Compliance   a career view
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Compliance a career view

on

  • 1,493 views

null Hyderabad Chapter May Meet

null Hyderabad Chapter May Meet

Statistics

Views

Total Views
1,493
Views on SlideShare
1,006
Embed Views
487

Actions

Likes
0
Downloads
11
Comments
0

3 Embeds 487

http://null.co.in 481
http://www.linkedin.com 5
http://webcache.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Compliance a career view Presentation Transcript

  • 1. Compliance A Career View M.S.Sripati Background image : www.freedigitalphotos.net
  • 2. Agenda● Who Am I● What is Compliance● Why Compliance● Different Roles● Role Requirements● How to get in Background image : www.freedigitalphotos.net
  • 3. Who Am I● ISMS Implementer (HIPAA, ISO 27001)● Web Application Security Student● CISA● 7 Years in Industry● Different Roles ● Developer (PHP, Ruby) ● AISO ● ISMS Implementer● http://www.sripati.info Background image : www.freedigitalphotos.net
  • 4. What is Compliance● The activity (and other associated activities) of following a rule ● Legal (HIPAA, IT Act of India, DPA of EU) ● Regulatory (PCI-DSS) ● Standards (ISO 27001)● Perceptions ● A boring word ● Should not be in security Background image : www.freedigitalphotos.net
  • 5. http://www.infosecinstitute.com/jobs/security-auditor.html● Security Fares well if you know the BIG picture Background image : www.freedigitalphotos.net http://www.itjobswatch.co.uk/jobs/uk/it%20security%20auditor.do
  • 6. Why Compliance● Business Requirements● Overall security cannot be achieved by tools alone● Company expectations on wearing many hats Background image : www.freedigitalphotos.net
  • 7. Why Compliance● Business Requirements ● Security - a client requirement in project ● Business understands that a structured approach is required to tackle security ● Need to assure client – ISO 27001 – Internal Information Security Program (awareness / appsec / netsec) – Regular internal / external audits / reviews Background image : www.freedigitalphotos.net
  • 8. Why Compliance● Overall security cannot be achieved by tools alone ● Physical Security – Vendor related threats – Unauthorized entry ● Application Security – Coding mistakes (copy / paste and then legal fine) ● Network Security – Unpatched network – No testing before patching ● Internal Threats – People stealing data – Passing confidential information ● Human Factor – Password sharing / re-use / writing on paper – Unmanned & Unlocked desktops / laptops – Installing pirated software – Downloading pirated movies / ebooks Background image : www.freedigitalphotos.net
  • 9. Why Compliance● Company Expectations ● Business connect with Infosec ● Maintain Communication among all stakeholders (Admin, IT, Other Departments, Project Teams, HR - trainings) ● Get Things Done (ensure security across all functions) ● Ensure that we stay compliant / no breach (incidents, disaster, be ready for anything etc.) ● Ensure that we clear any security audits Background image : www.freedigitalphotos.net
  • 10. Some Roles in Compliance Domain● Implementors ● Ensure that security is implemented across all functions ● Troubleshoot any process gaps ● Ensure that security processes are performing as they should● Auditors ● Ensure that security process holes are identified Background image : www.freedigitalphotos.net
  • 11. Role Requirements● Implementors ● ISACA ● Understading of overall security system ● CISA ● Understanding of how to get buy-ins ● CISM from authorities ● CRISC How technical pieces fit together 2 ISC ● ● ● How to identify issues ● CISSP ● What to tackle first (prioritize) ● CSSLP● Auditors ● ISO ● Process understanding ● ISO 27001 LI ● How to identify weaknesses ● ISO 27001 LA Background image : www.freedigitalphotos.net
  • 12. How to get In● Implementors ● Ask in current organization for any compliance related work – Learn – Evolve (ensure business connect with IS)● Auditors ● Read ISO 27001 / 27002 – Google ISO 27001 blogs / google group ● Study audit reports vis-a-vis the standard (ask your superiors for a copy, if it is being done) ● Look at your organization from 27001 point of view, note findings ● Show the findings to your superiors, ask for feedback ● Clear CISA and start applying (if your company does not do it)● Your technical knowledge + Compliance = Deadly Impact! Background image : www.freedigitalphotos.net