SlideShare a Scribd company logo

Embedding Security in IT Projects

Download as PPTX, PDF
Kaali Dass PMP, PhD.
Kaali Dass PMP, PhD.

Security is an important factor in IT project management. This presentation highlights security implications in delivering IT projects by focusing on project management processes, and Software Development Life Cycle. This also highlights how to implement security in Waterfall and Agile delivery methods. In addition, this presentation details delivering quality software by aligning project level strategies with organization’s security strategy and process. Presented on June 2015 at ISSA, Durham, NC, USA.

Business
1 of 21
Embedding Security in IT Projects Dr. Kaali Dass, PMP, PhD. Program Manager Cisco Systems, Inc. June 2015 © 2014-2015 Dr. Kaali Dass
Enterprise IT Security & Maturity…! To Be Hacked!!! Ref: http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014 24 Large Organizations Hacked in 2014
Project Management Institute  Founded in 1969  185 Countries  628,363 PMI Certification Holders  Certifications: PMP, PgMP, CAPM, PfMP, PMI-ACP, PMP-PBA, PMI- RMP, PMI-SP  Chaptered in 1985  14th Largest - Over 2800 Members  Community / Monthly Meetings & Annual Conference  Agile, Leadership, Pharma, Healthcare, Program Mgt, Public Sector NC Chapter Ref: pmi.org
Enterprise Wide IT Projects Large number of Stakeholders Complex Dependencies Multiple Tier Architecture Diverse Technologies In-house development and Vendor Products Open Source Products Lack of Security Awareness Image Ref: http://www.carnegiemuseums.org/
PMI Process Initiation Planning Execution Monitoring and Controlling Closing
About PMI Knowledge Areas Reference: PMBOK Guide 5th Edition Integration Management  Cost Management  Time Management  Scope Management  Risk Management  Human Resource Management  Stakeholder Management  Communications Management  Quality Management  Procurement Management
Project Structure Organization’s Initiatives (Portfolio) Programs Projects 1…N Programs Project 1…N Programs Projects 1..N
Strategy and Planning Programs and Initiatives Projects & Dev Teams IT Security: Organization
IT Security: Projects Initiation Planning Execution Monitoring and Controlling Closing Enterprise Level Review Business and IT Review Infra / Network / Data / Third-party Code and Access Vulnerabilities Lessons Learned
Waterfall Requirements Design Development Testing Implementation Support Delivery Time: Many Months to Years
Agile Manifesto - Values Individuals and Interactions over process and tools Working Software over Comprehensive Documentation Customer Collaboration over Contract Negotiation Responding to Change over Following a Plan Reference: http://agilemanifesto.org/
Agile Product Owner + Scrum Master + Scrum Team Plan and Commit Sprint(s) Demo and Deliver Inspect and Adapt Incremental Capability Continuous Integration Delivered in Weeks Accept Changes Fail Fast, Learn, and Improve
IT Security Layer: IT and Business Business Roles Responsibilities Access Policies Data Retention PCI Compliance SOX and other Privacy Laws Audits & More… IT ACL AuthC / AuthZ Encryption Mobility & IOT Social Media Data Classification Data Access Data at Rest & Transit Virus / Malware Business Continuity & More…
IT Ecosystems, Agility, and Security IAAS / PAAS Semi Automated, Orchestrated, Public / Private Cloud Public Cloud Automated, Elastic, Scalable, Orchestrated Apps / Services PaaS DB VMs Services SaaS Data Centers / Servers Manual Discrete Process Discrete to Continuous Simple to Complex Manual to Automated
Enabling Security in Waterfall Projects Requirements Design Development Testing Implementation Support  Project Plan with Security Focus  Evaluate Third-party Products  Identify and document Security Risks  Business and IT, Internal and External  Security Architecture and design review  Code Review – Automated / Deep Dive  Monitor Risks closely throughout the SDLC and Project life cycle
Enabling Security in Agile Projects  Security Review during Product backlog, and Sprint planning  Definition of Done for Security (Compliance and Security)  Create Security Awareness and training  Automated Code Scan for Security Vulnerabilities  Standardized and Secured Platform  Retrospective after every Sprint specifically for Security
Key Takeaways: Org Level Plan: IT Leadership, IT Security Strategies Prepare: Governance and Policies Predict: Analyze and Predict Prevent: Real time Monitoring, Alerts Security at Project Planning Business & IT collaboration Focus on People, Process, and Technology Security awareness and training Key Takeaways: Project Level
IT Security - Future Plan Predict Prepare Prevent
kdass@cisco.com dassconnect@gmail.com https://www.linkedin.com/in/kaalidass

Recommended

Leading Enterprise Wide Projects
Leading Enterprise Wide ProjectsLeading Enterprise Wide Projects
Leading Enterprise Wide ProjectsKaali Dass PMP, PhD.
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Peter1020
 
Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityNetIQ
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 

Recommended

Leading Enterprise Wide Projects
Leading Enterprise Wide ProjectsLeading Enterprise Wide Projects
Leading Enterprise Wide ProjectsKaali Dass PMP, PhD.
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Peter1020
 
Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityNetIQ
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)Zero Science Lab
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesDell EMC World
 
The Future of Security Architecture Certification
The Future of Security Architecture CertificationThe Future of Security Architecture Certification
The Future of Security Architecture Certificationdanb02
 
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709Flexera
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...centralohioissa
 
Cloud Software - Cloud-based System Security
Cloud Software - Cloud-based System SecurityCloud Software - Cloud-based System Security
Cloud Software - Cloud-based System SecurityNet at Work
 
MT85 Challenges at the Edge: Dell Edge Gateways
MT85 Challenges at the Edge: Dell Edge GatewaysMT85 Challenges at the Edge: Dell Edge Gateways
MT85 Challenges at the Edge: Dell Edge GatewaysDell EMC World
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteIgnyte Assurance Platform
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...Flexera
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityFlexera
 
Stay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointStay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointMarcoTechnologies
 
Manage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageManage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageCitrix
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
Интуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнесаИнтуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнесаCisco Russia
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
Four Trends of Next Generation ECM
Four Trends of Next Generation ECMFour Trends of Next Generation ECM
Four Trends of Next Generation ECMJohn Newton
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...DevOps.com
 
The BYOD Security Battleground
The BYOD Security BattlegroundThe BYOD Security Battleground
The BYOD Security BattlegroundWatchful Software
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 

More Related Content

What's hot

Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)Zero Science Lab
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesDell EMC World
 
The Future of Security Architecture Certification
The Future of Security Architecture CertificationThe Future of Security Architecture Certification
The Future of Security Architecture Certificationdanb02
 
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709Flexera
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...centralohioissa
 
Cloud Software - Cloud-based System Security
Cloud Software - Cloud-based System SecurityCloud Software - Cloud-based System Security
Cloud Software - Cloud-based System SecurityNet at Work
 
MT85 Challenges at the Edge: Dell Edge Gateways
MT85 Challenges at the Edge: Dell Edge GatewaysMT85 Challenges at the Edge: Dell Edge Gateways
MT85 Challenges at the Edge: Dell Edge GatewaysDell EMC World
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteIgnyte Assurance Platform
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...Flexera
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityFlexera
 
Stay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointStay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointMarcoTechnologies
 
Manage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageManage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageCitrix
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
Интуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнесаИнтуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнесаCisco Russia
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
Four Trends of Next Generation ECM
Four Trends of Next Generation ECMFour Trends of Next Generation ECM
Four Trends of Next Generation ECMJohn Newton
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...DevOps.com
 

What's hot (20)

Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT Initiatives
 
The Future of Security Architecture Certification
The Future of Security Architecture CertificationThe Future of Security Architecture Certification
The Future of Security Architecture Certification
 
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...
 
