Presentation on Cybersecurity and demonstration of security tools, conducted by Vicky Fernandes on 10th September 2019 at Don Bosco Institute of Technology, Mumbai.
Operational technology (OT) and information technology (IT) security protect devices, networks, systems, and users. Cybersecurity has long been critical in IT and helps organizations keep sensitive data safe, ensure users connect to the internet securely, and detect and prevent potential cyberattacks.
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "What is Cyber Security" gives an introduction to the Cyber Security world and talks about its basic concepts. You get to know different kinds of attack in today's IT world and how cybersecurity is the solution to these attacks. Below are the topics covered in this tutorial:
1. Why we need Cyber Security?
2. What is Cyber Security?
3. The CIA Triad
4. Vulnerability, Threat and Risk
5. Cognitive Cyber Security
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Operational technology (OT) and information technology (IT) security protect devices, networks, systems, and users. Cybersecurity has long been critical in IT and helps organizations keep sensitive data safe, ensure users connect to the internet securely, and detect and prevent potential cyberattacks.
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "What is Cyber Security" gives an introduction to the Cyber Security world and talks about its basic concepts. You get to know different kinds of attack in today's IT world and how cybersecurity is the solution to these attacks. Below are the topics covered in this tutorial:
1. Why we need Cyber Security?
2. What is Cyber Security?
3. The CIA Triad
4. Vulnerability, Threat and Risk
5. Cognitive Cyber Security
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
( ** Cyber Security Training: https://www.edureka.co/cybersecurity-certification-training ** )
This Edureka PPT on "Penetration Testing" will help you understand all about penetration testing, its methodologies, and tools. Below is the list of topics covered in this session:
What is Penetration Testing?
Phases of Penetration Testing
Penetration Testing Types
Penetration Testing Tools
How to perform Penetration Testing on Kali Linux?
Cyber Security Playlist: https://bit.ly/2N2jlNN
Cyber Security Blog Series: https://bit.ly/2AuULkP
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka PPT on "Cybersecurity Fundamentals" will introduce you to the world of cybersecurity and talks about its basic concepts. Below is the list of topics covered in this session:
Need for cybersecurity
What is cybersecurity
Fundamentals of cybersecurity
Cyberattack Incident
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
this ppt contents Introduction
Categories of Cyber Crime
Principles of Computer Security
Types of Cyber Crime
Types of Cyber Attack by Percentage
Cyber Threat Evolution
Advantages of Cyber Security
Safety Tips to Cyber Crime
Application Security - Your Success Depends on itWSO2
Traditional information security mainly revolves around network and operating system (OS) level protection. Regardless of the level of security guarding those aspects, the system can be penetrated and the entire deployment can be brought down if your application's security isn't taken into serious consideration. Information security should ideally start at the application level, before network and OS level security is ensured. To achieve this, security needs to be integrated into the application at the software development phase.
In this session, Dulanja will discuss the following:
The importance of application security - why network and OS security is insufficient.
Challenges in securing your application.
Making security part of the development lifecycle.
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
This Edureka PPT on "Application Security" will help you understand what application security is and measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
Following are the topics covered in this PPT:
Introduction to Cybersecurity
What is Application Security?
What is an SQL Injection attack
Demo on SQL Injection
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
With 2015 cybersecurity themes and realities nearly in the rearview mirror, “Cybersecurity – Securing your 2016 Audit Plan” will shift our outlook to looking forward into what cybersecurity predictions are being made for 2016, and what key topics and themes will drive 2016 audit planning in the cybersecurity area.
( ** Cyber Security Training: https://www.edureka.co/cybersecurity-certification-training ** )
This Edureka PPT on "Penetration Testing" will help you understand all about penetration testing, its methodologies, and tools. Below is the list of topics covered in this session:
What is Penetration Testing?
Phases of Penetration Testing
Penetration Testing Types
Penetration Testing Tools
How to perform Penetration Testing on Kali Linux?
