SlideShare uma empresa Scribd logo
1 de 28
Awareness Program on Compliance in the Era of Technology Dinesh Bareja <version 1.0>  Public Document 1 
Agenda <version 1.0>  Public Document ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Compliance Today <version 1.0>  Public Document ,[object Object],Much of the increase in cost is due to duplication of regulation and ambiguous or inconsistent rules - Securities Industry Association, 2006 ,[object Object],[object Object],[object Object],[object Object]
Compliance Today <version 1.0>  Public Document ,[object Object],[object Object],[object Object],Compliance must be part of your organization DNA Regulatory Compliance is not just a legal requirement but  a  critical business function .
Business Risks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],<version 1.0>  Public Document ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],What is at Risk
<version 1.0>  Public Document
Technology and Information  Made People Smarter ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],<version 1.0>  Public Document
<version 1.0>  Public Document
Incidents (2000-2007) ,[object Object],[object Object],<version 1.0>  Public Document
Are we safe in 2008? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],<version 1.0>  Public Document
Some Facts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],<version 1.0>  Public Document
Some Insights – drivers for security spend  <version 1.0>  Public Document By 2008, more than 75% of large and midsize companies will purchase new compliance management, monitoring, and automation solutions. By 2009, compliance will grow to 14.2% of IT budget from 12% in 2006. Source: Gartner 2007
<version 1.0>  Public Document
Common Regulatory Reqmts / Standards / Frameworks / Guidelines ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],<version 1.0>  Public Document ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Extracting Compliance ROI ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],<version 1.0>  Public Document
Suggested Safeguards <version 1.0>  Public Document
Suggested Safeguards <version 1.0>  Public Document
<version 1.0>  Public Document
Technology Solution  ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],<version 1.0>  Public Document
Compliance Spotlight : PCI – Data Security Standard <version 1.0>  Public Document
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Compliance Spotlight : PCI-DSS <version 1.0>  Public Document ISO:27001 – A.12.6 Technical Vulnerability Management  ,[object Object],[object Object],[object Object]
Leverage the Technology Solution <version 1.0>  Public Document
Leverage the Technology Solution <version 1.0>  Public Document Results allow the organization to compare findings against known vulnerabilities and prioritize remediation by implementing controls.  Provides a health report on the organization security posture.  All Standards, Regulations, Frameworks  recommend (or require) Network Assessments as an essential practice.  Helps determine whether the controls are in fact preventing the vulnerability from actually endangering the network.  A well-executed penetration test can identify the most critical holes in an organization’s defensive net; including the holes exploited by social engineering.  pen tests are best used as a way to get an extra set of eyes on a network after major system upgrades. Vulnerability Assessment  (VA) Penetration Testing  (PT)
Leverage the Technology Solution <version 1.0>  Public Document Provides a 24 x 7 x 365 watch on network traffic and is available as a Managed Security Service. Traffic is monitored and events (incidents) are correlated against updated industry Common Vulnerability & Exposure (CVE) database.  Reports are available online to client via a web interface which will provide information about the threat(s) and remediation plans.  Continuous Vulnerability Monitoring and Assessment
VA/PT <version 1.0>  Public Document Undertaken by qualified professionals  Methodology includes use of automated tools augmented with manual skills Meet regulatory requirements (PCI-DSS, HIPAA, GLBA, PIPEDA, etc.)  Organizations can realize their true security level  Measure IT security effectiveness  Identify and remediate potential breach points reducing security risk and liability  Benchmark / baseline security posture  Certifications  Certified Vulnerability Assessor (CVA)  (Secure Matrix - DNV) CEH  (EC Council) CISSP  (ISC2) certifications in Forensics, Fraud  (Secure Matrix) Commonly used Tools for VA/PT (commercial / open source) Nessus, GFI Languard (c), Nmap; Metasploit, Canvas (c), etc.
List of Tools (indicative) <version 1.0>  Public Document Vulnerability Assessment Nessus Nessus is  one of the most popular and widely used vulnerability assessment scanner with nearly 14,000 plugins. GFI Languard GFI Languard is a commercial vulnerability assessment scanner with neat reporting capabilities. Netcat Netcat is a network debugging and exploration tool Hping This tool is particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities. This is to map out firewall rulesets.  Nikto A comprehensive webserver scanner Sam Spade Windows network query tool Web Inspect Web Application Scanner Firewalk An Advanced traceroute tool Penetration Testing Metasploit Framework This is a framework to deploy vulnerability exploits and payloads. Securematrix has created a database of nearly 100 exploits in this framework Canvas A Commercial Penetration Testing tool Core Impact A Commercial Penetration Testing tool SAINT A commercial Penetration Testing tool CenZic A Commercial Web application testing tool John the ripper powerful, flexible, and  fast  multi-platform password hash cracker THC Hydra A Fast network authentication cracker which support many different services Dsniff A suite of powerful network auditing and penetration-testing tools Solarwinds Network discovery/monitoring/attack tools
Why VA/PT <version 1.0>  Public Document ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
<version 1.0>  Public Document Thank You

