SlideShare a Scribd company logo

Compliance Awareness

Organizations face numerous compliance requirements and information security practices provide an easy and effective means to achieve these goals.

1 of 28
Awareness Program on Compliance in the Era of Technology Dinesh Bareja <version 1.0>  Public Document 1 
Agenda <version 1.0>  Public Document ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Compliance Today <version 1.0>  Public Document ,[object Object],Much of the increase in cost is due to duplication of regulation and ambiguous or inconsistent rules - Securities Industry Association, 2006 ,[object Object],[object Object],[object Object],[object Object]
Compliance Today <version 1.0>  Public Document ,[object Object],[object Object],[object Object],Compliance must be part of your organization DNA Regulatory Compliance is not just a legal requirement but  a  critical business function .
Business Risks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],<version 1.0>  Public Document ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],What is at Risk
<version 1.0>  Public Document
Ad

Recommended

Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 

More Related Content

What's hot

ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
Cybersecurity for Marketing
Cybersecurity for Marketing Cybersecurity for Marketing
Cybersecurity for Marketing Alert Logic
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013Ramiro Cid
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...himalya sharma
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 

What's hot (20)

ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
Cybersecurity for Marketing
Cybersecurity for Marketing Cybersecurity for Marketing
Cybersecurity for Marketing
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat Landscape
 

Viewers also liked

Indian Thoughts in Information Security
Indian Thoughts in Information SecurityIndian Thoughts in Information Security
Indian Thoughts in Information SecurityDinesh O Bareja
 
Information Security It's All About Compliance
Information Security   It's All About ComplianceInformation Security   It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Bug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentBug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentDinesh O Bareja
 
Business - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of ITBusiness - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of ITDinesh O Bareja
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Dinesh O Bareja
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India ReadyDinesh O Bareja
 
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Dinesh O Bareja
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires SuperhumansDinesh O Bareja
 
Community Disaster Incident Response
Community Disaster  Incident ResponseCommunity Disaster  Incident Response
Community Disaster Incident ResponseDinesh O Bareja
 
ISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introductionISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introductionDinesh O Bareja
 
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaGovernance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaDinesh O Bareja
 
Mind Your Manners On Linked In
Mind Your Manners On Linked InMind Your Manners On Linked In
Mind Your Manners On Linked InDinesh O Bareja
 
Common Sense 101 - so much to learn about CS
Common Sense 101 - so much to learn about CSCommon Sense 101 - so much to learn about CS
Common Sense 101 - so much to learn about CSDinesh O Bareja
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its PreventionDinesh O Bareja
 

Viewers also liked (16)

Indian Thoughts in Information Security
Indian Thoughts in Information SecurityIndian Thoughts in Information Security
Indian Thoughts in Information Security
 
Information Security It's All About Compliance
Information Security   It's All About ComplianceInformation Security   It's All About Compliance
Information Security It's All About Compliance
 
Bug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentBug Bounty Programs : Good for Government
Bug Bounty Programs : Good for Government
 
Business - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of ITBusiness - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of IT
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India Ready
 
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires Superhumans
 
Community Disaster Incident Response
Community Disaster  Incident ResponseCommunity Disaster  Incident Response
Community Disaster Incident Response
 
ISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introductionISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introduction
 
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaGovernance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
 
Mind Your Manners On Linked In
Mind Your Manners On Linked InMind Your Manners On Linked In
Mind Your Manners On Linked In
 
Common Sense 101 - so much to learn about CS
Common Sense 101 - so much to learn about CSCommon Sense 101 - so much to learn about CS
Common Sense 101 - so much to learn about CS
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
 

Similar to Compliance Awareness

Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environmentsamiable_indian
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Insight into IT Strategic Challenges
Insight into IT Strategic ChallengesInsight into IT Strategic Challenges
Insight into IT Strategic ChallengesJorge Sebastiao
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Jack Shaffer
 
六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩baoyin
 
Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Turvallisuus2013
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedTiffany Graham
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceSonatype
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2SafeNet
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueRapidValue
 
Annotated Bibliography On Database Security
Annotated Bibliography On Database SecurityAnnotated Bibliography On Database Security
Annotated Bibliography On Database SecurityLisa Diaz
 
What Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorAnton Chuvakin
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxSUBHI7
 
Data Security Policy For Ecommerce Payment Card Applications
Data Security Policy For Ecommerce Payment Card ApplicationsData Security Policy For Ecommerce Payment Card Applications
Data Security Policy For Ecommerce Payment Card ApplicationsMichelle Meienburg
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps.com
 