Cyber Security Playlist: https://bit.ly/2N2jlNN
Cyber Security Blog Series: https://bit.ly/2AuULkP
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka PPT on "Cybersecurity Fundamentals" will introduce you to the world of cybersecurity and talks about its basic concepts. Below is the list of topics covered in this session:
Need for cybersecurity
What is cybersecurity
Fundamentals of cybersecurity
Cyberattack Incident
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
this ppt contents Introduction
Categories of Cyber Crime
Principles of Computer Security
Types of Cyber Crime
Types of Cyber Attack by Percentage
Cyber Threat Evolution
Advantages of Cyber Security
Safety Tips to Cyber Crime
Application Security - Your Success Depends on itWSO2
Traditional information security mainly revolves around network and operating system (OS) level protection. Regardless of the level of security guarding those aspects, the system can be penetrated and the entire deployment can be brought down if your application's security isn't taken into serious consideration. Information security should ideally start at the application level, before network and OS level security is ensured. To achieve this, security needs to be integrated into the application at the software development phase.
In this session, Dulanja will discuss the following:
The importance of application security - why network and OS security is insufficient.
Challenges in securing your application.
Making security part of the development lifecycle.
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
This Edureka PPT on "Application Security" will help you understand what application security is and measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
Following are the topics covered in this PPT:
Introduction to Cybersecurity
What is Application Security?
What is an SQL Injection attack
Demo on SQL Injection
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
With 2015 cybersecurity themes and realities nearly in the rearview mirror, “Cybersecurity – Securing your 2016 Audit Plan” will shift our outlook to looking forward into what cybersecurity predictions are being made for 2016, and what key topics and themes will drive 2016 audit planning in the cybersecurity area.
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
This webinar series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks
The series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk based IT audits.
Session 10 of 10
This Webinar focuses on Advanced Persistent Threats and targeted cyber attacks:
• Advanced Persistent Threats – the shifting paradigm to targeted attacks
• Understanding Advanced Persistent threats
• Overview of popular types of APTs
• Impact of APTs on sensitive data as well as organisation reputation
• Characteristics and Attack sequence of APT attacks and the challenges in detecting APTs
• Assessing, Managing and Auditing APT Risks
• Data loss and Cyber intrusions
We Are Instructor Led Online Training Hub.Get access to the world’s best learning experience at our online learning community where millions of learners learn cutting-edge skills to advance their careers, improve their lives, and pursue the work they love. We provide a diverse range of courses, tutorials, resume formats, projects based on real business challenges, and job support to help individuals get started with their professional career.
Learn all about the Latest CompTIA Security+ SYO-701 Exam in 2 minutes! Swipe through the slides to discover the new updates in this latest version, its course content, target audience, exam details, career scope, and more.
𝐒𝐭𝐚𝐫𝐭 𝐲𝐨𝐮𝐫 𝐥𝐞𝐚𝐫𝐧𝐢𝐧𝐠 𝐣𝐨𝐮𝐫𝐧𝐞𝐲 𝐧𝐨𝐰! 👉 https://www.infosectrain.com/courses/comptia-security/
In the ever-evolving cybersecurity landscape, the latest version of the CompTIA Security+ (SY0-701) training course from InfosecTrain is your gateway to mastering the core skills necessary to secure data and information systems in the digital age.
The CompTIA Security+ SY0-701 course from InfosecTrain, provides a comprehensive and expert-led training experience, covering five key domains that are essential for understanding and excelling in the field of information security. Participants will delve into general security concepts, threats, vulnerabilities, mitigations, security architecture, security operations, and security program management. The course features practical exercises and hands-on labs to develop participant’s skills, ensuring that participants are well-prepared for the SY0-701 certification exam.
