SlideShare a Scribd company logo

SACON - Enterprise Security Architecture (Bikash Barai)

Priyanka Aash
Priyanka Aash

SACON - Enterprise Security Architecture (Bikash Barai)

Technology
1 of 30
Download to read offline
SACON SACON International 2017 India | Bangalore | November 10 – 11 | Hotel Lalit Ashok Enterprise Security Architecture
SACON Enterprise Architecture • A field born about 30 years ago • Initially targeted to address two problems • System complexity • Inadequate business alignment • Resulting into • More Cost, Less Value
SACON Enterprise Architectural Methodologies • Consortia-developed Frameworks • ISO 19439 • RM-ODP (ITU-T X.901-904) • TOGAF • Defense Industry Framework • DoDAF • MODAF • NAF • Government Framework • ESAAF • FEAF • NIST Enterprise Architecture Model • Open Source Frameworks • TRAK • SABSA • Proprietary Frameworks • Zachman Frameworks • IAF (Capgemini, 1993)
SACON Zachman Framework (4) Source: zachmaninternational.com [Executive Mgmt Perspective] [Business Mgmt Perspective] [Architect’s Perspective] [Engineer’s Perspective] [Technician’s Perspective]
SACON SABSA
SACON Challenges with existing models • Too heavy to be intimidating - Too many steps • Cannot be done incrementally – Needs big bang approach • Very few SABSA professionals and very few implementation • Does not produce a prioritized list of security activities
SACON Goodness Criteria • Should help to eliminate • Should help to focus • Should be simple • Should be easy to remember
SACON Introducing CP-SSM
SACON Goals of CP-SSM • Light • Minimalist • Focused
SACON Steps • Create Business Architecture (High Level) • Strategic Threat Modeling • Elimination: Bucket and Prune • Mapping: Threats to 4 types of controls • Priority Bucketing of Activities
SACON Key Elements • CP- Threat Repository • Threat Prioritization Guideline – Available • Benchmark, Risk Management Model • CP - Control Repository – Not available • CP- Threat to Control Map – Not available • CP- Activity/Control Priority Map
SACON Threat Repository • Taxonomy • Software (26 sub class) • Hardware (3) • Physical Security (3) • Supply Chain (2) • Human (3) • Industry or vertical specific top N listing
SACON CISO Platform Threat – Control Map • Threat: SQL Injection Attack • Detection: WAF, SAST, DAST, IAST, RASP • Prevention: Secure Coding, WAF, RASP • Response: SIEM, SOC Response Process • Prediction: TI (External and Internal)
SACON Prioritization Matrix Prevention Detection Response Prediction High Risk 1 1 2 3 Medium Risk 2 2 2 3 Low Risk 3 3 3 3
SACON Next Steps • Utilize the model (loosely) for building an Appsec Program - Post Lunch • Create Community Projects • Threat Repository (Comprehensive + Top N) • Threat Control
SACON SACON International 2017 India | Bangalore | November 10 – 11 | Hotel Lalit Ashok NIST CSF
SACON Objectives of CSF in a Nutshell Describe Current Security Posture Describe Target Security Posture Continuous Improvement Assess Progress towards Target Posture Communicate Risk
SACON Framework Profile (Where you are and where you want to go) Framework Implementation Tiers (How you view cybersecurity) Framework Core (What it does) •Defines (measures) current state •Defines (measures) desired state •Tiers (4) that show how cybersecurity risks and processes are viewed within an organization •Required Tier based on perceived risk/benefit analysis •Identify •Protect •Detect •Restore •Recover High Level overview of the framework
SACON Framework Core Identify Detect RespondRecover Protect The Framework Core
SACON Structure Microsoft Excel Worksheet
SACON Function Unique Identifier Function Category Unique Identifier Category Subcategory Informative References ID Identify ID.AM-1 Asset Management Physical devices within the organization are inventoried • CCS-CSC1 • COBIT 5 • ISA-62443-2- 1:2009 ID.AM-2 Asset Management Software Platforms and Applications within the organization are inventoried • CCS-CSC1 • COBIT 5 • ISA-62443-2- 1:2009 Structured example
SACON Framework Implementation Tiers • How cybersecurity risks and processes are viewed within organization Partial Risk Informed Repeatable Adaptable Sophistication
SACON Maturity levels – Based on NIST CSF • Tier 1 – Partial • Cybersecurity risk management practices are not formalized, and risk is managed in an ad hoc and sometimes reactive manner. • Prioritization of cybersecurity activities may not be directly informed by organizational risk objectives, the threat environment, or business/mission requirements. • Tier 2 – Risk Informed • Risk management practices are approved by management but may not be established as organizational-wide policy. • Prioritization of cybersecurity activities is directly informed by organizational risk objectives, the threat environment, or business/mission requirements. • Tier 3 – Repeatable • Risk management practices are formally approved and expressed as policy. Organizational cybersecurity practices are regularly updated based on the application of risk management processes to changes in business/mission requirements and a changing threat and technology landscape. • Tier 4 – Adaptive • Adapts its cybersecurity practices based on lessons learned and predictive indicators derived from previous and current cybersecurity activities. • Through a process of continuous improvement incorporating advanced cybersecurity technologies and practices, the organization actively adapts to a changing cybersecurity landscape and responds to evolving and sophisticated threats in a timely manner. Private & Confidential
SACON Framework profile • Presents overview of present and future cybersecurity posture • Business Requirements • Risk Tolerance • Resources • Used to define current state and desired state • Can help measure progress...
SACON CDM Framework Private & Confidential Source: Cyber Defense Matrix
SACON CDM Mapping Credit: Sounil Yu
SACON FireCompass Score (34 / 100) - Sample Maturity levels • Tier 4: Adaptive • Tier 3: Repeatable • Tier 2: Risk Informed • Tier 1: Partial Identify Protect Detect Respond Recover Devices Tier 2 Tier 2 Tier 2 Tier 2 Tier 1 Applications Tier 2 Tier 2 Tier 1 Tier 1 Tier 1 Networks Tier 1 Tier 1 Tier 1 Tier 1 Tier 1 Data Tier 1 Tier 2 Tier 1 Tier 1 Tier 1 Users Tier 1 Tier 1 Tier 1 Tier 1 Tier 1 Private & Confidential
SACON FireCompass Scores For Indian Industry Private & Confidential 8% 43% 45% 51% 52% 58% 61% 61% Startups + FinTech Small Banks Insurance Manufacturing IT/ITeS Financial Services Telco Large Banks
SACON BeyondCorp
SACON SACON International 2017 India | Bangalore | November 10 – 11 | Hotel Lalit Ashok Thank you

