagrams, code, etc.) rather than a process-centric approach. This, in turn makes the security analysis SDLC model agnostic.