Unlock essential cybersecurity skills with InfosecTrain's latest CompTIA Security+ (SY0-701) course. Master core competencies in data and information system security, covering the latest threats, automation, zero trust principles, IoT security, and risk management. Be exam-ready and secure success on your first attempt.
Learn all about the 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦 in 2 minutes!
Swipe through the slides to discover the new updates in this latest version, its course content, target audience, exam details, career scope and more..
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
Cyber attacks have increased in frequency and severity, and financial institutions are particularly interesting targets to cyber criminals. Join this presentation to learn the latest cybersecurity threats and challenges plaguing the financial industry, and the policies and solutions your organization needs to have in place to protect against them.
Viewers will learn:
• Current trends in Cyber attacks
• FFIEC Cyber Assessment Toolkit
• NIST Cybersecurity Framework principles
• Security Metrics
• Oversight of third parties
• How to measure cybersecurity preparedness
• Automated approaches to integrate Security into DevOps
About the Presenter:
Ulf Mattsson is the Chief Technology Officer of Security Solutions at Atlantic BT, and earlier at Compliance Engineering. Ulf was the Chief Technology Officer and a founder of Protegrity, He invented the Protegrity Vaultless Tokenization, Data Type Preservation (DTP2) and created the initial architecture of Protegrity's database security technology. Prior to Protegrity, Ulf worked 20 years at IBM in software development and in IBM's Research organization, in the areas of IT Architecture and Security, and received a US Green Card of class ‘EB 11 – Individual of Extraordinary Ability’ after endorsement by IBM. Ulf is the inventor of more than 45 patents in the areas of Encryption, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
3. OVERVIEW
A. Cyber Security:
•Market Value of Cyber Security
•Cyber Crime Statistics
•What is Cyber Security?
•The CIA Triad of Information Security
•Cyber Security Careers
4. B. Demonstration of Security Tools:
•Understanding CVE, CWE, CVSS, OWASP Top 10, SANS Top 25.
•Wireshark demonstration.
•Nmap demonstration.
•Nessus – Vulnerability Assessment scanning tool.
5. MARKET VALUE OF CYBER SECURITY
•According to the Gartner Press
release in 2018, the Cyber
Security market is forecast to
grow 8.7 percent to $124
billion.
6.
7. •By 2024, the value of Cyber
Security market is anticipated
to reach $300 Billion.
(Source: Press release 2019 by
Global Market Insights Inc.
https://www.prnewswire.com/n
ews-releases/cybersecurity-
market-worth-over-300bn-by-
2024-global-market-insights-
inc--863930577.html )
8. WHO’S SPENDING BIG IN CYBER SECURITY?
•According to the 2019 President’s
Budget released by the White
House, the U.S. government plans
to spend on cybersecurity-related
activities this year — a 4.1%
increase ($583.4 million) over the
2018 budget.
•However, according to the budget
document, the caveat is that “Due
to the sensitive nature of some
activities, this amount does not
represent the entire cyber
budget.”
9. •According to the firm Cybersecurity Ventures, it is predicted that
global spending on cybersecurity products and services will
exceed $1 trillion cumulatively over the next five years, from
2017 to 2021.
•If considered as a whole, 12-15 percent year-over-year
cybersecurity market growth is anticipated through 2021.
10. BUT WHY ARE GOVERNMENTS & ORGANIZATIONS
SPENDING SO MUCH ON CYBER SECURITY?
12. CYBER CRIME STATISTICS
•According to McAfee’s Economic Impact of Cyber
Crime (February 2018), 780,000 records were lost per day in
2017.
•According to Cisco’s 2018 Annual Cybersecurity Report, 38% of
malicious file extensions used were Office formats.
•According to Varonis’s 2018 Global Data Risk Report, 6.2 billion
files were analyzed. These files contained credit card information,
health records, etc. 21% of these files were open for global
access. Furthermore, 41% of companies have more than 1000
sensitive files open to everyone.
13. •According to the information-
age.com, If cybercrime was a
country it would have the 13th
highest GDP in the world.
