SlideShare a Scribd company logo

IT Security Guest Lecture

M
Murthinty

Presentation given at Magnus School of Business, Visakhapatnam, India in November 2009

Technology
1 of 13
Download to read offline
Internal I.T. Security Security within an organization’s network
Contents 4/5/2010 Soumitri 2
Overview • Brief introduction to what this niche segment is all about • IT Security comprises: o People, Processes & Technologies o Network, Application, Database, Endpoint, Messaging o Policy definition, Policy enforcement, Monitoring & Reporting 4/5/2010 Soumitri 3
Industry Perspective - People • Identity and Access Management – Identity Management • Enterprise Employee Directory – Access Management • Single Sign On, Web Sign On, Tokens, Smart Cards, etc – Privilege Management • Layered solutions, Segregation of Duties – Audit & Reporting – Education & Training 4/5/2010 Soumitri 4
Industry Perspective - Process • Risk Management – Risk Modeling Tools • Policy Design & Development – Templates, External Consultants, etc • Business Continuity & Disaster Recovery – Multiple Geographic Storage Sites • Incident & Threat Management – Incident Response Platforms 4/5/2010 Soumitri 5
Industry Perspective - Process (2) • Information Asset Management – Inventory of Assets (includes People) • Systems Development – Architecture – Modeling Tools – Coding Standards • Operations Management – Monitoring Tools 4/5/2010 Soumitri 6
Industry Perspective - Technology • Network – Perimeter security: Firewalls, WLAN, VPN, NIDPS • Application – Coding standards: Static Analysis Tools, Monitoring • Database – Privilege Management: Encryption, Monitoring • Endpoint – Desktops & Servers: Anti-Virus, DLP Suites, Encryption • Messaging – Anti-Spam/Virus/Malware, Encryption • Data – Disk & File encryption, Monitoring & Management, DRM 4/5/2010 Soumitri 7
What is DLP? • Data Leak Protection: “Systems that identify, monitor, and protect data in use, data in motion, and data at rest through deep content inspection, contextual security analysis of transaction and with a centralized management framework” • Data at Rest – Endpoint actions • Data in Motion – Network actions • Data in Use – Data storage • Systems are designed to detect and prevent the unauthorized use and transmission of confidential information 4/5/2010 Soumitri 8
DLP Process 1) Define Confidential Policy 2) Discover Exposed Data 3) Enforce Policy 4) Feedback & Corrective Mechanism 5) Report Generation and Management 4/5/2010 Soumitri 9
Usage & Benefits • Demonstrates Regulatory Compliance – HIPAA, GLBA, PCI, BASEL II, SOX • Helps prevent Identity Theft • Seamless integration in PMO • Protects Brand & Reputation 4/5/2010 Soumitri 10
Conclusion • Internal IT Security is an evolving technology • It is a niche area requiring domain & technical expertise • Compliance: PCI, SOX, BASEL II, GLBA – At least one compliance knowledge is needed • Certifications: SSCP, CISSP • More Info: International Information Systems Security Certification Consortium website 4/5/2010 Soumitri 11
Conclusion (2) • Career Path: External Security Consultants, IT Security Officer, CISO • Management & Communication skills are required • Firm Knowledge of: – Organization’s strategic objectives – Management issues – Impact of Security policies on Business functions – Comprehensive Technical Info – Future Trends 4/5/2010 Soumitri 12
Thank You & Best Wishes 4/5/2010 Soumitri 13

Recommended

Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016
Tomppa Järvinen
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilities
Peter Henley
 
Data security
Data securityData security
Data security
Muhammad Yasir
 
Tax Preparers Presentation
Tax Preparers PresentationTax Preparers Presentation
Tax Preparers Presentation
Doug Landoll
 
VISULOX-Summary-SN
VISULOX-Summary-SNVISULOX-Summary-SN
VISULOX-Summary-SN
Tillmann A. Basien
 
Unit 3
Unit 3Unit 3
Unit 3
abhishek srivastav
 
OTechs Information Security Training Course
OTechs Information Security Training CourseOTechs Information Security Training Course
OTechs Information Security Training Course
Osman Suliman
 
Ofer Cohen - areas of expertise
Ofer Cohen - areas of expertiseOfer Cohen - areas of expertise
Ofer Cohen - areas of expertise
Ofer JRL Cohen
 

Recommended

Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016
Tomppa Järvinen
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilities
Peter Henley
 
