SlideShare a Scribd company logo

Security Review of Software (Asset Management)

K
Krutarth Vasavada

A session on secure asset management conducted for the students of ATMIYA University. Includes checklist on asset audit and exercises for students.

Software
1 of 16
Download to read offline
Presented to ATMIYA University
Krutarth Vasavada • B.E. (Electronics and Communication), AITS 2002-06 • M.S. (Computer Engineering), San Jose State University, California, US • Certified Cloud Security Professional, ISC2 • 13+ Years into Software Product Development, Cybersecurity, Information Security Audits, Data Privacy & Compliance • Worked in India, USA, EU (currently) in Automobile, Chemicals, Insurance, Investment Banking, and e- Commerce domains.
Topics Cybersecurity – What? Why? Where? How? 01 What is a secure software? 02 Why we need a secure software? 03 Areas of Software Security 04 Secure Software Checklist 05 Exercises and References 06
Scope Secure Coding Standards is a separate topic and it is not part of this workshop! This session focuses on software security from end-user perspective
Scope In the context of this workshop, Software = Desktop Applications (Dropbox, MS Office, etc.) Mobile Applications (Zoom, WhatsApp, LinkedIn, etc.) Web/SaaS Solutions (Email, JIRA/Confluence, Web Portals, etc.)
What is Cybersecurity? Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use
Next Topics Cybersecurity – What? Why? Where? How? 01 What is a secure software? 02 Why we need a secure software? 03 Areas of Software Security 04 Secure Software Checklist 05 References 06
What is a Secure Software? Protects information identity Respects privacy user rights Improvessecure exchange of data Provides reliable authentication Uses secure architecture privacy-by-design Complies with local/global laws Certified ISO 27001 SOC 2
Why we need a Secure Software? Corporations Loss of reputation Customer data exposure Legal battles Monetary compensations Disciplinary action Penalty Individuals Identity theft Financial loss Exposure of personal data/files Blackmail/Ransomware Using a software which doesn’t meet the security requirements has repercussions for corporations as well as individuals.
Next Topic Cybersecurity – What? Why? Where? How? 01 What is a secure software? 02 Why we need a secure software? 03 Areas of Software Security 04 Secure Software Checklist 05 References 06
Areas of Software Security Technology Stack Up-to-date or Outdated? Architecture Secure? Privacy-by-design? Scalable? Hosting Cloud? Bare-metal? On premises? Hybrid? Geography Locally hosted? Outside the country? within EU/US? Security Features Multi-factor authentication? Backup-Recovery? Audit Logs? Data Privacy Third-party access? User rights? Compliance Information Security Certification? GDPR? Processes e.g., Recruitment process (background check for sensitive jobs)
Next Topic Cybersecurity – What? Why? Where? How? 01 What is a secure software? 02 Why we need a secure software? 03 Areas of Software Security 04 Secure Software Checklist 05 References 06
Is your software secure? ❑ Review Permissions - What does it access? And when? ❑ Data backup and encryption policies ❑ Will you be able to permanently remove all your data when you want? ❑ How many concurrent sessions does it allow? ❑ With which third-parties your data is shared? ❑ Do you know where the software application and data are hosted? ❑ Does it have any globally trusted information security certification? ❑ Does it have publicly known vulnerabilities? ❑ Does it participate in any global privacy programs such as EU-US, Swiss-US Privacy Shield?
Remember, it is about YOU! If You're Not Paying For It, You Are The Product
Exercise and Reference Reading According to you, which of the following search engines has better (= end-user friendly) privacy policies? Why? Google – DuckDuckGo – Bing Are WhatsApp messages always end-to-end encrypted? Does that mean WhatsApp cannot read messages exchanged between users? Web Security Academy - https://portswigger.net/web-security Conduct security assessment of your favorite cloud storage drive and prepare an audit report. DHS United States – Defence in Depth Recommendations
Questions? Thank you!

