Compliance   a career view
Upcoming SlideShare
Loading in...5

Compliance a career view



null Hyderabad Chapter May Meet

null Hyderabad Chapter May Meet



Total Views
Views on SlideShare
Embed Views



3 Embeds 486 480 5 1



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Compliance   a career view Compliance a career view Presentation Transcript

  • Compliance A Career View M.S.Sripati Background image :
  • Agenda● Who Am I● What is Compliance● Why Compliance● Different Roles● Role Requirements● How to get in Background image :
  • Who Am I● ISMS Implementer (HIPAA, ISO 27001)● Web Application Security Student● CISA● 7 Years in Industry● Different Roles ● Developer (PHP, Ruby) ● AISO ● ISMS Implementer● Background image :
  • What is Compliance● The activity (and other associated activities) of following a rule ● Legal (HIPAA, IT Act of India, DPA of EU) ● Regulatory (PCI-DSS) ● Standards (ISO 27001)● Perceptions ● A boring word ● Should not be in security Background image :
  •● Security Fares well if you know the BIG picture Background image :
  • Why Compliance● Business Requirements● Overall security cannot be achieved by tools alone● Company expectations on wearing many hats Background image :
  • Why Compliance● Business Requirements ● Security - a client requirement in project ● Business understands that a structured approach is required to tackle security ● Need to assure client – ISO 27001 – Internal Information Security Program (awareness / appsec / netsec) – Regular internal / external audits / reviews Background image :
  • Why Compliance● Overall security cannot be achieved by tools alone ● Physical Security – Vendor related threats – Unauthorized entry ● Application Security – Coding mistakes (copy / paste and then legal fine) ● Network Security – Unpatched network – No testing before patching ● Internal Threats – People stealing data – Passing confidential information ● Human Factor – Password sharing / re-use / writing on paper – Unmanned & Unlocked desktops / laptops – Installing pirated software – Downloading pirated movies / ebooks Background image :
  • Why Compliance● Company Expectations ● Business connect with Infosec ● Maintain Communication among all stakeholders (Admin, IT, Other Departments, Project Teams, HR - trainings) ● Get Things Done (ensure security across all functions) ● Ensure that we stay compliant / no breach (incidents, disaster, be ready for anything etc.) ● Ensure that we clear any security audits Background image :
  • Some Roles in Compliance Domain● Implementors ● Ensure that security is implemented across all functions ● Troubleshoot any process gaps ● Ensure that security processes are performing as they should● Auditors ● Ensure that security process holes are identified Background image :
  • Role Requirements● Implementors ● ISACA ● Understading of overall security system ● CISA ● Understanding of how to get buy-ins ● CISM from authorities ● CRISC How technical pieces fit together 2 ISC ● ● ● How to identify issues ● CISSP ● What to tackle first (prioritize) ● CSSLP● Auditors ● ISO ● Process understanding ● ISO 27001 LI ● How to identify weaknesses ● ISO 27001 LA Background image :
  • How to get In● Implementors ● Ask in current organization for any compliance related work – Learn – Evolve (ensure business connect with IS)● Auditors ● Read ISO 27001 / 27002 – Google ISO 27001 blogs / google group ● Study audit reports vis-a-vis the standard (ask your superiors for a copy, if it is being done) ● Look at your organization from 27001 point of view, note findings ● Show the findings to your superiors, ask for feedback ● Clear CISA and start applying (if your company does not do it)● Your technical knowledge + Compliance = Deadly Impact! Background image :