Information Security Course for Executives
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


Information Security Course for Executives

Uploaded on

Information Security Latest Trends...

Information Security Latest Trends

Convergence onto Security Platforms: Endpoint, Email security gateway, Web security gateway, and Next-generation firewall
Virtualization: Virtualization of security controls will alter the information security landscape.
Cloudification: How to enforce an enterprise security policy in the cloud age?
Externalization: How to be open, social and encourage secure collaboration with external entities?
Consumerization: Increasingly, employees want to use their consumer technology (systems and software) for business use.
Operationalization: Need a strategy / R&D and an operational component to security. The strategy / R&D team needs to have time and resources to tackle the new and emerging threats.
Application Security

Threats, Attacks, Vulnerabilities, and Countermeasures
Application Threats / Attacks
Mobile Application Security
Security testing for applications
Security standards and regulations
Information Risk Management

Understanding your risk
Measuring and quantifying your risk
Managing your risk
Optimizing expenses
Presented by: Security Art
Security Art is an information security and risk management consulting and advisory boutique. They use a multi-disciplinary approach with years of hands-on experience giving businesses the strategic path to address all their information security and risk management needs.

More in: Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 7 3 2 1 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • Virtualization is already at it’s peak - not a trend anymore. Cloudification is the obvious next step and large corporations are already adopting it (as well as service providers and vendors)
  • How many iPhones do you have in your company? iPads? Droids? Non-corporate laptops/netbooks?
  • Do you really have time to deal with all of this? R&D resources to keep fixing issues and make sure all new software is secure? Keeping track of emerging threats and new issues?


  • 1. Information Security for Executives
    • Free webinar
    • Iftach Ian Amit
  • 2. Agenda
    • Latest Trends
    • Application Security
    • Risk Management
  • 3. Latest Trends in Information Security
    • Convergence
    • Virtualization
    • Cloudification
    • Externalization
    • Consumerization
    • Operationalization
  • 4. Convergence
    • Endpoint (forget desktops...)
    • e-mail
    • Web
    • “ next-gen” firewalls
  • 5. Virtualization and Cloudification
  • 6. Externalization
    • Are you on LinkedIn?
    • Facebook?
    • Are your customers?
    • Partners?
    • Competitors?
  • 7. Consumerization
  • 8. Operationalization
  • 9. Agenda
    • Latest Trends
    • Application Security
    • Risk Management
  • 10. Application Security
    • Methodology
    • Threats, attacks, exposure surface
    • Application threats
    • Mobile
    • Testing
    • Regulation/Compliance?
  • 11. Methodology
    • “ If you have an application with more than a single purpose interface, you are most likely to have a vulnerability in it”
            • [wise-old-sage]
    This is why we have such a high success rate in pen-tests...
  • 12. Threats, Attacks and Exposure Surface
    • Extreme coverage over the past 10 years
    • Not a lot of solutions
      • That you can “buy and forget”
    • Back to the human factor
      • Which is harder to fix...
  • 13. Application Threats
    • XSS
    • CSRF
    • SQL Injection
    • Parameter tampering
    • Session hijacking
  • 14. Mobile
    • “ And now, make everything work on my iPhone...”
            • [management]
    • “ And now, I have a chance to repeat every mistake again for this new platform”
            • [development]
  • 15. Testing
    • Security never really fit into your QA schedule didn’t it?
    • Can you really think like the bad guys? Do you want to?
  • 16. Regulation
    • That’s an easy one:
      • Pay to get certified, right?
    • It doesn’t really feel that much better now...
      • Maybe we should get things fixed for real
      • ...and still get certified
  • 17. Agenda
    • Latest Trends
    • Application Security
    • Risk Management
  • 18. Risk Management
    • What is your risk?
    • Measure, Quantify!
    • Manage
    • Optimize expenses
  • 19. Identifying your Risks
    • What are the bad guys after?
    • Simple...
  • 20. Measuring Risk
    • From:
    • “ So, we pinpointed the one line of code that caused this thing to fail...”
    • To:
    • “ This issue will cost us $1500 for every time someone exploits it”
  • 21. How to Measure?
    • Identify your (information) assets
    • Identify the threats for each asset
      • And their capability
      • And the controls that are in place to protect the vulnerabilities
      • And their frequency
    • Derive a loss event frequency
    • Estimate the loss magnitude
  • 22. Managing Risk Guess which one is it???
  • 23. Optimize
    • When done right, this can save you money:
      • More focused measures to protect assets at risk
      • Less vendor bloat
      • Less external services required
      • Improved development cycles
  • 24.
    • Don’t re-invent the
    • wheel…
    • Use tried and tested methodologies and practices
    All rights reserved to Security Art Ltd 2002 - 2009 FAIR (Factor Analysis of Information Risk)
  • 25. And... we’re done!
    • Questions ?!
    • We are always at:
    • [email_address]
    • Hosted by: