SlideShare a Scribd company logo

IT Security Guest Lecture

M
Murthinty

Presentation given at Magnus School of Business, Visakhapatnam, India in November 2009

Technology
1 of 13
Download to read offline
Internal I.T. Security Security within an organization’s network
Contents 4/5/2010 Soumitri 2
Overview • Brief introduction to what this niche segment is all about • IT Security comprises: o People, Processes & Technologies o Network, Application, Database, Endpoint, Messaging o Policy definition, Policy enforcement, Monitoring & Reporting 4/5/2010 Soumitri 3
Industry Perspective - People • Identity and Access Management – Identity Management • Enterprise Employee Directory – Access Management • Single Sign On, Web Sign On, Tokens, Smart Cards, etc – Privilege Management • Layered solutions, Segregation of Duties – Audit & Reporting – Education & Training 4/5/2010 Soumitri 4
Industry Perspective - Process • Risk Management – Risk Modeling Tools • Policy Design & Development – Templates, External Consultants, etc • Business Continuity & Disaster Recovery – Multiple Geographic Storage Sites • Incident & Threat Management – Incident Response Platforms 4/5/2010 Soumitri 5
Industry Perspective - Process (2) • Information Asset Management – Inventory of Assets (includes People) • Systems Development – Architecture – Modeling Tools – Coding Standards • Operations Management – Monitoring Tools 4/5/2010 Soumitri 6
Industry Perspective - Technology • Network – Perimeter security: Firewalls, WLAN, VPN, NIDPS • Application – Coding standards: Static Analysis Tools, Monitoring • Database – Privilege Management: Encryption, Monitoring • Endpoint – Desktops & Servers: Anti-Virus, DLP Suites, Encryption • Messaging – Anti-Spam/Virus/Malware, Encryption • Data – Disk & File encryption, Monitoring & Management, DRM 4/5/2010 Soumitri 7
What is DLP? • Data Leak Protection: “Systems that identify, monitor, and protect data in use, data in motion, and data at rest through deep content inspection, contextual security analysis of transaction and with a centralized management framework” • Data at Rest – Endpoint actions • Data in Motion – Network actions • Data in Use – Data storage • Systems are designed to detect and prevent the unauthorized use and transmission of confidential information 4/5/2010 Soumitri 8
DLP Process 1) Define Confidential Policy 2) Discover Exposed Data 3) Enforce Policy 4) Feedback & Corrective Mechanism 5) Report Generation and Management 4/5/2010 Soumitri 9
Usage & Benefits • Demonstrates Regulatory Compliance – HIPAA, GLBA, PCI, BASEL II, SOX • Helps prevent Identity Theft • Seamless integration in PMO • Protects Brand & Reputation 4/5/2010 Soumitri 10
Conclusion • Internal IT Security is an evolving technology • It is a niche area requiring domain & technical expertise • Compliance: PCI, SOX, BASEL II, GLBA – At least one compliance knowledge is needed • Certifications: SSCP, CISSP • More Info: International Information Systems Security Certification Consortium website 4/5/2010 Soumitri 11
Conclusion (2) • Career Path: External Security Consultants, IT Security Officer, CISO • Management & Communication skills are required • Firm Knowledge of: – Organization’s strategic objectives – Management issues – Impact of Security policies on Business functions – Comprehensive Technical Info – Future Trends 4/5/2010 Soumitri 12
Thank You & Best Wishes 4/5/2010 Soumitri 13

Recommended

Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016
Tomppa Järvinen
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilities
Peter Henley
 
Data security
Data securityData security
Data security
Muhammad Yasir
 
Tax Preparers Presentation
Tax Preparers PresentationTax Preparers Presentation
Tax Preparers Presentation
Doug Landoll
 
VISULOX-Summary-SN
VISULOX-Summary-SNVISULOX-Summary-SN
VISULOX-Summary-SN
Tillmann A. Basien
 
Unit 3
Unit 3Unit 3
Unit 3
abhishek srivastav
 
OTechs Information Security Training Course
OTechs Information Security Training CourseOTechs Information Security Training Course
OTechs Information Security Training Course
Osman Suliman
 
Ofer Cohen - areas of expertise
Ofer Cohen - areas of expertiseOfer Cohen - areas of expertise
Ofer Cohen - areas of expertise
Ofer JRL Cohen
 

Recommended

Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016
Tomppa Järvinen
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilities
Peter Henley
 