Mais conteúdo relacionado

Mais procurados

An Introduction To Compliance Program
An Introduction To Compliance ProgramAn Introduction To Compliance Program
An Introduction To Compliance Programlinhcuong
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security AssessmentFaheem Ul Hasan
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness trainingAbdalrhmanTHassan
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)April Mardock CISSP
 
Corporate Compliance Overview
Corporate Compliance OverviewCorporate Compliance Overview
Corporate Compliance OverviewSam Carr
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Best practice for anti corruption
Best practice for anti corruptionBest practice for anti corruption
Best practice for anti corruptionEthical Sector
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 

Mais procurados (20)

An Introduction To Compliance Program
An Introduction To Compliance ProgramAn Introduction To Compliance Program
An Introduction To Compliance Program
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation Slides
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management Solution
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security Assessment
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)
 
Corporate Compliance Overview
Corporate Compliance OverviewCorporate Compliance Overview
Corporate Compliance Overview
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
Best practice for anti corruption
Best practice for anti corruptionBest practice for anti corruption
Best practice for anti corruption
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 

Destaque

Indian Thoughts in Information Security
Indian Thoughts in Information SecurityIndian Thoughts in Information Security
Indian Thoughts in Information SecurityDinesh O Bareja
 
Information Security It's All About Compliance
Information Security   It's All About ComplianceInformation Security   It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Bug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentBug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentDinesh O Bareja
 
Business - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of ITBusiness - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of ITDinesh O Bareja
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Dinesh O Bareja
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India ReadyDinesh O Bareja
 
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Dinesh O Bareja
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires SuperhumansDinesh O Bareja
 
Community Disaster Incident Response
Community Disaster  Incident ResponseCommunity Disaster  Incident Response
Community Disaster Incident ResponseDinesh O Bareja
 
ISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introductionISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introductionDinesh O Bareja
 
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaGovernance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaDinesh O Bareja
 
Mind Your Manners On Linked In
Mind Your Manners On Linked InMind Your Manners On Linked In
Mind Your Manners On Linked InDinesh O Bareja
 
Common Sense 101 - so much to learn about CS
Common Sense 101 - so much to learn about CSCommon Sense 101 - so much to learn about CS
Common Sense 101 - so much to learn about CSDinesh O Bareja
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its PreventionDinesh O Bareja
 

Destaque (16)

Indian Thoughts in Information Security
Indian Thoughts in Information SecurityIndian Thoughts in Information Security
Indian Thoughts in Information Security
 
Information Security It's All About Compliance
Information Security   It's All About ComplianceInformation Security   It's All About Compliance
Information Security It's All About Compliance
 
Bug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentBug Bounty Programs : Good for Government
Bug Bounty Programs : Good for Government
 
Business - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of ITBusiness - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of IT
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India Ready
 
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires Superhumans
 
Community Disaster Incident Response
Community Disaster  Incident ResponseCommunity Disaster  Incident Response
Community Disaster Incident Response
 
ISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introductionISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introduction
 
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaGovernance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
 
Mind Your Manners On Linked In
Mind Your Manners On Linked InMind Your Manners On Linked In
Mind Your Manners On Linked In
 
Common Sense 101 - so much to learn about CS
Common Sense 101 - so much to learn about CSCommon Sense 101 - so much to learn about CS
Common Sense 101 - so much to learn about CS
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
 

Semelhante a Compliance Awareness

Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environmentsamiable_indian
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Insight into IT Strategic Challenges
Insight into IT Strategic ChallengesInsight into IT Strategic Challenges
Insight into IT Strategic ChallengesJorge Sebastiao
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Jack Shaffer
 
六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩baoyin
 
Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Turvallisuus2013
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedTiffany Graham
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceSonatype
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2SafeNet
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueRapidValue
 