Achieving Data Privacy in the Enterprise
Achieving Data Privacy in the EnterpriseAchieving Data Privacy in the Enterprise
Achieving Data Privacy in the EnterpriseSafeNet
 

Similar to Compliance Awareness (20)

Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
Insight into IT Strategic Challenges
Insight into IT Strategic ChallengesInsight into IT Strategic Challenges
Insight into IT Strategic Challenges
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
Eng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-LatestEng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-Latest
 
Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018
 
六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩
 
Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValue
 
Annotated Bibliography On Database Security
Annotated Bibliography On Database SecurityAnnotated Bibliography On Database Security
Annotated Bibliography On Database Security
 
What Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And Monitor
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docx
 
Information Security
Information SecurityInformation Security
Information Security
 
Data Security Policy For Ecommerce Payment Card Applications
Data Security Policy For Ecommerce Payment Card ApplicationsData Security Policy For Ecommerce Payment Card Applications
Data Security Policy For Ecommerce Payment Card Applications
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated Environments
 
Achieving Data Privacy in the Enterprise
Achieving Data Privacy in the EnterpriseAchieving Data Privacy in the Enterprise
Achieving Data Privacy in the Enterprise
 

More from Dinesh O Bareja

WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers Dinesh O Bareja
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
 
Finance and Accounting professionals to bridge the gap with IT
Finance and Accounting professionals to bridge the gap with ITFinance and Accounting professionals to bridge the gap with IT
Finance and Accounting professionals to bridge the gap with ITDinesh O Bareja
 
Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Dinesh O Bareja
 
India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013Dinesh O Bareja
 
OSA - Internet Security in India
OSA - Internet Security in IndiaOSA - Internet Security in India
OSA - Internet Security in IndiaDinesh O Bareja
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 

More from Dinesh O Bareja (9)

WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers
 
Cybersecurity 2.0
Cybersecurity 2.0Cybersecurity 2.0
Cybersecurity 2.0
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRC
 
Finance and Accounting professionals to bridge the gap with IT
Finance and Accounting professionals to bridge the gap with ITFinance and Accounting professionals to bridge the gap with IT
Finance and Accounting professionals to bridge the gap with IT
 
Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0
 
India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013
 
OSA - Internet Security in India
OSA - Internet Security in IndiaOSA - Internet Security in India
OSA - Internet Security in India
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness
 

Recently uploaded

Grevault battery storage system manufacturer
Grevault battery storage system manufacturerGrevault battery storage system manufacturer
Grevault battery storage system manufacturerGrevault
 
The Coca-Cola Company Presentation at CAGNY 2024.pdf
The Coca-Cola Company Presentation at  CAGNY 2024.pdfThe Coca-Cola Company Presentation at  CAGNY 2024.pdf
The Coca-Cola Company Presentation at CAGNY 2024.pdfNeil Kimberley
 
02.20 Webinar - Online Giving Trends.pdf
02.20 Webinar - Online Giving Trends.pdf02.20 Webinar - Online Giving Trends.pdf
02.20 Webinar - Online Giving Trends.pdfBloomerang
 
Serhii Herasymov: Boost sales through Accelerators (UA)
Serhii Herasymov: Boost sales through Accelerators (UA)Serhii Herasymov: Boost sales through Accelerators (UA)
Serhii Herasymov: Boost sales through Accelerators (UA)Lviv Startup Club
 
D2 meeting agenda 02.12.24.hehehheeebebepdf
D2 meeting agenda 02.12.24.hehehheeebebepdfD2 meeting agenda 02.12.24.hehehheeebebepdf
D2 meeting agenda 02.12.24.hehehheeebebepdfsundaysantos13
 
General Mills Presentation at CAGNY 2024
General Mills Presentation at CAGNY 2024General Mills Presentation at CAGNY 2024
General Mills Presentation at CAGNY 2024Neil Kimberley
 
Ch 11 Haunted Castle on Hallows Eve.pptx
Ch 11 Haunted Castle on Hallows Eve.pptxCh 11 Haunted Castle on Hallows Eve.pptx
Ch 11 Haunted Castle on Hallows Eve.pptxdeveloperarafat360
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
How to Get Around Sales Objection | The SMART Sales Systems
How to Get Around Sales Objection | The SMART Sales SystemsHow to Get Around Sales Objection | The SMART Sales Systems
How to Get Around Sales Objection | The SMART Sales SystemsSalesScripter
 