•Global cybercrime economy
generates over $1.5TN profit.
•In 2015, Juniper Networks
conducted a study and found that
global cybercrime takes in larger
profits than the illegal drug trade.
14. •According to the National
Cyber Security Alliance 60
percent of small and midsized
businesses that are hacked go
out of business within six months.
(Source: inc.com)
15. •In 2016, 3 billion Yahoo
accounts were hacked in one of
the biggest breaches of all
time.
•In 2016, Uber reported that
hackers stole the information of
over 57 million riders and
drivers.
•In 2017, 147.9 million
consumers were affected by the
Equifax Breach
•In 2017, Deloitte faced a
Cyber attack on it’s Email
servers.
17. WHAT IS CYBER SECURITY?
•Cybersecurity is the protection of internet-connected systems,
including hardware, software and data, from cyberattacks.
•In a computing context, security comprises cybersecurity and
physical security -- both are used by enterprises to protect against
unauthorized access to data centers and other computerized
systems.
•Information security, which is designed to maintain the
confidentiality, integrity and availability of data, is a subset of
cybersecurity.
18. THE CIA TRIAD OF INFORMATION SECURITY
•Confidentiality: Ensures that data or
an information system is accessed by
only an authorized person.
•Integrity: Integrity assures that the
data or information system can be
trusted. Ensures that it is edited by
only authorized persons and remains
in its original state when at rest.
•Availability: Data and information
systems are available when
required.
19. SECURITY & PRIVACY
•Privacy relates to any rights you have to
control your personal information and
how it’s used.
•Example: Privacy Policies.
•Security refers to how your personal
information is protected.
20. CYBER SECURITY CAREERS
1. Security Software Developer:
•Security Software Developers build security software and integrate
security into applications software during the design and development
process.
•Depending on the specific position and company, a security software
developer might oversee a team of developers in the creation of secure
software tools, develop a company-wide software security strategy,
participate in the lifecycle development of software systems, support
software deployments to customers, and test their work for
vulnerabilities.
21. Salary:
•US: $ 72,673 per annum
•India: Rs. 5,91,899
Certifications:
•ECSP: EC-Council Certified Secure Programmer
•CSSLP: Certified Secure Software Lifecycle Professional
•GSSP-JAVA: GIAC Secure Software Programmer-Java
•GWEB: GIAC Certified Web Application Defender
•GSSP-.NET: GIAC Secure Software Programmer- .NET
22. 2. Security Architect:
•A security architect is meant to create, build and execute network
and computer security for an organization.
•Security architects are responsible for developing complex security
framework and ensuring that they function effectively.
•They design security systems to counter malware, hacking and
DDoS attacks.
23. Salary:
•India: Rs 20,14,765 per annum
•US: $123,856 per annum
Certifications:
•CompTIA Security+
•Ethical Hacking
•Certified Information Systems Security Professional (CISSP)
24. 3. Security Consultant:
•Security Consultants evaluate cybersecurity threats, risks, problems,
and give possible solutions for different organizations and guide
them in protecting and securing their physical capital and data.
Salary:
•India: Rs 7,45,839 per annum
•US: $83,288 per annum
25. Certifications:
•CompTIA Security+
•Cybersecurity Analyst (CySA+)
•Certified Ethical Hacker (CEH)
•EC-Council Certified Security Analyst (ECSA)
•Certified Information Security Manager (CISM)
•Certified Information Systems Security Professional (CISSP)
•Offensive Security Certified Professional (OSCP)
26. 4. Information Security Analyst / Security Engineers
•Information Security Analysts are the front-line defense of
networks.
•Information Security Analysts put firewalls and encryption in order
to protect breaches, constantly monitor and audit systems for
unusual activities.