Annotated Bibliography On Database Security
Annotated Bibliography On Database SecurityAnnotated Bibliography On Database Security
Annotated Bibliography On Database SecurityLisa Diaz
 
What Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorAnton Chuvakin
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxSUBHI7
 
Data Security Policy For Ecommerce Payment Card Applications
Data Security Policy For Ecommerce Payment Card ApplicationsData Security Policy For Ecommerce Payment Card Applications
Data Security Policy For Ecommerce Payment Card ApplicationsMichelle Meienburg
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps.com
 
Achieving Data Privacy in the Enterprise
Achieving Data Privacy in the EnterpriseAchieving Data Privacy in the Enterprise
Achieving Data Privacy in the EnterpriseSafeNet
 

Semelhante a Compliance Awareness (20)

Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
Insight into IT Strategic Challenges
Insight into IT Strategic ChallengesInsight into IT Strategic Challenges
Insight into IT Strategic Challenges
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
Eng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-LatestEng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-Latest
 
Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018
 
六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩
 
Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValue
 
Annotated Bibliography On Database Security
Annotated Bibliography On Database SecurityAnnotated Bibliography On Database Security
Annotated Bibliography On Database Security
 
What Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And Monitor
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docx
 
Information Security
Information SecurityInformation Security
Information Security
 
Data Security Policy For Ecommerce Payment Card Applications
Data Security Policy For Ecommerce Payment Card ApplicationsData Security Policy For Ecommerce Payment Card Applications
Data Security Policy For Ecommerce Payment Card Applications
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated Environments
 
Achieving Data Privacy in the Enterprise
Achieving Data Privacy in the EnterpriseAchieving Data Privacy in the Enterprise
Achieving Data Privacy in the Enterprise
 

Mais de Dinesh O Bareja

WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers Dinesh O Bareja
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
 
Finance and Accounting professionals to bridge the gap with IT
Finance and Accounting professionals to bridge the gap with ITFinance and Accounting professionals to bridge the gap with IT
Finance and Accounting professionals to bridge the gap with ITDinesh O Bareja
 
Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Dinesh O Bareja
 
India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013Dinesh O Bareja
 
OSA - Internet Security in India
OSA - Internet Security in IndiaOSA - Internet Security in India
OSA - Internet Security in IndiaDinesh O Bareja
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 

Mais de Dinesh O Bareja (9)

WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers
 
Cybersecurity 2.0
Cybersecurity 2.0Cybersecurity 2.0
Cybersecurity 2.0
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRC
 
Finance and Accounting professionals to bridge the gap with IT
Finance and Accounting professionals to bridge the gap with ITFinance and Accounting professionals to bridge the gap with IT
Finance and Accounting professionals to bridge the gap with IT
 
Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0
 
India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013
 
OSA - Internet Security in India
OSA - Internet Security in IndiaOSA - Internet Security in India
OSA - Internet Security in India
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness
 

Último

Data skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsData skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsyasinnathani
 
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdfChicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdfSourav Sikder
 
מיסוי רילוקיישן לפורטוגל- היבטי מיסוי ישראלי ופורטוגלי
מיסוי רילוקיישן לפורטוגל- היבטי מיסוי ישראלי ופורטוגלימיסוי רילוקיישן לפורטוגל- היבטי מיסוי ישראלי ופורטוגלי
מיסוי רילוקיישן לפורטוגל- היבטי מיסוי ישראלי ופורטוגליBen Shushan & Co. C.P.A (Isr.)
 
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfAMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfJohnCarloValencia4
 
MoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor PresentationMoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor Presentationbaron83
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003believeminhh
 
Developing Coaching Skills: Mine, Yours, Ours
Developing Coaching Skills: Mine, Yours, OursDeveloping Coaching Skills: Mine, Yours, Ours
Developing Coaching Skills: Mine, Yours, OursKaiNexus
 
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfTalent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfCharles Cotter, PhD
 
Company Profile and SWOT Analysis Product List.pdf
Company Profile and SWOT Analysis Product List.pdfCompany Profile and SWOT Analysis Product List.pdf
Company Profile and SWOT Analysis Product List.pdfRobertPhillips265023
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxWorkforce Group
 
Anyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyAnyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyHanna Klim
 
Fabric RFID Wristbands in Ireland for Events and Festivals
Fabric RFID Wristbands in Ireland for Events and FestivalsFabric RFID Wristbands in Ireland for Events and Festivals
Fabric RFID Wristbands in Ireland for Events and FestivalsWristbands Ireland
 