Clean/Renewable Energy Virtual Investor Conference
Clean/Renewable Energy Virtual Investor ConferenceClean/Renewable Energy Virtual Investor Conference
Clean/Renewable Energy Virtual Investor ConferenceMarketing847413
 
Kraft Heinz Presentation at the 2024 CAGNY.pdf
Kraft Heinz Presentation at the 2024 CAGNY.pdfKraft Heinz Presentation at the 2024 CAGNY.pdf
Kraft Heinz Presentation at the 2024 CAGNY.pdfNeil Kimberley
 
More Info: AJTechnicalDr.com Ways to Earn_AVBOB Dream Team
More Info: AJTechnicalDr.com Ways to Earn_AVBOB Dream TeamMore Info: AJTechnicalDr.com Ways to Earn_AVBOB Dream Team
More Info: AJTechnicalDr.com Ways to Earn_AVBOB Dream TeamAnga Jubase
 
Sample Competitors' SWOT Analysis for your SEO Strategy
Sample Competitors' SWOT Analysis for your SEO StrategySample Competitors' SWOT Analysis for your SEO Strategy
Sample Competitors' SWOT Analysis for your SEO StrategyRemar Barquilla
 
SYY CAGNY 2024 PRESENTATION (February 20, 2024)
SYY CAGNY 2024 PRESENTATION (February 20, 2024)SYY CAGNY 2024 PRESENTATION (February 20, 2024)
SYY CAGNY 2024 PRESENTATION (February 20, 2024)SYYIR
 
Zero Budget Marketing Strategy with KPIs for a Cleaning Detergent Training ...
Zero Budget Marketing  Strategy with KPIs for a Cleaning Detergent  Training ...Zero Budget Marketing  Strategy with KPIs for a Cleaning Detergent  Training ...
Zero Budget Marketing Strategy with KPIs for a Cleaning Detergent Training ...Precious Mvulane CA (SA),RA
 
EAPJ Vol VIII February 2024.pdf
EAPJ Vol VIII February 2024.pdfEAPJ Vol VIII February 2024.pdf
EAPJ Vol VIII February 2024.pdfDarryl_Carr
 
Digital Demo Day : Mastering High Volume Recruitment: Leveraging Language Ass...
Digital Demo Day : Mastering High Volume Recruitment: Leveraging Language Ass...Digital Demo Day : Mastering High Volume Recruitment: Leveraging Language Ass...
Digital Demo Day : Mastering High Volume Recruitment: Leveraging Language Ass...TalentView
 
Cracking the Leadership Shadow Code.pptx
Cracking the Leadership Shadow Code.pptxCracking the Leadership Shadow Code.pptx
Cracking the Leadership Shadow Code.pptxWorkforce Group
 

Recently uploaded (20)

Grevault battery storage system manufacturer
Grevault battery storage system manufacturerGrevault battery storage system manufacturer
Grevault battery storage system manufacturer
 
The Coca-Cola Company Presentation at CAGNY 2024.pdf
The Coca-Cola Company Presentation at  CAGNY 2024.pdfThe Coca-Cola Company Presentation at  CAGNY 2024.pdf
The Coca-Cola Company Presentation at CAGNY 2024.pdf
 
02.20 Webinar - Online Giving Trends.pdf
02.20 Webinar - Online Giving Trends.pdf02.20 Webinar - Online Giving Trends.pdf
02.20 Webinar - Online Giving Trends.pdf
 
Stand Out on the Road with a Creative Box Truck Wrap
Stand Out on the Road with a Creative Box Truck WrapStand Out on the Road with a Creative Box Truck Wrap
Stand Out on the Road with a Creative Box Truck Wrap
 
Serhii Herasymov: Boost sales through Accelerators (UA)
Serhii Herasymov: Boost sales through Accelerators (UA)Serhii Herasymov: Boost sales through Accelerators (UA)
Serhii Herasymov: Boost sales through Accelerators (UA)
 
D2 meeting agenda 02.12.24.hehehheeebebepdf
D2 meeting agenda 02.12.24.hehehheeebebepdfD2 meeting agenda 02.12.24.hehehheeebebepdf
D2 meeting agenda 02.12.24.hehehheeebebepdf
 
General Mills Presentation at CAGNY 2024
General Mills Presentation at CAGNY 2024General Mills Presentation at CAGNY 2024
General Mills Presentation at CAGNY 2024
 
