Your SlideShare is downloading. ×
0
Compliance   a career view
Compliance   a career view
Compliance   a career view
Compliance   a career view
Compliance   a career view
Compliance   a career view
Compliance   a career view
Compliance   a career view
Compliance   a career view
Compliance   a career view
Compliance   a career view
Compliance   a career view
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Compliance a career view

1,216

Published on

null Hyderabad Chapter May Meet

null Hyderabad Chapter May Meet

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,216
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Compliance A Career View M.S.Sripati Background image : www.freedigitalphotos.net
  • 2. Agenda● Who Am I● What is Compliance● Why Compliance● Different Roles● Role Requirements● How to get in Background image : www.freedigitalphotos.net
  • 3. Who Am I● ISMS Implementer (HIPAA, ISO 27001)● Web Application Security Student● CISA● 7 Years in Industry● Different Roles ● Developer (PHP, Ruby) ● AISO ● ISMS Implementer● http://www.sripati.info Background image : www.freedigitalphotos.net
  • 4. What is Compliance● The activity (and other associated activities) of following a rule ● Legal (HIPAA, IT Act of India, DPA of EU) ● Regulatory (PCI-DSS) ● Standards (ISO 27001)● Perceptions ● A boring word ● Should not be in security Background image : www.freedigitalphotos.net
  • 5. http://www.infosecinstitute.com/jobs/security-auditor.html● Security Fares well if you know the BIG picture Background image : www.freedigitalphotos.net http://www.itjobswatch.co.uk/jobs/uk/it%20security%20auditor.do
  • 6. Why Compliance● Business Requirements● Overall security cannot be achieved by tools alone● Company expectations on wearing many hats Background image : www.freedigitalphotos.net
  • 7. Why Compliance● Business Requirements ● Security - a client requirement in project ● Business understands that a structured approach is required to tackle security ● Need to assure client – ISO 27001 – Internal Information Security Program (awareness / appsec / netsec) – Regular internal / external audits / reviews Background image : www.freedigitalphotos.net
  • 8. Why Compliance● Overall security cannot be achieved by tools alone ● Physical Security – Vendor related threats – Unauthorized entry ● Application Security – Coding mistakes (copy / paste and then legal fine) ● Network Security – Unpatched network – No testing before patching ● Internal Threats – People stealing data – Passing confidential information ● Human Factor – Password sharing / re-use / writing on paper – Unmanned & Unlocked desktops / laptops – Installing pirated software – Downloading pirated movies / ebooks Background image : www.freedigitalphotos.net
  • 9. Why Compliance● Company Expectations ● Business connect with Infosec ● Maintain Communication among all stakeholders (Admin, IT, Other Departments, Project Teams, HR - trainings) ● Get Things Done (ensure security across all functions) ● Ensure that we stay compliant / no breach (incidents, disaster, be ready for anything etc.) ● Ensure that we clear any security audits Background image : www.freedigitalphotos.net
  • 10. Some Roles in Compliance Domain● Implementors ● Ensure that security is implemented across all functions ● Troubleshoot any process gaps ● Ensure that security processes are performing as they should● Auditors ● Ensure that security process holes are identified Background image : www.freedigitalphotos.net
  • 11. Role Requirements● Implementors ● ISACA ● Understading of overall security system ● CISA ● Understanding of how to get buy-ins ● CISM from authorities ● CRISC How technical pieces fit together 2 ISC ● ● ● How to identify issues ● CISSP ● What to tackle first (prioritize) ● CSSLP● Auditors ● ISO ● Process understanding ● ISO 27001 LI ● How to identify weaknesses ● ISO 27001 LA Background image : www.freedigitalphotos.net
  • 12. How to get In● Implementors ● Ask in current organization for any compliance related work – Learn – Evolve (ensure business connect with IS)● Auditors ● Read ISO 27001 / 27002 – Google ISO 27001 blogs / google group ● Study audit reports vis-a-vis the standard (ask your superiors for a copy, if it is being done) ● Look at your organization from 27001 point of view, note findings ● Show the findings to your superiors, ask for feedback ● Clear CISA and start applying (if your company does not do it)● Your technical knowledge + Compliance = Deadly Impact! Background image : www.freedigitalphotos.net

×