Cloud Software - Cloud-based System Security
Cloud Software - Cloud-based System SecurityCloud Software - Cloud-based System Security
Cloud Software - Cloud-based System Security
 
MT85 Challenges at the Edge: Dell Edge Gateways
MT85 Challenges at the Edge: Dell Edge GatewaysMT85 Challenges at the Edge: Dell Edge Gateways
MT85 Challenges at the Edge: Dell Edge Gateways
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaboration
 
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
 
Stay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointStay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check Point
 
Manage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageManage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usage
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
 
Интуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнесаИнтуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнеса
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
Four Trends of Next Generation ECM
Four Trends of Next Generation ECMFour Trends of Next Generation ECM
Four Trends of Next Generation ECM
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
 

Similar to Embedding Security in IT Projects

The BYOD Security Battleground
The BYOD Security BattlegroundThe BYOD Security Battleground
The BYOD Security BattlegroundWatchful Software
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanSPS Paris
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
ITU GATE Startup Acceleration Program Silicon-Valley-Grade IT Strategy - IT a...
ITU GATE Startup Acceleration Program Silicon-Valley-Grade IT Strategy - IT a...ITU GATE Startup Acceleration Program Silicon-Valley-Grade IT Strategy - IT a...
ITU GATE Startup Acceleration Program Silicon-Valley-Grade IT Strategy - IT a...Hasan Basri AKIRMAK, MSc,ExecMBA
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365Richard Harbridge
 
Business value of Enterprise Security Architecture
Business value of Enterprise Security Architecture Business value of Enterprise Security Architecture
Business value of Enterprise Security Architecture Ajay Kumar Uppal
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?rbrockway
 
Enterprise Architecture - Information Security
Enterprise Architecture - Information SecurityEnterprise Architecture - Information Security
Enterprise Architecture - Information SecurityAjay Kumar Uppal
 
general_resume_12 1 linked in
general_resume_12 1 linked ingeneral_resume_12 1 linked in
general_resume_12 1 linked inJohn Masiliunas
 
Guardium Suite_seguridad de los datos...
Guardium Suite_seguridad de los datos...Guardium Suite_seguridad de los datos...
Guardium Suite_seguridad de los datos...EdiverLadino
 
Silicon Valley Grade IT and Cloud Maturity Assessment for Startup Ecosystem i...
Silicon Valley Grade IT and Cloud Maturity Assessment for Startup Ecosystem i...Silicon Valley Grade IT and Cloud Maturity Assessment for Startup Ecosystem i...
Silicon Valley Grade IT and Cloud Maturity Assessment for Startup Ecosystem i...Engin Deveci, Ph.D.
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Needsimplyme12345
 
David Adams - Linkedin Information Architect Business Analyst - Web / Social ...
David Adams - Linkedin Information Architect Business Analyst - Web / Social ...David Adams - Linkedin Information Architect Business Analyst - Web / Social ...
David Adams - Linkedin Information Architect Business Analyst - Web / Social ...David Adams
 
Path Maker Security Presentation
Path Maker Security PresentationPath Maker Security Presentation
Path Maker Security Presentationdanhsmith
 

Similar to Embedding Security in IT Projects (20)

The BYOD Security Battleground
The BYOD Security BattlegroundThe BYOD Security Battleground
The BYOD Security Battleground
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
ITU GATE Startup Acceleration Program Silicon-Valley-Grade IT Strategy - IT a...
ITU GATE Startup Acceleration Program Silicon-Valley-Grade IT Strategy - IT a...ITU GATE Startup Acceleration Program Silicon-Valley-Grade IT Strategy - IT a...
ITU GATE Startup Acceleration Program Silicon-Valley-Grade IT Strategy - IT a...
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365
 
Business value of Enterprise Security Architecture
Business value of Enterprise Security Architecture Business value of Enterprise Security Architecture
Business value of Enterprise Security Architecture
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
 
Enterprise Architecture - Information Security
Enterprise Architecture - Information SecurityEnterprise Architecture - Information Security
Enterprise Architecture - Information Security
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.ppt
 
general_resume_12 1 linked in
general_resume_12 1 linked ingeneral_resume_12 1 linked in
general_resume_12 1 linked in
 
Guardium Suite_seguridad de los datos...
Guardium Suite_seguridad de los datos...Guardium Suite_seguridad de los datos...
Guardium Suite_seguridad de los datos...
 