Recommended

NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
North Texas Chapter of the ISSA
 
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
North Texas Chapter of the ISSA
 
Data security
Data securityData security
Data security
Soumen Mondal
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
Narudom Roongsiriwong, CISSP
 
How to develop an AppSec culture in your project
How to develop an AppSec culture in your project How to develop an AppSec culture in your project
How to develop an AppSec culture in your project
99X Technology
 
Residency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resiResidency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resi
SHIVA101531
 
Security architecture principles isys 0575general att
Security architecture principles isys 0575general attSecurity architecture principles isys 0575general att
Security architecture principles isys 0575general att
SHIVA101531
 
20110428 ARMA Amarillo IT for Records Managers
20110428 ARMA Amarillo IT for Records Managers20110428 ARMA Amarillo IT for Records Managers
20110428 ARMA Amarillo IT for Records Managers
Jesse Wilkins
 

Recommended

NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
North Texas Chapter of the ISSA
 
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
North Texas Chapter of the ISSA
 
Data security
Data securityData security
Data security
Soumen Mondal
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
Narudom Roongsiriwong, CISSP
 
How to develop an AppSec culture in your project
How to develop an AppSec culture in your project How to develop an AppSec culture in your project
How to develop an AppSec culture in your project
99X Technology
 
Residency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resiResidency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resi
SHIVA101531
 
Security architecture principles isys 0575general att
Security architecture principles isys 0575general attSecurity architecture principles isys 0575general att
Security architecture principles isys 0575general att
SHIVA101531
 
20110428 ARMA Amarillo IT for Records Managers
20110428 ARMA Amarillo IT for Records Managers20110428 ARMA Amarillo IT for Records Managers
20110428 ARMA Amarillo IT for Records Managers
Jesse Wilkins
 
Yazeed Resume (UPDATED) 2.1
Yazeed Resume (UPDATED) 2.1Yazeed Resume (UPDATED) 2.1
Yazeed Resume (UPDATED) 2.1
Yazeed Alkhalifah
 
Information security presentation
Information security presentationInformation security presentation
Information security presentation
HK IT solutions... unlimited...
 
Security and management
Security and managementSecurity and management
Security and management
ArtiSolanki5
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Mazenetsolution
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
rcnossen
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
Andris Soroka
 
Software Security
Software SecuritySoftware Security
Software Security
AkNirojan
 
Application Security
Application SecurityApplication Security
Application Security
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Cyber security
Cyber securityCyber security
Cyber security
Eduonix
 
Ethical Hacking Services
Ethical Hacking ServicesEthical Hacking Services
Ethical Hacking Services
Virtue Security
 
Personal Data Protection
Personal Data ProtectionPersonal Data Protection
Personal Data Protection
CreatorsCircle
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation
dhirujapla
 
ATP Technology Pillars
ATP Technology PillarsATP Technology Pillars
ATP Technology Pillars
Priyanka Aash
 
Network security # Lecture 1
Network security # Lecture 1Network security # Lecture 1
Network security # Lecture 1
Kabul Education University
 
It security forensic
It security forensicIt security forensic
It security forensic
Rupesh Verma
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)
AT-NET Services, Inc. - Charleston Division
 
Computer Security
Computer SecurityComputer Security
Computer Security
AkNirojan
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
Mukesh Chinta
 
CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1
ShivamSharma909
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and Security
Nawanan Theera-Ampornpunt
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 

More Related Content

What's hot

Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
rcnossen
 

What's hot (20)

Yazeed Resume (UPDATED) 2.1
Yazeed Resume (UPDATED) 2.1Yazeed Resume (UPDATED) 2.1
Yazeed Resume (UPDATED) 2.1
 
Information security presentation
Information security presentationInformation security presentation
Information security presentation
 
Security and management
Security and managementSecurity and management
Security and management
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
 
Software Security
Software SecuritySoftware Security
Software Security
 
Application Security
Application SecurityApplication Security
Application Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Ethical Hacking Services
Ethical Hacking ServicesEthical Hacking Services
Ethical Hacking Services
 
Personal Data Protection
Personal Data ProtectionPersonal Data Protection
Personal Data Protection
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation
 
ATP Technology Pillars
ATP Technology PillarsATP Technology Pillars
ATP Technology Pillars
 
Network security # Lecture 1
Network security # Lecture 1Network security # Lecture 1
Network security # Lecture 1
 
It security forensic
It security forensicIt security forensic
It security forensic
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and Security
 

Similar to Security Review of Software (Asset Management)

Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
TechWell
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
Patty Buckley
 
1.Security Overview And Patching
1.Security Overview And Patching1.Security Overview And Patching
1.Security Overview And Patching
phanleson
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
Careerera
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
IJERA Editor
 

Similar to Security Review of Software (Asset Management) (20)

Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
 
1.Security Overview And Patching
1.Security Overview And Patching1.Security Overview And Patching
1.Security Overview And Patching
 
Secure Software Development: Why It Matters.
Secure Software Development: Why It Matters.Secure Software Development: Why It Matters.
Secure Software Development: Why It Matters.
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
Information security[277]
Information security[277]Information security[277]
Information security[277]
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prusty
 
Gs Ch1
Gs Ch1Gs Ch1
Gs Ch1
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
 

Recently uploaded

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Delhi Call girls
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
ayushiqss
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 

Recently uploaded (20)

%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodology
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 

Security Review of Software (Asset Management)

  • 1. Presented to ATMIYA University
  • 2. Krutarth Vasavada • B.E. (Electronics and Communication), AITS 2002-06 • M.S. (Computer Engineering), San Jose State University, California, US • Certified Cloud Security Professional, ISC2 • 13+ Years into Software Product Development, Cybersecurity, Information Security Audits, Data Privacy & Compliance • Worked in India, USA, EU (currently) in Automobile, Chemicals, Insurance, Investment Banking, and e- Commerce domains.
  • 3. Topics Cybersecurity – What? Why? Where? How? 01 What is a secure software? 02 Why we need a secure software? 03 Areas of Software Security 04 Secure Software Checklist 05 Exercises and References 06
  • 4. Scope Secure Coding Standards is a separate topic and it is not part of this workshop! This session focuses on software security from end-user perspective
  • 5. Scope In the context of this workshop, Software = Desktop Applications (Dropbox, MS Office, etc.) Mobile Applications (Zoom, WhatsApp, LinkedIn, etc.) Web/SaaS Solutions (Email, JIRA/Confluence, Web Portals, etc.)
  • 6. What is Cybersecurity? Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use
  • 7. Next Topics Cybersecurity – What? Why? Where? How? 01 What is a secure software? 02 Why we need a secure software? 03 Areas of Software Security 04 Secure Software Checklist 05 References 06
  • 8. What is a Secure Software? Protects information identity Respects privacy user rights Improvessecure exchange of data Provides reliable authentication Uses secure architecture privacy-by-design Complies with local/global laws Certified ISO 27001 SOC 2
  • 9. Why we need a Secure Software? Corporations Loss of reputation Customer data exposure Legal battles Monetary compensations Disciplinary action Penalty Individuals Identity theft Financial loss Exposure of personal data/files Blackmail/Ransomware Using a software which doesn’t meet the security requirements has repercussions for corporations as well as individuals.
  • 10. Next Topic Cybersecurity – What? Why? Where? How? 01 What is a secure software? 02 Why we need a secure software? 03 Areas of Software Security 04 Secure Software Checklist 05 References 06
  • 11. Areas of Software Security Technology Stack Up-to-date or Outdated? Architecture Secure? Privacy-by-design? Scalable? Hosting Cloud? Bare-metal? On premises? Hybrid? Geography Locally hosted? Outside the country? within EU/US? Security Features Multi-factor authentication? Backup-Recovery? Audit Logs? Data Privacy Third-party access? User rights? Compliance Information Security Certification? GDPR? Processes e.g., Recruitment process (background check for sensitive jobs)
  • 12. Next Topic Cybersecurity – What? Why? Where? How? 01 What is a secure software? 02 Why we need a secure software? 03 Areas of Software Security 04 Secure Software Checklist 05 References 06
  • 13. Is your software secure? ❑ Review Permissions - What does it access? And when? ❑ Data backup and encryption policies ❑ Will you be able to permanently remove all your data when you want? ❑ How many concurrent sessions does it allow? ❑ With which third-parties your data is shared? ❑ Do you know where the software application and data are hosted? ❑ Does it have any globally trusted information security certification? ❑ Does it have publicly known vulnerabilities? ❑ Does it participate in any global privacy programs such as EU-US, Swiss-US Privacy Shield?
  • 14. Remember, it is about YOU! If You're Not Paying For It, You Are The Product
  • 15. Exercise and Reference Reading According to you, which of the following search engines has better (= end-user friendly) privacy policies? Why? Google – DuckDuckGo – Bing Are WhatsApp messages always end-to-end encrypted? Does that mean WhatsApp cannot read messages exchanged between users? Web Security Academy - https://portswigger.net/web-security Conduct security assessment of your favorite cloud storage drive and prepare an audit report. DHS United States – Defence in Depth Recommendations