The document outlines India's new National Cyber Security Policy. It aims to secure computing environments and boost trust in electronic transactions. Key points:
- The policy establishes the Indian Computer Emergency Response Team (CERT-IN) to handle cyber security commercially, including responding to attacks.
- It seeks to create effective prosecution for cyber criminals, who currently face little threat.
- The policy upgrades security for government systems to prevent hacking and malware attacks, in response to growing sophisticated cyber threats facing the country.
The basic fundamental of cybersecurity and how can it be used for unethical purposes.
For this type of presentations (customised), you can contact me here : rishav.sadhu11@gmail.com
Network security presentation that briefly covers the aspect of security in networks. The slide consists of procedural steps for network security then some of the important network security components are described. To give it a practical approach, attacks on networks are also covered.
When identifying the most useful best-practice standards and guidance for implementing effective cyber security, it is important to establish the role that each fulfils, its scope and how it interacts (or will interact) with other standards and guidance.
Cybersecurity standards are generally applicable to all organisations regardless of their size or the industry and sector in which they operate. This page provides generic information on each of the standards that is usually recognised as an essential component of any cyber security strategy.
Cyber security and demonstration of security toolsVicky Fernandes
Presentation on Cybersecurity and demonstration of security tools, conducted by Vicky Fernandes on 10th September 2019 at Don Bosco Institute of Technology, Mumbai.
The basic fundamental of cybersecurity and how can it be used for unethical purposes.
For this type of presentations (customised), you can contact me here : rishav.sadhu11@gmail.com
Network security presentation that briefly covers the aspect of security in networks. The slide consists of procedural steps for network security then some of the important network security components are described. To give it a practical approach, attacks on networks are also covered.
When identifying the most useful best-practice standards and guidance for implementing effective cyber security, it is important to establish the role that each fulfils, its scope and how it interacts (or will interact) with other standards and guidance.
Cybersecurity standards are generally applicable to all organisations regardless of their size or the industry and sector in which they operate. This page provides generic information on each of the standards that is usually recognised as an essential component of any cyber security strategy.
Cyber security and demonstration of security toolsVicky Fernandes
Presentation on Cybersecurity and demonstration of security tools, conducted by Vicky Fernandes on 10th September 2019 at Don Bosco Institute of Technology, Mumbai.
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
The term cyber security is used to refer to the security offered through on-line services to protect your online information.
With an increasing amount of people getting connected to Internet, the security threats that cause massive harm are increasing also.
This power-point present Explain about security risk by internet to government offices. here is some important tools and method for safely handheld internet
this ppt contents Introduction
Categories of Cyber Crime
Principles of Computer Security
Types of Cyber Crime
Types of Cyber Attack by Percentage
Cyber Threat Evolution
Advantages of Cyber Security
Safety Tips to Cyber Crime
Just created a slideshare presentation giving a basic introduction to the Confidentiality, Integrity & Availability (CIA) Security Model. You can see more slideshows on http://www.slideshare.net/ImranahmedIT or visit my website: http://imran-ahmed.co.uk
The growth of embedded systems connecting to the Internet or "Internet of Things" (IoT) increases year by year. Thus, the IoT ecosystems become new targets of the attackers. This presentation will talk about the basic principle of information security, why we need to secure IoT ecosystems, and also the vulnerabilities and solutions from OWASP.
** Edureka Cybersecurity Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial gives an introduction to Computer Security and the types of computer security. Also, it teaches you various ways to secure your computer devices. Topics covered in this tutorial include:
1. What is Computer security?
2. Goals of Computer security
3. What to secure?- Types of computer security
4. Potential losses due to cyber attacks
5. How to secure?
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...XEventsHospitality
By A.K. Vishwanathan, Senior Director – Enterprise Risk Services, Deloitte India
Vis is a Chartered Accountant, has a Certified in Risk and Information System Control (CRISC) and a member of the Information Systems Audit and Controls Association (ISACA).
He has advised large organisations in their endeavour in information security and controls, and led risk consulting in complex environments and regulated industries; specifically banking and financial services, telecom, manufacturing, oil and gas, pharma and life sciences and government sector.
This presentation presentated by Mohd Shamir B Hasyim, Vice President Government and Multilateral Engagement, Cyber Security Malaysia, 10th September 2013 on #IISF2013
An Integrated Approach For Cyber Security And Critical Information Infrastructure Protection
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
The term cyber security is used to refer to the security offered through on-line services to protect your online information.
With an increasing amount of people getting connected to Internet, the security threats that cause massive harm are increasing also.
This power-point present Explain about security risk by internet to government offices. here is some important tools and method for safely handheld internet
this ppt contents Introduction
Categories of Cyber Crime
Principles of Computer Security
Types of Cyber Crime
Types of Cyber Attack by Percentage
Cyber Threat Evolution
Advantages of Cyber Security
Safety Tips to Cyber Crime
Just created a slideshare presentation giving a basic introduction to the Confidentiality, Integrity & Availability (CIA) Security Model. You can see more slideshows on http://www.slideshare.net/ImranahmedIT or visit my website: http://imran-ahmed.co.uk
The growth of embedded systems connecting to the Internet or "Internet of Things" (IoT) increases year by year. Thus, the IoT ecosystems become new targets of the attackers. This presentation will talk about the basic principle of information security, why we need to secure IoT ecosystems, and also the vulnerabilities and solutions from OWASP.