Data security
Data securityData security
Data security
Muhammad Yasir
 
Tax Preparers Presentation
Tax Preparers PresentationTax Preparers Presentation
Tax Preparers Presentation
Doug Landoll
 
VISULOX-Summary-SN
VISULOX-Summary-SNVISULOX-Summary-SN
VISULOX-Summary-SN
Tillmann A. Basien
 
Unit 3
Unit 3Unit 3
Unit 3
abhishek srivastav
 
OTechs Information Security Training Course
OTechs Information Security Training CourseOTechs Information Security Training Course
OTechs Information Security Training Course
Osman Suliman
 
Ofer Cohen - areas of expertise
Ofer Cohen - areas of expertiseOfer Cohen - areas of expertise
Ofer Cohen - areas of expertise
Ofer JRL Cohen
 
Brian m cv
Brian m cvBrian m cv
Brian m cv
Amir Shahzad Afridi
 
Tips memulai karir di cybersecurity
Tips memulai karir di cybersecurityTips memulai karir di cybersecurity
Tips memulai karir di cybersecurity
PT Datacomm Diangraha
 
Data security strategies and drivers
Data security strategies and driversData security strategies and drivers
Data security strategies and drivers
Freeform Dynamics
 
JM_Resume
JM_ResumeJM_Resume
JM_Resume
John Morris
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge Pereira
 
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
rmcsoft
 
Introduction to Security (Hardware, Software, Data & Policies)
Introduction to Security (Hardware, Software, Data & Policies)Introduction to Security (Hardware, Software, Data & Policies)
Introduction to Security (Hardware, Software, Data & Policies)
Amr Salah
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtection
Gianmarco Ferri
 
Security In Web Conferencing
Security In Web ConferencingSecurity In Web Conferencing
Security In Web Conferencing
pchen
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
nazar60
 
Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint
Fasoo
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
sushmach10
 
NRF Presentation v2
NRF Presentation v2NRF Presentation v2
NRF Presentation v2
Pete Pouridis
 
Cyber security
Cyber securityCyber security
Cyber security
Perfect Training Center
 
New Massachusetts Data Privacy Regulation
New Massachusetts Data Privacy RegulationNew Massachusetts Data Privacy Regulation
New Massachusetts Data Privacy Regulation
becarreno
 
Tyler Technology Expo
Tyler Technology ExpoTyler Technology Expo
Tyler Technology Expo
Tony DeGonia (LION)
 
Data Security Solutions_2010 @Vilnius December Opening
Data Security Solutions_2010 @Vilnius December OpeningData Security Solutions_2010 @Vilnius December Opening
Data Security Solutions_2010 @Vilnius December Opening
Andris Soroka
 
Intro to information security
Intro to information securityIntro to information security
Intro to information security
Viraj Ekanayake
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Techsylvania
 
Information security and research data
Information security and research dataInformation security and research data
Information security and research data
Tomppa Järvinen
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
Sonny Hashmi
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
Sonny Hashmi
 

More Related Content

What's hot

TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
rmcsoft
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtection
Gianmarco Ferri
 
Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint
Fasoo
 
Data Security Solutions_2010 @Vilnius December Opening
Data Security Solutions_2010 @Vilnius December OpeningData Security Solutions_2010 @Vilnius December Opening
Data Security Solutions_2010 @Vilnius December Opening
Andris Soroka
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Techsylvania
 

What's hot (19)

Brian m cv
Brian m cvBrian m cv
Brian m cv
 
Tips memulai karir di cybersecurity
Tips memulai karir di cybersecurityTips memulai karir di cybersecurity
Tips memulai karir di cybersecurity
 
Data security strategies and drivers
Data security strategies and driversData security strategies and drivers
Data security strategies and drivers
 
JM_Resume
JM_ResumeJM_Resume
JM_Resume
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
 
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
 
Introduction to Security (Hardware, Software, Data & Policies)
Introduction to Security (Hardware, Software, Data & Policies)Introduction to Security (Hardware, Software, Data & Policies)
Introduction to Security (Hardware, Software, Data & Policies)
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtection
 
Security In Web Conferencing
Security In Web ConferencingSecurity In Web Conferencing
Security In Web Conferencing
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
 
Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
NRF Presentation v2
NRF Presentation v2NRF Presentation v2
NRF Presentation v2
 
Cyber security
Cyber securityCyber security
Cyber security
 
New Massachusetts Data Privacy Regulation
New Massachusetts Data Privacy RegulationNew Massachusetts Data Privacy Regulation
New Massachusetts Data Privacy Regulation
 