Data security
Data securityData security
Data security
Muhammad Yasir
 
Tax Preparers Presentation
Tax Preparers PresentationTax Preparers Presentation
Tax Preparers Presentation
Doug Landoll
 
VISULOX-Summary-SN
VISULOX-Summary-SNVISULOX-Summary-SN
VISULOX-Summary-SN
Tillmann A. Basien
 
Unit 3
Unit 3Unit 3
Unit 3
abhishek srivastav
 
OTechs Information Security Training Course
OTechs Information Security Training CourseOTechs Information Security Training Course
OTechs Information Security Training Course
Osman Suliman
 
Ofer Cohen - areas of expertise
Ofer Cohen - areas of expertiseOfer Cohen - areas of expertise
Ofer Cohen - areas of expertise
Ofer JRL Cohen
 
Brian m cv
Brian m cvBrian m cv
Brian m cv
Amir Shahzad Afridi
 
Tips memulai karir di cybersecurity
Tips memulai karir di cybersecurityTips memulai karir di cybersecurity
Tips memulai karir di cybersecurity
PT Datacomm Diangraha
 
Data security strategies and drivers
Data security strategies and driversData security strategies and drivers
Data security strategies and drivers
Freeform Dynamics
 
JM_Resume
JM_ResumeJM_Resume
JM_Resume
John Morris
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge Pereira
 
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
rmcsoft
 
Introduction to Security (Hardware, Software, Data & Policies)
Introduction to Security (Hardware, Software, Data & Policies)Introduction to Security (Hardware, Software, Data & Policies)
Introduction to Security (Hardware, Software, Data & Policies)
Amr Salah
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtection
Gianmarco Ferri
 
Security In Web Conferencing
Security In Web ConferencingSecurity In Web Conferencing
Security In Web Conferencing
pchen
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
nazar60
 
Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint
Fasoo
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
sushmach10
 
NRF Presentation v2
NRF Presentation v2NRF Presentation v2
NRF Presentation v2
Pete Pouridis
 
Cyber security
Cyber securityCyber security
Cyber security
Perfect Training Center
 
New Massachusetts Data Privacy Regulation
New Massachusetts Data Privacy RegulationNew Massachusetts Data Privacy Regulation
New Massachusetts Data Privacy Regulation
becarreno
 
Tyler Technology Expo
Tyler Technology ExpoTyler Technology Expo
Tyler Technology Expo
Tony DeGonia (LION)
 
Data Security Solutions_2010 @Vilnius December Opening
Data Security Solutions_2010 @Vilnius December OpeningData Security Solutions_2010 @Vilnius December Opening
Data Security Solutions_2010 @Vilnius December Opening
Andris Soroka
 
Intro to information security
Intro to information securityIntro to information security
Intro to information security
Viraj Ekanayake
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Techsylvania
 
Information security and research data
Information security and research dataInformation security and research data
Information security and research data
Tomppa Järvinen
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
Sonny Hashmi
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
Sonny Hashmi
 

More Related Content

What's hot

TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
rmcsoft
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtection
Gianmarco Ferri
 
Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint
Fasoo
 
Data Security Solutions_2010 @Vilnius December Opening
Data Security Solutions_2010 @Vilnius December OpeningData Security Solutions_2010 @Vilnius December Opening
Data Security Solutions_2010 @Vilnius December Opening
Andris Soroka
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Techsylvania
 

What's hot (19)

Brian m cv
Brian m cvBrian m cv
Brian m cv
 
Tips memulai karir di cybersecurity
Tips memulai karir di cybersecurityTips memulai karir di cybersecurity
Tips memulai karir di cybersecurity
 
Data security strategies and drivers
Data security strategies and driversData security strategies and drivers
Data security strategies and drivers
 
JM_Resume
JM_ResumeJM_Resume
JM_Resume
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
 
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
 
Introduction to Security (Hardware, Software, Data & Policies)
Introduction to Security (Hardware, Software, Data & Policies)Introduction to Security (Hardware, Software, Data & Policies)
Introduction to Security (Hardware, Software, Data & Policies)
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtection
 
Security In Web Conferencing
Security In Web ConferencingSecurity In Web Conferencing
Security In Web Conferencing
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
 
Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
NRF Presentation v2
NRF Presentation v2NRF Presentation v2
NRF Presentation v2
 
Cyber security
Cyber securityCyber security
Cyber security
 
New Massachusetts Data Privacy Regulation
New Massachusetts Data Privacy RegulationNew Massachusetts Data Privacy Regulation
New Massachusetts Data Privacy Regulation
 
Tyler Technology Expo
Tyler Technology ExpoTyler Technology Expo
Tyler Technology Expo
 
Data Security Solutions_2010 @Vilnius December Opening
Data Security Solutions_2010 @Vilnius December OpeningData Security Solutions_2010 @Vilnius December Opening
Data Security Solutions_2010 @Vilnius December Opening
 
Intro to information security
Intro to information securityIntro to information security
Intro to information security
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
 

Similar to IT Security Guest Lecture

Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
Sonny Hashmi
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Precisely
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
Precisely
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar
Concept Searching, Inc
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
Ulf Mattsson
 

Similar to IT Security Guest Lecture (20)

Information security and research data
Information security and research dataInformation security and research data
Information security and research data
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy Presentation
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
 
Cor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popiCor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popi
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal Threats
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
Sensitive Data Exposure
Sensitive Data ExposureSensitive Data Exposure
Sensitive Data Exposure
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.ppt
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!
 
Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | Seclore
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

IT Security Guest Lecture

  • 1. Internal I.T. Security Security within an organization’s network
  • 2. Contents 4/5/2010 Soumitri 2
  • 3. Overview • Brief introduction to what this niche segment is all about • IT Security comprises: o People, Processes & Technologies o Network, Application, Database, Endpoint, Messaging o Policy definition, Policy enforcement, Monitoring & Reporting 4/5/2010 Soumitri 3
  • 4. Industry Perspective - People • Identity and Access Management – Identity Management • Enterprise Employee Directory – Access Management • Single Sign On, Web Sign On, Tokens, Smart Cards, etc – Privilege Management • Layered solutions, Segregation of Duties – Audit & Reporting – Education & Training 4/5/2010 Soumitri 4
  • 5. Industry Perspective - Process • Risk Management – Risk Modeling Tools • Policy Design & Development – Templates, External Consultants, etc • Business Continuity & Disaster Recovery – Multiple Geographic Storage Sites • Incident & Threat Management – Incident Response Platforms 4/5/2010 Soumitri 5
  • 6. Industry Perspective - Process (2) • Information Asset Management – Inventory of Assets (includes People) • Systems Development – Architecture – Modeling Tools – Coding Standards • Operations Management – Monitoring Tools 4/5/2010 Soumitri 6
  • 7. Industry Perspective - Technology • Network – Perimeter security: Firewalls, WLAN, VPN, NIDPS • Application – Coding standards: Static Analysis Tools, Monitoring • Database – Privilege Management: Encryption, Monitoring • Endpoint – Desktops & Servers: Anti-Virus, DLP Suites, Encryption • Messaging – Anti-Spam/Virus/Malware, Encryption • Data – Disk & File encryption, Monitoring & Management, DRM 4/5/2010 Soumitri 7
  • 8. What is DLP? • Data Leak Protection: “Systems that identify, monitor, and protect data in use, data in motion, and data at rest through deep content inspection, contextual security analysis of transaction and with a centralized management framework” • Data at Rest – Endpoint actions • Data in Motion – Network actions • Data in Use – Data storage • Systems are designed to detect and prevent the unauthorized use and transmission of confidential information 4/5/2010 Soumitri 8
  • 9. DLP Process 1) Define Confidential Policy 2) Discover Exposed Data 3) Enforce Policy 4) Feedback & Corrective Mechanism 5) Report Generation and Management 4/5/2010 Soumitri 9
  • 10. Usage & Benefits • Demonstrates Regulatory Compliance – HIPAA, GLBA, PCI, BASEL II, SOX • Helps prevent Identity Theft • Seamless integration in PMO • Protects Brand & Reputation 4/5/2010 Soumitri 10
  • 11. Conclusion • Internal IT Security is an evolving technology • It is a niche area requiring domain & technical expertise • Compliance: PCI, SOX, BASEL II, GLBA – At least one compliance knowledge is needed • Certifications: SSCP, CISSP • More Info: International Information Systems Security Certification Consortium website 4/5/2010 Soumitri 11
  • 12. Conclusion (2) • Career Path: External Security Consultants, IT Security Officer, CISO • Management & Communication skills are required • Firm Knowledge of: – Organization’s strategic objectives – Management issues – Impact of Security policies on Business functions – Comprehensive Technical Info – Future Trends 4/5/2010 Soumitri 12
  • 13. Thank You & Best Wishes 4/5/2010 Soumitri 13