Recommended

SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)
Priyanka Aash
 
Sacon Threat Modeling Overview (Abhishek Datta)
Sacon Threat Modeling Overview (Abhishek Datta)Sacon Threat Modeling Overview (Abhishek Datta)
Sacon Threat Modeling Overview (Abhishek Datta)
Priyanka Aash
 
SACON - Beyond corp (Arnab Chattopadhayay)
SACON - Beyond corp (Arnab Chattopadhayay)SACON - Beyond corp (Arnab Chattopadhayay)
SACON - Beyond corp (Arnab Chattopadhayay)
Priyanka Aash
 
SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)
Priyanka Aash
 
SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)
Priyanka Aash
 
SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)
Priyanka Aash
 
Security at the Speed of Software - Twistlock
Security at the Speed of Software - TwistlockSecurity at the Speed of Software - Twistlock
Security at the Speed of Software - Twistlock
Amazon Web Services
 
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Cloud Native Day Tel Aviv
 

Recommended

SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)
Priyanka Aash
 
Sacon Threat Modeling Overview (Abhishek Datta)
Sacon Threat Modeling Overview (Abhishek Datta)Sacon Threat Modeling Overview (Abhishek Datta)
Sacon Threat Modeling Overview (Abhishek Datta)
Priyanka Aash
 
SACON - Beyond corp (Arnab Chattopadhayay)
SACON - Beyond corp (Arnab Chattopadhayay)SACON - Beyond corp (Arnab Chattopadhayay)
SACON - Beyond corp (Arnab Chattopadhayay)
Priyanka Aash
 
SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)
Priyanka Aash
 
SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)
Priyanka Aash
 
SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)
Priyanka Aash
 
Security at the Speed of Software - Twistlock
Security at the Speed of Software - TwistlockSecurity at the Speed of Software - Twistlock
Security at the Speed of Software - Twistlock
Amazon Web Services
 
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Cloud Native Day Tel Aviv
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI Pipelines
Codefresh
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and How
DevOps.com
 
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CDSynopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Software Integrity Group
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
centralohioissa
 
Practical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationPractical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security Instrumentation
VMware Tanzu
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 
Dev week cloud world conf2021
Dev week cloud world conf2021Dev week cloud world conf2021
Dev week cloud world conf2021
Archana Joshi
 
Container Security: What Enterprises Need to Know
Container Security: What Enterprises Need to KnowContainer Security: What Enterprises Need to Know
Container Security: What Enterprises Need to Know
DevOps.com
 
A journey from dev ops to devsecops
A journey from dev ops to devsecopsA journey from dev ops to devsecops
A journey from dev ops to devsecops
Veritis Group, Inc
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Sebastian Taphanel CISSP-ISSEP
 
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
Elasticsearch
 
Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps
Synopsys Software Integrity Group
 
DevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityDevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just Security
Kevin Fealey
 
Check Point and Accenture Webinar
Check Point and Accenture Webinar Check Point and Accenture Webinar
Check Point and Accenture Webinar
Check Point Software Technologies
 
Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017
Sebastian Taphanel CISSP-ISSEP
 
AsianGames Security Story - Andika Triwidada
AsianGames Security Story - Andika TriwidadaAsianGames Security Story - Andika Triwidada
AsianGames Security Story - Andika Triwidada
idsecconf
 
Twistlock: 7 Experts on Cloud-Native Security
Twistlock: 7 Experts on Cloud-Native SecurityTwistlock: 7 Experts on Cloud-Native Security
Twistlock: 7 Experts on Cloud-Native Security
Mighty Guides, Inc.
 
Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Microsoft Tech Community
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Amazon Web Services
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
DevOps.com
 
SACON - Security Architecture (Arnab Chattopadhayay)
SACON - Security Architecture (Arnab Chattopadhayay)SACON - Security Architecture (Arnab Chattopadhayay)
SACON - Security Architecture (Arnab Chattopadhayay)
Priyanka Aash
 
Sacon - IoT Hackfest (Sri Chakradhar K)
Sacon - IoT Hackfest (Sri Chakradhar K)Sacon - IoT Hackfest (Sri Chakradhar K)
Sacon - IoT Hackfest (Sri Chakradhar K)
Priyanka Aash
 

More Related Content

What's hot

Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI Pipelines
Codefresh
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 
DevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityDevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just Security
Kevin Fealey
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Amazon Web Services
 

What's hot (20)

Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI Pipelines
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and How
 
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CDSynopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
 
Practical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationPractical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security Instrumentation
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
 
Dev week cloud world conf2021
Dev week cloud world conf2021Dev week cloud world conf2021
Dev week cloud world conf2021
 
Container Security: What Enterprises Need to Know
Container Security: What Enterprises Need to KnowContainer Security: What Enterprises Need to Know
Container Security: What Enterprises Need to Know
 
A journey from dev ops to devsecops
A journey from dev ops to devsecopsA journey from dev ops to devsecops
A journey from dev ops to devsecops
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
 
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
 
Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps
 
DevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityDevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just Security
 
Check Point and Accenture Webinar
Check Point and Accenture Webinar Check Point and Accenture Webinar
Check Point and Accenture Webinar
 
Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017
 
AsianGames Security Story - Andika Triwidada
AsianGames Security Story - Andika TriwidadaAsianGames Security Story - Andika Triwidada
AsianGames Security Story - Andika Triwidada
 
Twistlock: 7 Experts on Cloud-Native Security
Twistlock: 7 Experts on Cloud-Native SecurityTwistlock: 7 Experts on Cloud-Native Security
Twistlock: 7 Experts on Cloud-Native Security
 
Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 

Viewers also liked

Viewers also liked (15)

SACON - Security Architecture (Arnab Chattopadhayay)
SACON - Security Architecture (Arnab Chattopadhayay)SACON - Security Architecture (Arnab Chattopadhayay)
SACON - Security Architecture (Arnab Chattopadhayay)
 
Sacon - IoT Hackfest (Sri Chakradhar K)
Sacon - IoT Hackfest (Sri Chakradhar K)Sacon - IoT Hackfest (Sri Chakradhar K)
Sacon - IoT Hackfest (Sri Chakradhar K)
 
SACON - Immutable architecture (Nilanjan De)
SACON - Immutable architecture (Nilanjan De)SACON - Immutable architecture (Nilanjan De)
SACON - Immutable architecture (Nilanjan De)
 
SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)
 
SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)
 
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
 
SACON - Connected cars (Aditya Kakrania)
SACON - Connected cars (Aditya Kakrania)SACON - Connected cars (Aditya Kakrania)
SACON - Connected cars (Aditya Kakrania)
 
SACON - API Security (Suhas Desai)
SACON - API Security (Suhas Desai)SACON - API Security (Suhas Desai)
SACON - API Security (Suhas Desai)
 
SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)
 
SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)
 
SACON - Cyber Risk Assessment Using Bayesian Network (R Venkat)
SACON - Cyber Risk Assessment Using Bayesian Network (R Venkat)SACON - Cyber Risk Assessment Using Bayesian Network (R Venkat)
SACON - Cyber Risk Assessment Using Bayesian Network (R Venkat)
 
Sacon - Fresh Thinking IoT (Arnab Chattopadhayay)
Sacon - Fresh Thinking IoT (Arnab Chattopadhayay)Sacon - Fresh Thinking IoT (Arnab Chattopadhayay)
Sacon - Fresh Thinking IoT (Arnab Chattopadhayay)
 