Tyler Technology Expo
Tyler Technology ExpoTyler Technology Expo
Tyler Technology Expo
 
Data Security Solutions_2010 @Vilnius December Opening
Data Security Solutions_2010 @Vilnius December OpeningData Security Solutions_2010 @Vilnius December Opening
Data Security Solutions_2010 @Vilnius December Opening
 
Intro to information security
Intro to information securityIntro to information security
Intro to information security
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
 

Similar to IT Security Guest Lecture

Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
Sonny Hashmi
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Precisely
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
Precisely
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar
Concept Searching, Inc
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
Ulf Mattsson
 

Similar to IT Security Guest Lecture (20)

Information security and research data
Information security and research dataInformation security and research data
Information security and research data
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy Presentation
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
 
Cor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popiCor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popi
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal Threats
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
Sensitive Data Exposure
Sensitive Data ExposureSensitive Data Exposure
Sensitive Data Exposure
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.ppt
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!
 
Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | Seclore
 

Recently uploaded

ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Femke de Vroome
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
EasyPrinterHelp
 

Recently uploaded (20)

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 

IT Security Guest Lecture

  • 1. Internal I.T. Security Security within an organization’s network
  • 2. Contents 4/5/2010 Soumitri 2
  • 3. Overview • Brief introduction to what this niche segment is all about • IT Security comprises: o People, Processes & Technologies o Network, Application, Database, Endpoint, Messaging o Policy definition, Policy enforcement, Monitoring & Reporting 4/5/2010 Soumitri 3
  • 4. Industry Perspective - People • Identity and Access Management – Identity Management • Enterprise Employee Directory – Access Management • Single Sign On, Web Sign On, Tokens, Smart Cards, etc – Privilege Management • Layered solutions, Segregation of Duties – Audit & Reporting – Education & Training 4/5/2010 Soumitri 4
  • 5. Industry Perspective - Process • Risk Management – Risk Modeling Tools • Policy Design & Development – Templates, External Consultants, etc • Business Continuity & Disaster Recovery – Multiple Geographic Storage Sites • Incident & Threat Management – Incident Response Platforms 4/5/2010 Soumitri 5
  • 6. Industry Perspective - Process (2) • Information Asset Management – Inventory of Assets (includes People) • Systems Development – Architecture – Modeling Tools – Coding Standards • Operations Management – Monitoring Tools 4/5/2010 Soumitri 6
  • 7. Industry Perspective - Technology • Network – Perimeter security: Firewalls, WLAN, VPN, NIDPS • Application – Coding standards: Static Analysis Tools, Monitoring • Database – Privilege Management: Encryption, Monitoring • Endpoint – Desktops & Servers: Anti-Virus, DLP Suites, Encryption • Messaging – Anti-Spam/Virus/Malware, Encryption • Data – Disk & File encryption, Monitoring & Management, DRM 4/5/2010 Soumitri 7
  • 8. What is DLP? • Data Leak Protection: “Systems that identify, monitor, and protect data in use, data in motion, and data at rest through deep content inspection, contextual security analysis of transaction and with a centralized management framework” • Data at Rest – Endpoint actions • Data in Motion – Network actions • Data in Use – Data storage • Systems are designed to detect and prevent the unauthorized use and transmission of confidential information 4/5/2010 Soumitri 8
  • 9. DLP Process 1) Define Confidential Policy 2) Discover Exposed Data 3) Enforce Policy 4) Feedback & Corrective Mechanism 5) Report Generation and Management 4/5/2010 Soumitri 9
  • 10. Usage & Benefits • Demonstrates Regulatory Compliance – HIPAA, GLBA, PCI, BASEL II, SOX • Helps prevent Identity Theft • Seamless integration in PMO • Protects Brand & Reputation 4/5/2010 Soumitri 10
  • 11. Conclusion • Internal IT Security is an evolving technology • It is a niche area requiring domain & technical expertise • Compliance: PCI, SOX, BASEL II, GLBA – At least one compliance knowledge is needed • Certifications: SSCP, CISSP • More Info: International Information Systems Security Certification Consortium website 4/5/2010 Soumitri 11
  • 12. Conclusion (2) • Career Path: External Security Consultants, IT Security Officer, CISO • Management & Communication skills are required • Firm Knowledge of: – Organization’s strategic objectives – Management issues – Impact of Security policies on Business functions – Comprehensive Technical Info – Future Trends 4/5/2010 Soumitri 12
  • 13. Thank You & Best Wishes 4/5/2010 Soumitri 13