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for Business
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for BusinessQ2 2024 APCO Geopolitical Radar - The Global Operating Environment for Business
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for BusinessAPCO
 
Building Your Personal Brand on LinkedIn - Expert Planet- 2024
 Building Your Personal Brand on LinkedIn - Expert Planet-  2024 Building Your Personal Brand on LinkedIn - Expert Planet-  2024
Building Your Personal Brand on LinkedIn - Expert Planet- 2024Stephan Koning
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access
 
A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.mcshagufta46
 
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...Khaled Al Awadi
 
7movierulz.uk
7movierulz.uk7movierulz.uk
7movierulz.ukaroemirsr
 

Último (20)

Data skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsData skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story points
 
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdfChicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
 
מיסוי רילוקיישן לפורטוגל- היבטי מיסוי ישראלי ופורטוגלי
מיסוי רילוקיישן לפורטוגל- היבטי מיסוי ישראלי ופורטוגלימיסוי רילוקיישן לפורטוגל- היבטי מיסוי ישראלי ופורטוגלי
מיסוי רילוקיישן לפורטוגל- היבטי מיסוי ישראלי ופורטוגלי
 
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfAMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
 
MoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor PresentationMoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor Presentation
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
 
Developing Coaching Skills: Mine, Yours, Ours
Developing Coaching Skills: Mine, Yours, OursDeveloping Coaching Skills: Mine, Yours, Ours
Developing Coaching Skills: Mine, Yours, Ours
 
Deira Dubai Call Girls +971552825767 Call Girls In Downtown Dubai
Deira Dubai Call Girls +971552825767 Call Girls In Downtown DubaiDeira Dubai Call Girls +971552825767 Call Girls In Downtown Dubai
Deira Dubai Call Girls +971552825767 Call Girls In Downtown Dubai
 
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfTalent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
 
Company Profile and SWOT Analysis Product List.pdf
Company Profile and SWOT Analysis Product List.pdfCompany Profile and SWOT Analysis Product List.pdf
Company Profile and SWOT Analysis Product List.pdf
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
 
Anyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyAnyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agency
 
Fabric RFID Wristbands in Ireland for Events and Festivals
Fabric RFID Wristbands in Ireland for Events and FestivalsFabric RFID Wristbands in Ireland for Events and Festivals
Fabric RFID Wristbands in Ireland for Events and Festivals
 
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for Business
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for BusinessQ2 2024 APCO Geopolitical Radar - The Global Operating Environment for Business
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for Business
 
Building Your Personal Brand on LinkedIn - Expert Planet- 2024
 Building Your Personal Brand on LinkedIn - Expert Planet-  2024 Building Your Personal Brand on LinkedIn - Expert Planet-  2024
Building Your Personal Brand on LinkedIn - Expert Planet- 2024
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024
 
A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.
 
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
 
7movierulz.uk
7movierulz.uk7movierulz.uk
7movierulz.uk
 
AL Satwa Dubai Call Girls +971552825767 Call Girls In AL Karama
AL Satwa Dubai Call Girls +971552825767  Call Girls In AL KaramaAL Satwa Dubai Call Girls +971552825767  Call Girls In AL Karama
AL Satwa Dubai Call Girls +971552825767 Call Girls In AL Karama
 