Ch 11 Haunted Castle on Hallows Eve.pptx
Ch 11 Haunted Castle on Hallows Eve.pptxCh 11 Haunted Castle on Hallows Eve.pptx
Ch 11 Haunted Castle on Hallows Eve.pptx
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
How to Get Around Sales Objection | The SMART Sales Systems
How to Get Around Sales Objection | The SMART Sales SystemsHow to Get Around Sales Objection | The SMART Sales Systems
How to Get Around Sales Objection | The SMART Sales Systems
 
Clean/Renewable Energy Virtual Investor Conference
Clean/Renewable Energy Virtual Investor ConferenceClean/Renewable Energy Virtual Investor Conference
Clean/Renewable Energy Virtual Investor Conference
 
Kraft Heinz Presentation at the 2024 CAGNY.pdf
Kraft Heinz Presentation at the 2024 CAGNY.pdfKraft Heinz Presentation at the 2024 CAGNY.pdf
Kraft Heinz Presentation at the 2024 CAGNY.pdf
 
More Info: AJTechnicalDr.com Ways to Earn_AVBOB Dream Team
More Info: AJTechnicalDr.com Ways to Earn_AVBOB Dream TeamMore Info: AJTechnicalDr.com Ways to Earn_AVBOB Dream Team
More Info: AJTechnicalDr.com Ways to Earn_AVBOB Dream Team
 
Sample Competitors' SWOT Analysis for your SEO Strategy
Sample Competitors' SWOT Analysis for your SEO StrategySample Competitors' SWOT Analysis for your SEO Strategy
Sample Competitors' SWOT Analysis for your SEO Strategy
 
SYY CAGNY 2024 PRESENTATION (February 20, 2024)
SYY CAGNY 2024 PRESENTATION (February 20, 2024)SYY CAGNY 2024 PRESENTATION (February 20, 2024)
SYY CAGNY 2024 PRESENTATION (February 20, 2024)
 
Zero Budget Marketing Strategy with KPIs for a Cleaning Detergent Training ...
Zero Budget Marketing  Strategy with KPIs for a Cleaning Detergent  Training ...Zero Budget Marketing  Strategy with KPIs for a Cleaning Detergent  Training ...
Zero Budget Marketing Strategy with KPIs for a Cleaning Detergent Training ...
 
Digital Transformation & Improvement Pocketbook
Digital Transformation & Improvement PocketbookDigital Transformation & Improvement Pocketbook
Digital Transformation & Improvement Pocketbook
 
EAPJ Vol VIII February 2024.pdf
EAPJ Vol VIII February 2024.pdfEAPJ Vol VIII February 2024.pdf
EAPJ Vol VIII February 2024.pdf
 
Digital Demo Day : Mastering High Volume Recruitment: Leveraging Language Ass...
Digital Demo Day : Mastering High Volume Recruitment: Leveraging Language Ass...Digital Demo Day : Mastering High Volume Recruitment: Leveraging Language Ass...
Digital Demo Day : Mastering High Volume Recruitment: Leveraging Language Ass...
 
Cracking the Leadership Shadow Code.pptx
Cracking the Leadership Shadow Code.pptxCracking the Leadership Shadow Code.pptx
Cracking the Leadership Shadow Code.pptx
 