Silicon Valley Grade IT and Cloud Maturity Assessment for Startup Ecosystem i...
Silicon Valley Grade IT and Cloud Maturity Assessment for Startup Ecosystem i...Silicon Valley Grade IT and Cloud Maturity Assessment for Startup Ecosystem i...
Silicon Valley Grade IT and Cloud Maturity Assessment for Startup Ecosystem i...
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Need
 
David Adams - Linkedin Information Architect Business Analyst - Web / Social ...
David Adams - Linkedin Information Architect Business Analyst - Web / Social ...David Adams - Linkedin Information Architect Business Analyst - Web / Social ...
David Adams - Linkedin Information Architect Business Analyst - Web / Social ...
 
Path Maker Security Presentation
Path Maker Security PresentationPath Maker Security Presentation
Path Maker Security Presentation
 

More from Kaali Dass PMP, PhD.

Effective Delivery Strategies to handle predictable and unpredictable project...
Effective Delivery Strategies to handle predictable and unpredictable project...Effective Delivery Strategies to handle predictable and unpredictable project...
Effective Delivery Strategies to handle predictable and unpredictable project...Kaali Dass PMP, PhD.
 
Delight Your Customers with Four Eyes of Quality: Agile Quality Improvement S...
Delight Your Customers with Four Eyes of Quality: Agile Quality Improvement S...Delight Your Customers with Four Eyes of Quality: Agile Quality Improvement S...
Delight Your Customers with Four Eyes of Quality: Agile Quality Improvement S...Kaali Dass PMP, PhD.
 
Enterprise IT Projects: Agile Release Planning Strategies
Enterprise IT Projects: Agile Release Planning StrategiesEnterprise IT Projects: Agile Release Planning Strategies
Enterprise IT Projects: Agile Release Planning StrategiesKaali Dass PMP, PhD.
 
Level Up Your Skills to Lead IT Projects Successfully
Level Up Your Skills to Lead IT Projects SuccessfullyLevel Up Your Skills to Lead IT Projects Successfully
Level Up Your Skills to Lead IT Projects SuccessfullyKaali Dass PMP, PhD.
 
Next Generation Project Management: Evolving, Transforming and Adapting to th...
Next Generation Project Management: Evolving, Transforming and Adapting to th...Next Generation Project Management: Evolving, Transforming and Adapting to th...
Next Generation Project Management: Evolving, Transforming and Adapting to th...Kaali Dass PMP, PhD.
 
Critical Success Factors in Leading Healthcare IT Projects
Critical Success Factors in Leading Healthcare IT ProjectsCritical Success Factors in Leading Healthcare IT Projects
Critical Success Factors in Leading Healthcare IT ProjectsKaali Dass PMP, PhD.
 
Portfolio Planning in Higher Education Industry
Portfolio Planning in Higher Education IndustryPortfolio Planning in Higher Education Industry
Portfolio Planning in Higher Education IndustryKaali Dass PMP, PhD.
 
Foundational Skills to Lead Enterprise Programs
Foundational Skills to Lead Enterprise ProgramsFoundational Skills to Lead Enterprise Programs
Foundational Skills to Lead Enterprise ProgramsKaali Dass PMP, PhD.
 
Leading Transformation Programs in Large / Global Organizations
Leading Transformation Programs in Large / Global OrganizationsLeading Transformation Programs in Large / Global Organizations
Leading Transformation Programs in Large / Global OrganizationsKaali Dass PMP, PhD.
 
Building Quality Culture In Agile Software Development
Building Quality Culture In Agile Software DevelopmentBuilding Quality Culture In Agile Software Development
Building Quality Culture In Agile Software DevelopmentKaali Dass PMP, PhD.
 
Quality strategies in Agile Transformation
Quality strategies in Agile TransformationQuality strategies in Agile Transformation
Quality strategies in Agile TransformationKaali Dass PMP, PhD.
 
Resilience: The Key to Leadership Success
Resilience: The Key to Leadership SuccessResilience: The Key to Leadership Success
Resilience: The Key to Leadership SuccessKaali Dass PMP, PhD.
 
Cloud Computing and the Changing IT Model
Cloud Computing and the Changing IT ModelCloud Computing and the Changing IT Model
Cloud Computing and the Changing IT ModelKaali Dass PMP, PhD.
 
Applying Quality to the Project and Product Management Process
Applying Quality to the Project and Product Management ProcessApplying Quality to the Project and Product Management Process
Applying Quality to the Project and Product Management ProcessKaali Dass PMP, PhD.
 