SACON - Windows Forensic (Dr. Phil Polstra)
SACON - Windows Forensic (Dr. Phil Polstra)SACON - Windows Forensic (Dr. Phil Polstra)
SACON - Windows Forensic (Dr. Phil Polstra)
 
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 

Similar to SACON - Enterprise Security Architecture (Bikash Barai)

Introducing the Oracle Cloud Infrastructure (OCI) Best Practices Framework
Introducing the Oracle Cloud Infrastructure (OCI) Best Practices FrameworkIntroducing the Oracle Cloud Infrastructure (OCI) Best Practices Framework
Introducing the Oracle Cloud Infrastructure (OCI) Best Practices Framework
Revelation Technologies
 
IT Architecture for the Non-Architect, MAX Technical Training 2016
IT Architecture for the Non-Architect, MAX Technical Training 2016IT Architecture for the Non-Architect, MAX Technical Training 2016
IT Architecture for the Non-Architect, MAX Technical Training 2016
MAX Technical Training
 
Workflows adaptations for security management through MDD and Aspects
Workflows adaptations for security management through MDD and Aspects Workflows adaptations for security management through MDD and Aspects
Workflows adaptations for security management through MDD and Aspects
Fáber D. Giraldo
 
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf
 
Oracle enterprise architects day
Oracle enterprise architects dayOracle enterprise architects day
Oracle enterprise architects day
Ayodele Peter Boglo
 

Similar to SACON - Enterprise Security Architecture (Bikash Barai) (20)

Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Introducing the Oracle Cloud Infrastructure (OCI) Best Practices Framework
Introducing the Oracle Cloud Infrastructure (OCI) Best Practices FrameworkIntroducing the Oracle Cloud Infrastructure (OCI) Best Practices Framework
Introducing the Oracle Cloud Infrastructure (OCI) Best Practices Framework
 
IT Architecture for the Non-Architect, MAX Technical Training 2016
IT Architecture for the Non-Architect, MAX Technical Training 2016IT Architecture for the Non-Architect, MAX Technical Training 2016
IT Architecture for the Non-Architect, MAX Technical Training 2016
 
Workflows adaptations for security management through MDD and Aspects
Workflows adaptations for security management through MDD and Aspects Workflows adaptations for security management through MDD and Aspects
Workflows adaptations for security management through MDD and Aspects
 
Mcs2453 aniq mc101053-assignment2
Mcs2453 aniq mc101053-assignment2Mcs2453 aniq mc101053-assignment2
Mcs2453 aniq mc101053-assignment2
 
Building a "Cloud Ready" IT Team
Building a "Cloud Ready" IT TeamBuilding a "Cloud Ready" IT Team
Building a "Cloud Ready" IT Team
 
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
 
Elastic-Engineering
Elastic-EngineeringElastic-Engineering
Elastic-Engineering
 
Anas Orwani Resume
Anas Orwani ResumeAnas Orwani Resume
Anas Orwani Resume
 
Fusion Technical Online Training.pptx
Fusion Technical Online Training.pptxFusion Technical Online Training.pptx
Fusion Technical Online Training.pptx
 
Architecture Series 5-4 Solution Architecture Draft
Architecture Series 5-4 Solution Architecture DraftArchitecture Series 5-4 Solution Architecture Draft
Architecture Series 5-4 Solution Architecture Draft
 
Enterprise Architecture Frameworks
Enterprise Architecture FrameworksEnterprise Architecture Frameworks
Enterprise Architecture Frameworks
 
Togaf online training
Togaf online trainingTogaf online training
Togaf online training
 
Michael fulton it architecture for non-architects
Michael fulton it architecture for non-architectsMichael fulton it architecture for non-architects
Michael fulton it architecture for non-architects
 
ITAM AUS 2017 How to get SAM happily frolicking on the Cloud
ITAM AUS 2017 How to get SAM happily frolicking on the CloudITAM AUS 2017 How to get SAM happily frolicking on the Cloud
ITAM AUS 2017 How to get SAM happily frolicking on the Cloud
 
APNIC Technical Assistance Service, IDNIC OPM 2016
APNIC Technical Assistance Service, IDNIC OPM 2016APNIC Technical Assistance Service, IDNIC OPM 2016
APNIC Technical Assistance Service, IDNIC OPM 2016
 
Oracle enterprise architects day
Oracle enterprise architects dayOracle enterprise architects day
Oracle enterprise architects day
 
Building a "Cloud Ready" IT Team
Building a "Cloud Ready" IT TeamBuilding a "Cloud Ready" IT Team
Building a "Cloud Ready" IT Team
 

More from Priyanka Aash

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Priyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Recently uploaded (20)

Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

SACON - Enterprise Security Architecture (Bikash Barai)