Compliance Awareness

  • 1. Awareness Program on Compliance in the Era of Technology Dinesh Bareja <version 1.0> Public Document 1 
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. <version 1.0> Public Document
  • 7.
  • 8. <version 1.0> Public Document
  • 9.
  • 10.
  • 11.
  • 12. Some Insights – drivers for security spend <version 1.0> Public Document By 2008, more than 75% of large and midsize companies will purchase new compliance management, monitoring, and automation solutions. By 2009, compliance will grow to 14.2% of IT budget from 12% in 2006. Source: Gartner 2007
  • 13. <version 1.0> Public Document
  • 14.
  • 15.
  • 16. Suggested Safeguards <version 1.0> Public Document
  • 17. Suggested Safeguards <version 1.0> Public Document
  • 18. <version 1.0> Public Document
  • 19.
  • 20. Compliance Spotlight : PCI – Data Security Standard <version 1.0> Public Document
  • 21.
  • 22. Leverage the Technology Solution <version 1.0> Public Document
  • 23. Leverage the Technology Solution <version 1.0> Public Document Results allow the organization to compare findings against known vulnerabilities and prioritize remediation by implementing controls. Provides a health report on the organization security posture. All Standards, Regulations, Frameworks recommend (or require) Network Assessments as an essential practice. Helps determine whether the controls are in fact preventing the vulnerability from actually endangering the network. A well-executed penetration test can identify the most critical holes in an organization’s defensive net; including the holes exploited by social engineering. pen tests are best used as a way to get an extra set of eyes on a network after major system upgrades. Vulnerability Assessment (VA) Penetration Testing (PT)
  • 24. Leverage the Technology Solution <version 1.0> Public Document Provides a 24 x 7 x 365 watch on network traffic and is available as a Managed Security Service. Traffic is monitored and events (incidents) are correlated against updated industry Common Vulnerability & Exposure (CVE) database. Reports are available online to client via a web interface which will provide information about the threat(s) and remediation plans. Continuous Vulnerability Monitoring and Assessment
  • 25. VA/PT <version 1.0> Public Document Undertaken by qualified professionals Methodology includes use of automated tools augmented with manual skills Meet regulatory requirements (PCI-DSS, HIPAA, GLBA, PIPEDA, etc.) Organizations can realize their true security level Measure IT security effectiveness Identify and remediate potential breach points reducing security risk and liability Benchmark / baseline security posture Certifications Certified Vulnerability Assessor (CVA) (Secure Matrix - DNV) CEH (EC Council) CISSP (ISC2) certifications in Forensics, Fraud (Secure Matrix) Commonly used Tools for VA/PT (commercial / open source) Nessus, GFI Languard (c), Nmap; Metasploit, Canvas (c), etc.
  • 26. List of Tools (indicative) <version 1.0> Public Document Vulnerability Assessment Nessus Nessus is one of the most popular and widely used vulnerability assessment scanner with nearly 14,000 plugins. GFI Languard GFI Languard is a commercial vulnerability assessment scanner with neat reporting capabilities. Netcat Netcat is a network debugging and exploration tool Hping This tool is particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities. This is to map out firewall rulesets. Nikto A comprehensive webserver scanner Sam Spade Windows network query tool Web Inspect Web Application Scanner Firewalk An Advanced traceroute tool Penetration Testing Metasploit Framework This is a framework to deploy vulnerability exploits and payloads. Securematrix has created a database of nearly 100 exploits in this framework Canvas A Commercial Penetration Testing tool Core Impact A Commercial Penetration Testing tool SAINT A commercial Penetration Testing tool CenZic A Commercial Web application testing tool John the ripper powerful, flexible, and fast multi-platform password hash cracker THC Hydra A Fast network authentication cracker which support many different services Dsniff A suite of powerful network auditing and penetration-testing tools Solarwinds Network discovery/monitoring/attack tools
  • 27.
  • 28. <version 1.0> Public Document Thank You

Editor's Notes

  1. 10/06/10
  2. 10/06/10
  3. 10/06/10
  4. 10/06/10
  5. 10/06/10
  6. 10/06/10
  7. 10/06/10
  8. 10/06/10
  9. 10/06/10
  10. 10/06/10
  11. 10/06/10
  12. 10/06/10
  13. 10/06/10
  14. 10/06/10
  15. 10/06/10
  16. 10/06/10
  17. 10/06/10
  18. 10/06/10
  19. 10/06/10
  20. 10/06/10
  21. 10/06/10
  22. 10/06/10
  23. 10/06/10
  24. 10/06/10
  25. 10/06/10
  26. 10/06/10
  27. The movie “Shooter” gives a classic example. A US Marine sharpshooter is brought back from retirement to help prevent the assassination of the US President. The President is visiting three cities and they want him to identify the venue where the killer may make the attempt. The hero checks out the three cities, the President’s program, the venues and the surroundings and comes up with his recommendation. Turns out that the guys who had called him back wanted to kill the President and the movie is about how they use his intelligence and then frame him. Of course, eventually, he thinks like them and kills them all. 10/06/10
  28. The movie “Shooter” gives a classic example. A US Marine sharpshooter is brought back from retirement to help prevent the assassination of the US President. The President is visiting three cities and they want him to identify the venue where the killer may make the attempt. The hero checks out the three cities, the President’s program, the venues and the surroundings and comes up with his recommendation. Turns out that the guys who had called him back wanted to kill the President and the movie is about how they use his intelligence and then frame him. Of course, eventually, he thinks like them and kills them all. 10/06/10