Building a culture of collaborative innovation
Building a culture of collaborative innovation Building a culture of collaborative innovation
Building a culture of collaborative innovation Kaali Dass PMP, PhD.
 

More from Kaali Dass PMP, PhD. (18)

Effective Delivery Strategies to handle predictable and unpredictable project...
Effective Delivery Strategies to handle predictable and unpredictable project...Effective Delivery Strategies to handle predictable and unpredictable project...
Effective Delivery Strategies to handle predictable and unpredictable project...
 
Delight Your Customers with Four Eyes of Quality: Agile Quality Improvement S...
Delight Your Customers with Four Eyes of Quality: Agile Quality Improvement S...Delight Your Customers with Four Eyes of Quality: Agile Quality Improvement S...
Delight Your Customers with Four Eyes of Quality: Agile Quality Improvement S...
 
Enterprise IT Projects: Agile Release Planning Strategies
Enterprise IT Projects: Agile Release Planning StrategiesEnterprise IT Projects: Agile Release Planning Strategies
Enterprise IT Projects: Agile Release Planning Strategies
 
Level Up Your Skills to Lead IT Projects Successfully
Level Up Your Skills to Lead IT Projects SuccessfullyLevel Up Your Skills to Lead IT Projects Successfully
Level Up Your Skills to Lead IT Projects Successfully
 
Next Generation Project Management: Evolving, Transforming and Adapting to th...
Next Generation Project Management: Evolving, Transforming and Adapting to th...Next Generation Project Management: Evolving, Transforming and Adapting to th...
Next Generation Project Management: Evolving, Transforming and Adapting to th...
 
Critical Success Factors in Leading Healthcare IT Projects
Critical Success Factors in Leading Healthcare IT ProjectsCritical Success Factors in Leading Healthcare IT Projects
Critical Success Factors in Leading Healthcare IT Projects
 
Research to Realworld Projects
Research to Realworld ProjectsResearch to Realworld Projects
Research to Realworld Projects
 
Portfolio Planning in Higher Education Industry
Portfolio Planning in Higher Education IndustryPortfolio Planning in Higher Education Industry
Portfolio Planning in Higher Education Industry
 
Managing Government Projects
Managing Government ProjectsManaging Government Projects
Managing Government Projects
 
Foundational Skills to Lead Enterprise Programs
Foundational Skills to Lead Enterprise ProgramsFoundational Skills to Lead Enterprise Programs
Foundational Skills to Lead Enterprise Programs
 
Leading Transformation Programs in Large / Global Organizations
Leading Transformation Programs in Large / Global OrganizationsLeading Transformation Programs in Large / Global Organizations
Leading Transformation Programs in Large / Global Organizations
 
Building Quality Culture In Agile Software Development
Building Quality Culture In Agile Software DevelopmentBuilding Quality Culture In Agile Software Development
Building Quality Culture In Agile Software Development
 
Quality strategies in Agile Transformation
Quality strategies in Agile TransformationQuality strategies in Agile Transformation
Quality strategies in Agile Transformation
 
Resilience: The Key to Leadership Success
Resilience: The Key to Leadership SuccessResilience: The Key to Leadership Success
Resilience: The Key to Leadership Success
 
Cloud Computing and the Changing IT Model
Cloud Computing and the Changing IT ModelCloud Computing and the Changing IT Model
Cloud Computing and the Changing IT Model
 
Applying Quality to the Project and Product Management Process
Applying Quality to the Project and Product Management ProcessApplying Quality to the Project and Product Management Process
Applying Quality to the Project and Product Management Process
 
Leading through change
Leading through changeLeading through change
Leading through change
 
Building a culture of collaborative innovation
Building a culture of collaborative innovation Building a culture of collaborative innovation
Building a culture of collaborative innovation
 

Recently uploaded

Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptxnandhinijagan9867
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentationuneakwhite
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...rajveerescorts2022
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...lizamodels9
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...amitlee9823
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Sheetaleventcompany
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 

Recently uploaded (20)

Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 

Embedding Security in IT Projects

  • 1. Embedding Security in IT Projects Dr. Kaali Dass, PMP, PhD. Program Manager Cisco Systems, Inc. June 2015 © 2014-2015 Dr. Kaali Dass
  • 2. Enterprise IT Security & Maturity…! To Be Hacked!!! Ref: http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014 24 Large Organizations Hacked in 2014
  • 3.
  • 4. Project Management Institute  Founded in 1969  185 Countries  628,363 PMI Certification Holders  Certifications: PMP, PgMP, CAPM, PfMP, PMI-ACP, PMP-PBA, PMI- RMP, PMI-SP  Chaptered in 1985  14th Largest - Over 2800 Members  Community / Monthly Meetings & Annual Conference  Agile, Leadership, Pharma, Healthcare, Program Mgt, Public Sector NC Chapter Ref: pmi.org
  • 5. Enterprise Wide IT Projects Large number of Stakeholders Complex Dependencies Multiple Tier Architecture Diverse Technologies In-house development and Vendor Products Open Source Products Lack of Security Awareness Image Ref: http://www.carnegiemuseums.org/
  • 6. PMI Process Initiation Planning Execution Monitoring and Controlling Closing
  • 7. About PMI Knowledge Areas Reference: PMBOK Guide 5th Edition Integration Management  Cost Management  Time Management  Scope Management  Risk Management  Human Resource Management  Stakeholder Management  Communications Management  Quality Management  Procurement Management
  • 8. Project Structure Organization’s Initiatives (Portfolio) Programs Projects 1…N Programs Project 1…N Programs Projects 1..N
  • 9.
  • 10. Strategy and Planning Programs and Initiatives Projects & Dev Teams IT Security: Organization
  • 11. IT Security: Projects Initiation Planning Execution Monitoring and Controlling Closing Enterprise Level Review Business and IT Review Infra / Network / Data / Third-party Code and Access Vulnerabilities Lessons Learned
  • 13. Agile Manifesto - Values Individuals and Interactions over process and tools Working Software over Comprehensive Documentation Customer Collaboration over Contract Negotiation Responding to Change over Following a Plan Reference: http://agilemanifesto.org/
  • 14. Agile Product Owner + Scrum Master + Scrum Team Plan and Commit Sprint(s) Demo and Deliver Inspect and Adapt Incremental Capability Continuous Integration Delivered in Weeks Accept Changes Fail Fast, Learn, and Improve
  • 15. IT Security Layer: IT and Business Business Roles Responsibilities Access Policies Data Retention PCI Compliance SOX and other Privacy Laws Audits & More… IT ACL AuthC / AuthZ Encryption Mobility & IOT Social Media Data Classification Data Access Data at Rest & Transit Virus / Malware Business Continuity & More…
  • 16. IT Ecosystems, Agility, and Security IAAS / PAAS Semi Automated, Orchestrated, Public / Private Cloud Public Cloud Automated, Elastic, Scalable, Orchestrated Apps / Services PaaS DB VMs Services SaaS Data Centers / Servers Manual Discrete Process Discrete to Continuous Simple to Complex Manual to Automated
  • 17. Enabling Security in Waterfall Projects Requirements Design Development Testing Implementation Support  Project Plan with Security Focus  Evaluate Third-party Products  Identify and document Security Risks  Business and IT, Internal and External  Security Architecture and design review  Code Review – Automated / Deep Dive  Monitor Risks closely throughout the SDLC and Project life cycle
  • 18. Enabling Security in Agile Projects  Security Review during Product backlog, and Sprint planning  Definition of Done for Security (Compliance and Security)  Create Security Awareness and training  Automated Code Scan for Security Vulnerabilities  Standardized and Secured Platform  Retrospective after every Sprint specifically for Security
  • 19. Key Takeaways: Org Level Plan: IT Leadership, IT Security Strategies Prepare: Governance and Policies Predict: Analyze and Predict Prevent: Real time Monitoring, Alerts Security at Project Planning Business & IT collaboration Focus on People, Process, and Technology Security awareness and training Key Takeaways: Project Level
  • 20. IT Security - Future Plan Predict Prepare Prevent

Editor's Notes

  1. http://map.ipviking.com/
  2. http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014
  3. Map.ipviking.com