** Edureka Cybersecurity Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial gives an introduction to Computer Security and the types of computer security. Also, it teaches you various ways to secure your computer devices. Topics covered in this tutorial include:
1. What is Computer security?
2. Goals of Computer security
3. What to secure?- Types of computer security
4. Potential losses due to cyber attacks
5. How to secure?
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...XEventsHospitality
By A.K. Vishwanathan, Senior Director – Enterprise Risk Services, Deloitte India
Vis is a Chartered Accountant, has a Certified in Risk and Information System Control (CRISC) and a member of the Information Systems Audit and Controls Association (ISACA).
He has advised large organisations in their endeavour in information security and controls, and led risk consulting in complex environments and regulated industries; specifically banking and financial services, telecom, manufacturing, oil and gas, pharma and life sciences and government sector.
This presentation presentated by Mohd Shamir B Hasyim, Vice President Government and Multilateral Engagement, Cyber Security Malaysia, 10th September 2013 on #IISF2013
An Integrated Approach For Cyber Security And Critical Information Infrastructure Protection
This is my attempt to summarize the policy with salient points. For detailed verbose policy please visit http://deity.gov.in/hindi/sites/upload_files/dithindi/files/ncsp_060411.pdf
Internet, Cyber-attacks and threats are becoming more prevalent. This Infographic explains the current state, and things to consider for yourself and your business.
Antonio Alvarez Romero (ATOS) is giving an high level overview of WISER project, higlighting its innovative vision, objectives and concrete outputs.
Learn about how WISER is making cyber security accessible and affordable, especially for SMEs by breaking down barriers to effective cyber risk management. ICT-intensive SMEs can easily access tools to regularly profile their cyber risks and carry out vulnerability tests to stop attacks before they happen.
Firmitas Cyber Solutions - Inforgraphic - Mirai Botnet - A few basic facts on...Rafel Ivgi
Firmitas Cyber Solutions - Inforgraphic - Mirai Botnet - A few basic facts on a world-wide epidemic
500,000 Vulnerable Devices
More than 500k of vulnerable devices found globally.
The malware exploited 62 default router & camera passwords, as well as TR-064 and TR-069 OS Command-Injection vulnerabilities.
120,000 Successful Infections (per day)
72,000 unique IPs infected in 12 hours, ~4000 new IPs per hour.
The worm is still running and new variants of it are released daily into the wild taking over more devices. Most of the devices are home /office routers, and CCTV cameras.
1.5 Tbps - Mirai: DDoS Record-Holder
Until Mirai, the world-record DDoS attacks reached 600 Gbps.
In 2014, the the average size of a DDoS attack was 7.39 Gbps.
2015 saw an increase to 500 Gbps.
In October 2016, Mirai ascended to the next level.
Mirai vs. Other IoT Botnets
Mirai - 500k infections, 1.5 Tbps DDoS
GayFgt/LizKebab/Torlus/Kaiten/Tsunami/PNScan/Qbot - 120k infections, 655 Gbps DDoS
Linux/IRCTelnet (new Aidra) - 3.5k infections, 100.5 Gbps DDoS
LizardStresser - 118k infections, 400 Gbps DDoS
Aidra (Carna/Darlloz) - 420k infections, 1.26 Tbps DDoS
Home & office routers, CCTV cameras, smart watches, and the IoT devices of the new era are becoming the main targets for remote takeover. DDoS and Crypto-Currency mining are main reasons, but the future holds more "attractions", more risks, and more target devices.
Firmitas solutions can be used to actively protect IoT devices, and prevent any unexpected/unintended behavior.
Understanding Cyber Crime and Cyber Security by Sajibe Kanti SajibeKanti
Project : Understanding Cyber Crime and Cyber Security
Place : M. A. Aziz Stadium, Chittagong , Bangladesh
Organized by : Chittagong Division
Powered by : DC OF Lakshmipur
Cyber crime is an activity done using computers and internet. We can say that it is an unlawful acts wherein the computer either a tool or target or both.
We Are Instructor Led Online Training Hub.Get access to the world’s best learning experience at our online learning community where millions of learners learn cutting-edge skills to advance their careers, improve their lives, and pursue the work they love. We provide a diverse range of courses, tutorials, resume formats, projects based on real business challenges, and job support to help individuals get started with their professional career.
A look at why Caribbean cyber security is important, Caribbean experiences achieving cyber security, why an effective strategy is critical and the importance of an effective Information Governance strategy.
All About Network Security & its Essentials.pptxInfosectrain3
Network Security is the first line of defense against hackers and other cyber threats. It’s easy to see why Network Security has become so popular, given that cybercrime is expected to cause $6 trillion in global damage by 2021.
