Cybersecurity is a growing and rapidly changing field, and it is crucial that the central concepts that frame and define this increasingly pervasive field are understood by professionals who are involved and concerned with the security implications of information technology (IT).
• The evolution of Cybersecurity
• Protecting Digital Assets
• Difference between Cybersecurity and Information Security
• Cybersecurity Objectives
• Future of Cybersecurity
Presenter:
Hafiz Adnan is an IT GRC, Security Consultant and Lead Auditor and a PECB Certified Trainer with over 11 years of significant, progressive experience in Information Technology field, focusing on Information Security, IT Governance, ISO Standards Implementation & Compliance, IT Service Management, Risk Management, Information Security & IT Service Management Audits, Software Project Management and Process Improvement.
Link of the recorded session published on YouTube: https://youtu.be/BA670iVPi5c
The difference between Cybersecurity and Information Security
1.
2. Hafiz Sheikh Adnan Ahmed
IT SECURITY & GRC CONSULTANT & INTERNAL AUDITOR
He is an IT GRC, Security Consultant and Lead Auditor and a PECB Certified Trainer with over 11 years of
significant, progressive experience in Information Technology field, focusing on Information Security, IT
Governance, ISO Standards Implementation & Compliance, IT Service Management, Risk Management,
Information Security & IT Service Management Audits, Software Project Management and Process
Improvement.
He has been awarded with ISACA COBIT Certified Assessor by ISACA; only the 92nd worldwide and 8th in
UAE. He has been awarded with Security Advisor Middle East Awards 2016 in the category of “Personal
Contribution to IT Security”
Contact Information
+971-55-1862974
sh.adnan.ahmed@live.com
ae.linkedin.com/in/adnanahmed16/en
ShAdnanAhmed
3. AGENDA
• Basic Concepts
• Difference between Cybersecurity & Information Security
• Protecting Digital Assets
• Evolution of Cybersecurity
• Importance of Cybersecurity
• Final thoughts
4. BASIC CONCEPTS
• Information Security deals with information, regardless of its format – it
encompasses paper documents, digital and intellectual property in people’s
minds, and verbal or visual communications.
• Cybersecurity is concerned with protecting digital assets – everything from
networks to hardware and information that is processed, stored or transported
by internetworked information systems. Additionally, concepts such as nation-
state sponsored attacks and advanced persistent threats (APTs) belong almost
exclusively to cybersecurity.
5. …. CONT’D
According to NIST:
• Information Security: The protection of information and
information systems from unauthorized access, use,
disclosure, disruption, modification, or destruction in
order to provide confidentiality, integrity, and
availability.
• Cybersecurity: The ability to protect or defend the use
of cyberspace from cyber attacks.
6. DIFFERENCE BETWEEN INFORMATION SECURITY
& CYBERSECURITY
• Both terms are often used “interchangeably”
• Cyber Security refers only to electronic security, information security is a broader
term that encompasses all data, both physical and digital.
• Cyber Security is about securing things that are vulnerable through ICT
10. PROTECTING DIGITAL ASSETS
• NIST and ENISA have identified five key functions necessary for the protection
of digital assets.
• Identify: Use organizational understanding to minimize risk to systems, assets, data
and capabilities.
• Protect: Design safeguards to limit the impact of potential events on critical services
and infrastructure.
• Detect: Implement activities to identify the occurrence of a cybersecurity event.
• Respond: Take appropriate action after learning of a security event.
• Recover: Plan for resilience and the timely repair of compromised capabilities and
services.
13. IMPORTANCE OF CYBERSECURITY
• Cybersecurity focuses on protecting computers, mobile devices, networks,
applications, and data from unauthorized access.
• A policy that emphasizes the awareness of cybersecurity to all employees,
including the process instructing how to handle cyber attacks.
• Prevent companies from hacking, phishing, DOS attacks etc.
• Ensure safer data processing.
• Ensure safety of online transactions and personal information exchanged over
the Internet.
• Facilitates secure and reliable collaboration that protects the privacy of
individuals.
14. FINAL THOUGHTS
• Remember the key element of success is “communication”.
• First evaluate the true status of the company before engaging in any
cybersecurity program.
• Ensure your company covers the basic principles and standards in terms of
information security.
• Involve your Information Security team, IT team and ‘business’ to understand
and determine the scope of the program.
15. IT Security Training Courses
ISO/IEC 27032 Lead Cybersecurity Manager
5 Day Course
Lead Pen Test Professional
5 Days Course
ISO/IEC 27034 Application Security Lead Implementer
5 Days Course
ISO/IEC 27034 Application Security Lead Auditor
5 Days Course
Exam and certification fees are included in the training price.
https://www.pecb.com/it-security | www.pecb.com/events