Compliance Awareness

  • 1. Awareness Program on Compliance in the Era of Technology Dinesh Bareja <version 1.0> Public Document 1 
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. <version 1.0> Public Document
  • 7.
  • 8. <version 1.0> Public Document
  • 9.
  • 10.
  • 11.
  • 12. Some Insights – drivers for security spend <version 1.0> Public Document By 2008, more than 75% of large and midsize companies will purchase new compliance management, monitoring, and automation solutions. By 2009, compliance will grow to 14.2% of IT budget from 12% in 2006. Source: Gartner 2007
  • 13. <version 1.0> Public Document
  • 14.
  • 15.
  • 16. Suggested Safeguards <version 1.0> Public Document
  • 17. Suggested Safeguards <version 1.0> Public Document
  • 18. <version 1.0> Public Document
  • 19.
  • 20. Compliance Spotlight : PCI – Data Security Standard <version 1.0> Public Document
  • 21.
  • 22. Leverage the Technology Solution <version 1.0> Public Document
  • 23. Leverage the Technology Solution <version 1.0> Public Document Results allow the organization to compare findings against known vulnerabilities and prioritize remediation by implementing controls. Provides a health report on the organization security posture. All Standards, Regulations, Frameworks recommend (or require) Network Assessments as an essential practice. Helps determine whether the controls are in fact preventing the vulnerability from actually endangering the network. A well-executed penetration test can identify the most critical holes in an organization’s defensive net; including the holes exploited by social engineering. pen tests are best used as a way to get an extra set of eyes on a network after major system upgrades. Vulnerability Assessment (VA) Penetration Testing (PT)
  • 24. Leverage the Technology Solution <version 1.0> Public Document Provides a 24 x 7 x 365 watch on network traffic and is available as a Managed Security Service. Traffic is monitored and events (incidents) are correlated against updated industry Common Vulnerability & Exposure (CVE) database. Reports are available online to client via a web interface which will provide information about the threat(s) and remediation plans. Continuous Vulnerability Monitoring and Assessment
  • 25. VA/PT <version 1.0> Public Document Undertaken by qualified professionals Methodology includes use of automated tools augmented with manual skills Meet regulatory requirements (PCI-DSS, HIPAA, GLBA, PIPEDA, etc.) Organizations can realize their true security level Measure IT security effectiveness Identify and remediate potential breach points reducing security risk and liability Benchmark / baseline security posture Certifications Certified Vulnerability Assessor (CVA) (Secure Matrix - DNV) CEH (EC Council) CISSP (ISC2) certifications in Forensics, Fraud (Secure Matrix) Commonly used Tools for VA/PT (commercial / open source) Nessus, GFI Languard (c), Nmap; Metasploit, Canvas (c), etc.
  • 26. List of Tools (indicative) <version 1.0> Public Document Vulnerability Assessment Nessus Nessus is one of the most popular and widely used vulnerability assessment scanner with nearly 14,000 plugins. GFI Languard GFI Languard is a commercial vulnerability assessment scanner with neat reporting capabilities. Netcat Netcat is a network debugging and exploration tool Hping This tool is particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities. This is to map out firewall rulesets. Nikto A comprehensive webserver scanner Sam Spade Windows network query tool Web Inspect Web Application Scanner Firewalk An Advanced traceroute tool Penetration Testing Metasploit Framework This is a framework to deploy vulnerability exploits and payloads. Securematrix has created a database of nearly 100 exploits in this framework Canvas A Commercial Penetration Testing tool Core Impact A Commercial Penetration Testing tool SAINT A commercial Penetration Testing tool CenZic A Commercial Web application testing tool John the ripper powerful, flexible, and fast multi-platform password hash cracker THC Hydra A Fast network authentication cracker which support many different services Dsniff A suite of powerful network auditing and penetration-testing tools Solarwinds Network discovery/monitoring/attack tools
  • 27.
  • 28. <version 1.0> Public Document Thank You

Notas do Editor

  1. 10/06/10
  2. 10/06/10
  3. 10/06/10
  4. 10/06/10
  5. 10/06/10
  6. 10/06/10
  7. 10/06/10
  8. 10/06/10
  9. 10/06/10
  10. 10/06/10
  11. 10/06/10
  12. 10/06/10
  13. 10/06/10
  14. 10/06/10
  15. 10/06/10
  16. 10/06/10
  17. 10/06/10
  18. 10/06/10
  19. 10/06/10
  20. 10/06/10
  21. 10/06/10
  22. 10/06/10
  23. 10/06/10
  24. 10/06/10
  25. 10/06/10
  26. 10/06/10
  27. The movie “Shooter” gives a classic example. A US Marine sharpshooter is brought back from retirement to help prevent the assassination of the US President. The President is visiting three cities and they want him to identify the venue where the killer may make the attempt. The hero checks out the three cities, the President’s program, the venues and the surroundings and comes up with his recommendation. Turns out that the guys who had called him back wanted to kill the President and the movie is about how they use his intelligence and then frame him. Of course, eventually, he thinks like them and kills them all. 10/06/10
  28. The movie “Shooter” gives a classic example. A US Marine sharpshooter is brought back from retirement to help prevent the assassination of the US President. The President is visiting three cities and they want him to identify the venue where the killer may make the attempt. The hero checks out the three cities, the President’s program, the venues and the surroundings and comes up with his recommendation. Turns out that the guys who had called him back wanted to kill the President and the movie is about how they use his intelligence and then frame him. Of course, eventually, he thinks like them and kills them all. 10/06/10