27. Salary:
•India: Rs 520,922 per annum
Certifications:
•CompTIA Security+
•Cybersecurity Analyst (CySA+)
•Certified Ethical Hacker (CEH)
28. 5. Computer Forensics Analysts:
•Forensics analysts focus on cyber-crime, an ever-growing
phenomenon. They work with law enforcement agencies in both
public and private sector organizations and are asked to
undertake a wide variety of tasks, including:
Recovering deleted files
Interpreting data linked to crime
Analyzing mobile phone records
Pursuing data trails
•Computer forensic analysts must keep a well — detailed records
of their investigations, and often provide evidence in court.
30. 6. Chief Information Security Officer
The Chief Information Security Officer is normally a mid-executive level
position whose job is to manage the affairs operations of a company’s or
organization’s IT security division. CISOs are usually responsible for planning,
coordinating and directing all computer, network and data security needs of
their employers.
Salary:
India: Rs 25,49,020 per annum
Certifications:
EC-Council Certified Chief Information Security Officer (CCISO)
31. 7. Penetration Tester:
•Penetration testing is the proactive authorized employment of
testing procedures on the IT system to identify system flaws.
•A penetration tester usually attempts to (with permission) hack into
a computer and network systems to pre-emptively discover
operating system vulnerabilities, service and application problems,
improper configurations and more, before an intruder cause real
damage.
32. Salary:
•India: Rs. 4,96,666 per annum
Certifications:
•Certified Ethical Hacker (CEH)
•EC-Council Certified Security Analyst (ECSA)
•Offensive Security Certified Professional (OSCP)
•Offensive Security Exploitation Expert (OSEE)
33. 8. Security Systems Administrator
•A security systems administrator’s responsibility is a bit similar to many
cybersecurity jobs i.e., installing, administering, maintaining and
troubleshooting computer, network and data security systems.
•The main distinction between security systems administrators and other
cybersecurity professionals is that the security systems administrator is
normally the person in charge of the daily operation of those security
systems.
•The regular tasks include systems monitoring and running regular
backups, and setting up, deleting and maintaining individual user
accounts.
•Security systems administrators are usually often involved in developing
organizational security procedures.
34. Salary:
•India: Rs 4,50,000 per annum
Certifications:
•Certified Information Security Manager (CISM)
•Cisco Certified Network Associate—Routing and Switching (CCNA)
•Certified Information Systems Security Professional (CISSP)
•EC-Council Network Security Administrator (ENSA)
•CompTIA's popular base-level security certification (Security+)
35. WHAT IS CVE, CWE, CVSS, OWASP TOP 10, SANS
TOP 25
•Common Vulnerabilities and Exposures (CVE) is a catalog of known
security threats. The catalog is sponsored by the United States
Department of Homeland Security (DHS), and threats are divided
into two categories: vulnerabilities and exposures.
•CVE Databases:
The National Institute of Standards and Technology (NIST)
The MITRE Corporation
36. •The Common Vulnerability Scoring System (CVSS) is a free and
open industry standard for assessing the severity of computer
system security vulnerabilities.
37. •Common Weakness Enumeration (CWE) is a list of software
weaknesses.
•CWE Database:
The MITRE Corporation
•Total number of CWE’s: 808
38. •CWE/SANS Top 25 Most Dangerous Software Errors is a list of the
most widespread and critical errors that can lead to serious
vulnerabilities in software.
•They are often easy to find, and easy to exploit.
•They are dangerous because they will frequently allow attackers
to completely take over the software, steal data, or prevent the
software from working at all.
39.
40.
41.
42. •The OWASP Top 10 is a powerful awareness document for web
application security.
•It represents a broad consensus about the most critical security risks
to web applications.
•The OWASP Top 10 list consists of the 10 most seen application
vulnerabilities:
Injection
Broken Authentication
Sensitive data exposure
XML External Entities (XXE)
43. Broken Access control
Security misconfigurations
Cross Site Scripting (XSS)
Insecure Deserialization
Using Components with known vulnerabilities
Insufficient logging and monitoring