Compliance A Career View                                             M.S.Sripati                   Background image :     ...
Agenda●   Who Am I●   What is Compliance●   Why Compliance●   Different Roles●   Role Requirements●   How to get in       ...
Who Am I●   ISMS Implementer (HIPAA, ISO 27001)●   Web Application Security Student●   CISA●   7 Years in Industry●   Diff...
What is Compliance●   The activity (and other associated activities) of    following a rule    ●   Legal           (HIPAA,...
http://www.infosecinstitute.com/jobs/security-auditor.html●   Security    Fares well    if you know    the BIG    picture ...
Why Compliance●   Business Requirements●   Overall security cannot be achieved by tools    alone●   Company expectations o...
Why Compliance●   Business Requirements    ●   Security - a client requirement in project    ●   Business understands that...
Why Compliance●   Overall security cannot be achieved by tools alone    ●   Physical Security        –   Vendor related th...
Why Compliance●   Company Expectations    ●   Business connect with Infosec    ●   Maintain Communication among all stakeh...
Some Roles in Compliance Domain●   Implementors    ●   Ensure that security is implemented across all        functions    ...
Role Requirements●   Implementors                                           ●   ISACA    ●   Understading of overall secur...
How to get In●   Implementors    ●   Ask in current organization for any compliance related work        –   Learn        –...
Upcoming SlideShare
Loading in...5
×

Compliance a career view

1,227

Published on

null Hyderabad Chapter May Meet

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,227
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Compliance a career view

  1. 1. Compliance A Career View M.S.Sripati Background image : www.freedigitalphotos.net
  2. 2. Agenda● Who Am I● What is Compliance● Why Compliance● Different Roles● Role Requirements● How to get in Background image : www.freedigitalphotos.net
  3. 3. Who Am I● ISMS Implementer (HIPAA, ISO 27001)● Web Application Security Student● CISA● 7 Years in Industry● Different Roles ● Developer (PHP, Ruby) ● AISO ● ISMS Implementer● http://www.sripati.info Background image : www.freedigitalphotos.net
  4. 4. What is Compliance● The activity (and other associated activities) of following a rule ● Legal (HIPAA, IT Act of India, DPA of EU) ● Regulatory (PCI-DSS) ● Standards (ISO 27001)● Perceptions ● A boring word ● Should not be in security Background image : www.freedigitalphotos.net
  5. 5. http://www.infosecinstitute.com/jobs/security-auditor.html● Security Fares well if you know the BIG picture Background image : www.freedigitalphotos.net http://www.itjobswatch.co.uk/jobs/uk/it%20security%20auditor.do
  6. 6. Why Compliance● Business Requirements● Overall security cannot be achieved by tools alone● Company expectations on wearing many hats Background image : www.freedigitalphotos.net
  7. 7. Why Compliance● Business Requirements ● Security - a client requirement in project ● Business understands that a structured approach is required to tackle security ● Need to assure client – ISO 27001 – Internal Information Security Program (awareness / appsec / netsec) – Regular internal / external audits / reviews Background image : www.freedigitalphotos.net
  8. 8. Why Compliance● Overall security cannot be achieved by tools alone ● Physical Security – Vendor related threats – Unauthorized entry ● Application Security – Coding mistakes (copy / paste and then legal fine) ● Network Security – Unpatched network – No testing before patching ● Internal Threats – People stealing data – Passing confidential information ● Human Factor – Password sharing / re-use / writing on paper – Unmanned & Unlocked desktops / laptops – Installing pirated software – Downloading pirated movies / ebooks Background image : www.freedigitalphotos.net
  9. 9. Why Compliance● Company Expectations ● Business connect with Infosec ● Maintain Communication among all stakeholders (Admin, IT, Other Departments, Project Teams, HR - trainings) ● Get Things Done (ensure security across all functions) ● Ensure that we stay compliant / no breach (incidents, disaster, be ready for anything etc.) ● Ensure that we clear any security audits Background image : www.freedigitalphotos.net
  10. 10. Some Roles in Compliance Domain● Implementors ● Ensure that security is implemented across all functions ● Troubleshoot any process gaps ● Ensure that security processes are performing as they should● Auditors ● Ensure that security process holes are identified Background image : www.freedigitalphotos.net
  11. 11. Role Requirements● Implementors ● ISACA ● Understading of overall security system ● CISA ● Understanding of how to get buy-ins ● CISM from authorities ● CRISC How technical pieces fit together 2 ISC ● ● ● How to identify issues ● CISSP ● What to tackle first (prioritize) ● CSSLP● Auditors ● ISO ● Process understanding ● ISO 27001 LI ● How to identify weaknesses ● ISO 27001 LA Background image : www.freedigitalphotos.net
  12. 12. How to get In● Implementors ● Ask in current organization for any compliance related work – Learn – Evolve (ensure business connect with IS)● Auditors ● Read ISO 27001 / 27002 – Google ISO 27001 blogs / google group ● Study audit reports vis-a-vis the standard (ask your superiors for a copy, if it is being done) ● Look at your organization from 27001 point of view, note findings ● Show the findings to your superiors, ask for feedback ● Clear CISA and start applying (if your company does not do it)● Your technical knowledge + Compliance = Deadly Impact! Background image : www.freedigitalphotos.net
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×