Information Security Course for Executives


Published on

Information Security Latest Trends

Convergence onto Security Platforms: Endpoint, Email security gateway, Web security gateway, and Next-generation firewall
Virtualization: Virtualization of security controls will alter the information security landscape.
Cloudification: How to enforce an enterprise security policy in the cloud age?
Externalization: How to be open, social and encourage secure collaboration with external entities?
Consumerization: Increasingly, employees want to use their consumer technology (systems and software) for business use.
Operationalization: Need a strategy / R&D and an operational component to security. The strategy / R&D team needs to have time and resources to tackle the new and emerging threats.
Application Security

Threats, Attacks, Vulnerabilities, and Countermeasures
Application Threats / Attacks
Mobile Application Security
Security testing for applications
Security standards and regulations
Information Risk Management

Understanding your risk
Measuring and quantifying your risk
Managing your risk
Optimizing expenses
Presented by: Security Art
Security Art is an information security and risk management consulting and advisory boutique. They use a multi-disciplinary approach with years of hands-on experience giving businesses the strategic path to address all their information security and risk management needs.

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Virtualization is already at it’s peak - not a trend anymore. Cloudification is the obvious next step and large corporations are already adopting it (as well as service providers and vendors)
  • How many iPhones do you have in your company? iPads? Droids? Non-corporate laptops/netbooks?
  • Do you really have time to deal with all of this? R&D resources to keep fixing issues and make sure all new software is secure? Keeping track of emerging threats and new issues?
  • Information Security Course for Executives

    1. 1. Information Security for Executives <ul><li>Free webinar </li></ul><ul><li>Iftach Ian Amit </li></ul>
    2. 2. Agenda <ul><li>Latest Trends </li></ul><ul><li>Application Security </li></ul><ul><li>Risk Management </li></ul>
    3. 3. Latest Trends in Information Security <ul><li>Convergence </li></ul><ul><li>Virtualization </li></ul><ul><li>Cloudification </li></ul><ul><li>Externalization </li></ul><ul><li>Consumerization </li></ul><ul><li>Operationalization </li></ul>
    4. 4. Convergence <ul><li>Endpoint (forget desktops...) </li></ul><ul><li>e-mail </li></ul><ul><li>Web </li></ul><ul><li>“ next-gen” firewalls </li></ul>
    5. 5. Virtualization and Cloudification
    6. 6. Externalization <ul><li>Are you on LinkedIn? </li></ul><ul><li>Facebook? </li></ul><ul><li>Are your customers? </li></ul><ul><li>Partners? </li></ul><ul><li>Competitors? </li></ul>
    7. 7. Consumerization
    8. 8. Operationalization
    9. 9. Agenda <ul><li>Latest Trends </li></ul><ul><li>Application Security </li></ul><ul><li>Risk Management </li></ul>
    10. 10. Application Security <ul><li>Methodology </li></ul><ul><li>Threats, attacks, exposure surface </li></ul><ul><li>Application threats </li></ul><ul><li>Mobile </li></ul><ul><li>Testing </li></ul><ul><li>Regulation/Compliance? </li></ul>
    11. 11. Methodology <ul><li>“ If you have an application with more than a single purpose interface, you are most likely to have a vulnerability in it” </li></ul><ul><ul><ul><ul><ul><li>[wise-old-sage] </li></ul></ul></ul></ul></ul>This is why we have such a high success rate in pen-tests...
    12. 12. Threats, Attacks and Exposure Surface <ul><li>Extreme coverage over the past 10 years </li></ul><ul><li>Not a lot of solutions </li></ul><ul><ul><li>That you can “buy and forget” </li></ul></ul><ul><li>Back to the human factor </li></ul><ul><ul><li>Which is harder to fix... </li></ul></ul>
    13. 13. Application Threats <ul><li>XSS </li></ul><ul><li>CSRF </li></ul><ul><li>SQL Injection </li></ul><ul><li>Parameter tampering </li></ul><ul><li>Session hijacking </li></ul>
    14. 14. Mobile <ul><li>“ And now, make everything work on my iPhone...” </li></ul><ul><ul><ul><ul><ul><li>[management] </li></ul></ul></ul></ul></ul><ul><li>“ And now, I have a chance to repeat every mistake again for this new platform” </li></ul><ul><ul><ul><ul><ul><li>[development] </li></ul></ul></ul></ul></ul>
    15. 15. Testing <ul><li>Security never really fit into your QA schedule didn’t it? </li></ul><ul><li>Can you really think like the bad guys? Do you want to? </li></ul>
    16. 16. Regulation <ul><li>That’s an easy one: </li></ul><ul><ul><li>Pay to get certified, right? </li></ul></ul><ul><li>It doesn’t really feel that much better now... </li></ul><ul><ul><li>Maybe we should get things fixed for real </li></ul></ul><ul><ul><li>...and still get certified </li></ul></ul>
    17. 17. Agenda <ul><li>Latest Trends </li></ul><ul><li>Application Security </li></ul><ul><li>Risk Management </li></ul>
    18. 18. Risk Management <ul><li>What is your risk? </li></ul><ul><li>Measure, Quantify! </li></ul><ul><li>Manage </li></ul><ul><li>Optimize expenses </li></ul>
    19. 19. Identifying your Risks <ul><li>What are the bad guys after? </li></ul><ul><li>Simple... </li></ul>
    20. 20. Measuring Risk <ul><li>From: </li></ul><ul><li>“ So, we pinpointed the one line of code that caused this thing to fail...” </li></ul><ul><li>To: </li></ul><ul><li>“ This issue will cost us $1500 for every time someone exploits it” </li></ul>
    21. 21. How to Measure? <ul><li>Identify your (information) assets </li></ul><ul><li>Identify the threats for each asset </li></ul><ul><ul><li>And their capability </li></ul></ul><ul><ul><li>And the controls that are in place to protect the vulnerabilities </li></ul></ul><ul><ul><li>And their frequency </li></ul></ul><ul><li>Derive a loss event frequency </li></ul><ul><li>Estimate the loss magnitude </li></ul>
    22. 22. Managing Risk Guess which one is it???
    23. 23. Optimize <ul><li>When done right, this can save you money: </li></ul><ul><ul><li>More focused measures to protect assets at risk </li></ul></ul><ul><ul><li>Less vendor bloat </li></ul></ul><ul><ul><li>Less external services required </li></ul></ul><ul><ul><li>Improved development cycles </li></ul></ul>
    24. 24. <ul><li>Don’t re-invent the </li></ul><ul><li>wheel… </li></ul><ul><li>Use tried and tested methodologies and practices </li></ul>All rights reserved to Security Art Ltd 2002 - 2009 FAIR (Factor Analysis of Information Risk)
    25. 25. And... we’re done! <ul><li>Questions ?! </li></ul><ul><li>We are always at: </li></ul><ul><li>[email_address] </li></ul><ul><li>Hosted by: </li></ul>