Information Security Course for Executives

Post on 14-Jan-2015

810 views 1 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

description

Information Security Latest TrendsConvergence onto Security Platforms: Endpoint, Email security gateway, Web security gateway, and Next-generation firewallVirtualization: Virtualization of security controls will alter the information security landscape.Cloudification: How to enforce an enterprise security policy in the cloud age?Externalization: How to be open, social and encourage secure collaboration with external entities?Consumerization: Increasingly, employees want to use their consumer technology (systems and software) for business use.Operationalization: Need a strategy / R&D and an operational component to security. The strategy / R&D team needs to have time and resources to tackle the new and emerging threats.Application SecurityMethodology Threats, Attacks, Vulnerabilities, and CountermeasuresApplication Threats / AttacksMobile Application SecuritySecurity testing for applicationsSecurity standards and regulationsInformation Risk ManagementUnderstanding your riskMeasuring and quantifying your riskManaging your riskOptimizing expensesPresented by: Security Art Security Art is an information security and risk management consulting and advisory boutique. They use a multi-disciplinary approach with years of hands-on experience giving businesses the strategic path to address all their information security and risk management needs.

Transcript of Information Security Course for Executives

Information Securityfor Executives

Free webinar

Iftach Ian Amit

Agenda• Latest Trends• Application Security• Risk Management

Latest Trends in Information Security

• Convergence• Virtualization• Cloudification• Externalization• Consumerization• Operationalization

Convergence• Endpoint (forget desktops...)• e-mail• Web• “next-gen” firewalls

Virtualization and Cloudification

Externalization• Are you on LinkedIn?• Facebook?• Are your customers?• Partners?• Competitors?

Consumerization

Operationalization

Agenda• Latest Trends• Application Security• Risk Management

Application Security• Methodology• Threats, attacks, exposure surface• Application threats• Mobile• Testing• Regulation/Compliance?

Methodology

“If you have an application with more than a single purpose interface, you are most likely to have a vulnerability in it”

[wise-old-sage]

This is why we have such a high success rate in pen-

tests...

Threats, Attacks and Exposure Surface

• Extreme coverage over the past 10 years• Not a lot of solutions– That you can “buy and forget”

• Back to the human factor–Which is harder to fix...

Application Threats• XSS• CSRF• SQL Injection• Parameter tampering• Session hijacking

Mobile“And now, make everything work on my

iPhone...” [management]

“And now, I have a chance to repeat every mistake again for this new platform”

[development]

Testing• Security never really fit into your QA

schedule didn’t it?

• Can you really think like the bad guys? Do you want to?

Regulation• That’s an easy one:

– Pay to get certified, right?

• It doesn’t really feel that much better now...

–Maybe we should get things fixed for real

– ...and still get certified

Agenda• Latest Trends• Application Security• Risk Management

Risk Management• What is your risk?• Measure, Quantify!• Manage• Optimize expenses

Identifying your Risks• What are the bad guys after?

• Simple...

Measuring Risk

From:“So, we pinpointed the one line of code

that caused this thing to fail...”

To:“This issue will cost us $1500 for every

time someone exploits it”

How to Measure?• Identify your (information) assets• Identify the threats for each asset– And their capability– And the controls that are in place to protect the

vulnerabilities– And their frequency

• Derive a loss event frequency• Estimate the loss magnitude

Managing Risk

Guesswhichone

is it???

Optimize• When done right, this can save you money:

– More focused measures to protect assets at risk

– Less vendor bloat

– Less external services required

– Improved development cycles

Don’t re-invent the wheel…

Use tried and tested methodologies and practices

All rights reserved to Security Art Ltd 2002 - 2009

FAIR (Factor Analysis of Information Risk)

And... we’re done!

Questions ?!

We are always at:• jkeyser@aliadocorp.com• Hosted by: www.aliadocorp.com

http://www.aliado.com/

Top related

Meetings Management For Executives, 4 Week Course
 Business
Data Protection, Privacy and Cyber Security · Cyber Security - Regulations/ Compliance. Sony executives bowed in apology today for a security breach in the company's PlayStation
 Documents
5 Questions Executives Should Be Asking Their Security Teams · 5 Questions Executives Should Be Asking Their Security Teams 5 Dropbox. Google Drive. MediaFire. Egnyte. Your organization
 Documents
Business Executives for National Security Modernizing ... · for National Security Modernizing Military Compensation ... These identify commonly overused ... • Advanced antibiotics
 Documents
Homeland Security Planning for Campus Executives
 Documents
In service Training Course for Specialists, Executives, Technicians … · 2018. 12. 13. · In-service Training Course for Specialists, Executives, Technicians & Planners working
 Documents
Healthcare Information Security: What Healthcare Executives Need ...
 Documents
International Security Management Association. ISMA MISSION ISMA is an international leadership forum for member security executives whose expertise is.
 Documents
Security Officer Course - Home : Department of … Security Officer Course - Handbook - Version 6.5 The Security Officer course Course Aim The Security Officer course has been developed
 Documents
What Executives Need to Know About Web Application Development Security - Redspin Information Security
 Documents
Protective Security Guidance for Executives · Securing Government Business Protective Security Guidance for Executives I. ... (see Section 3) are to comply with the mandatory requirements.
 Documents
Securing Government Business Protective security guidance for executives v2.0.pdf
 Documents
5 Questions Executives Should Be Asking Their Security … · study of 700 consumers about brand reputation ... Microsoft Office 365 economic impact report by ... 5 Questions Executives
 Documents
Exploring Cyber Security Maturity in Asia - LogRhythm Cyber Security Maturity in Asia A study of Enterprise Corporate Executives, IT Executives & IT PractitionersÕ Perceptions towards
 Documents
Cyber Security course for Executives and Entrepreneurs
 Technology
A World of Opportunities.€¦ · Course 2 Economics for Executives Course 1 Leadership & Social Competence weekend off MODULE 1 St.Gallen, Switzerland * Course 6 International Marketing
 Documents
Improving Cyber Security Literacy in Boards & Executives
 Technology
Know Your Role in Security Awareness...Know Your Role in Security Awareness Executives Security Awareness starts at the top. Creating, supporting, and promoting a security-conscious
 Documents
Interview for the post of security Executives in E5-E4 Grade
 Documents
Computer Security For Managers & Executives
 Documents

Copyright © 2022 FDOCUMENTS