Global Perspective Cyberlaw, Regulations and Complianceijtsrd
Cyber security provides protection to the internet connected networks and system from the cyber attacks. To stop attacks everyone must know and aware of all cyber law, regulations and compliance to secure the cyber. Cyber security is all about to stop cyber crime. Cyber security is must and we have to know about all safety measures required to stop cybercrime. This paper give details information about cyber security and its safety measure. Also we will discuss about the activities related to it and how actually cybercrime happens and all steps taken by the various organization and Government to have cyber ethics everywhere. Cyber security provides protection against the cybercrime and teach us what essential safety measures one need to follow from all cybercrimes. Securing online information is priority where everyone is involved with technology. Whenever anyone talked about cyber security, straight one thing comes in mind that is cybercrime and what safety measures need to take to be safe from it. Syed Meharanjunisa "Global Perspective: Cyberlaw, Regulations and Compliance" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-5 , August 2020, URL: https://www.ijtsrd.com/papers/ijtsrd31684.pdf Paper Url :https://www.ijtsrd.com/computer-science/computer-security/31684/global-perspective-cyberlaw-regulations-and-compliance/syed-meharanjunisa
This slide is a small introduction for cyber security.
What is cyber security?
Why do we need cyber security?
What are the benefits of cybersecurity?
Types of cyber security threats
How to prevent the breaches?
Some real attacks
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...ijtsrd
In today’s dynamic and technologically advanced world, the Internet has become one of the most innovative and rapidly growing technologies. With its rise, it has also become vulnerable to a significant increase in occurrences of cyber attacks, with detrimental effects. Typically, these cyber attacks are targeted at accessing, manipulating, or damaging confidential data, extracting users money, or extorting an organization’s or user’s private information. Sensitive information, whether intellectual property, financial data, confidential information, or other forms of private data are exposed to unauthorized access or disclosure, which can have adverse consequences. Protecting data has become one of the greatest obstacles today as cyber attacks are constantly escalating. Along with the growth of internet services and the advancement of information technology, the importance of cybersecurity is crucial. Cybersecurity aims to ensure that the security interests of the company and users assets are protected and preserved against relevant cyber threats in the digital world. The data and confidentiality of computing assets pertaining to the network of an organization are protected by cybersecurity. This paper mainly focuses on threats and issues in cybersecurity facing modern technologies. It also focuses on the latest cybersecurity strategies and developments that are transforming the face of cybersecurity. Omkar Veerendra Nikhal "An Analytical Study on Attacks and Threats in Cyber Security and its Evolving Trends on Modern Technologies" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd38195.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/38195/an-analytical-study-on-attacks-and-threats-in-cyber-security-and-its-evolving-trends-on-modern-technologies/omkar-veerendra-nikhal
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
4. GROUP MEMBERS:
Aadesh Rai
Ajay Jha
Anu Jain
Dipak Zala
Jaykrishnan VK
Omprakash Singh
Pooja
Remya P
Renbi Jami
Supriya Sarkar
5. GLIMPSE OF CYBER SECURITY POLICY
Headed by a national cyber security coordinator, who reports to the
NSA, the policy has three components that demarcate task and
authority. The existing Indian Computer Emergency Response Team
(CERT-IN) will be tasked to handle the commercial aspects of cyber
security, including 24x7 proactive responses to hackers, cyber-attacks,
intrusions and restoration of affected systems.
As of now, cyber criminals seem to have no real threat of prosecution.
Our job is to create a climate of fear of effective prosecution, as in
other types of crime.
For the first time since the advent of dedicated computer networks in
the Indian government, the National Security Council Secretariat
(NSCS) has come up with a comprehensive cyber security policy for
upgrading the security of systems and preventing them from being
hacked, attacked with malware, or intruded upon.
6. WHY THIS POLICY IS REQUIRED?
To Prevent cyber attacks against the country’s critical
information infrastructures
To Reduce national vulnerability to cyber attacks
To Minimize damage and recovery time from cyber attacks
For creation of a technical-professional body that certifies the
security of a network to ensure the overall health of government
systems.
While NSCS is advocating that initially the certification of
networks could be done by private agencies, the long term plan
is to create a technical body of professionals, all under 40, who
will form the backbone of Indian cyber security.
7. WHY CYBER SECURITY HAS BECOME ESSENTIAL NOW?
Mischievous activities in cyber space have expanded from
novice geeks to organized criminal gangs that are going Hi-tech
Growing threat to national security - web espionage becomes
increasingly advanced, moving from curiosity to well-funded
and well-organized operations aimed at not only financial, but
also political or technical gain
Increasing threat to online services – affecting individuals and
industry because of growth of sophistication of attack
techniques
Emergence of a sophisticated market for software flaws – that
can be used to carry out espionage and attacks on Govt. and
Critical information infrastructure. Findings indicate a blurred
line between legal and illegal sales of software vulnerabilities
8. • Internet has become an weapon for political, military and economic
espionage
• Organized cyber attacks have been witnessed in last few years
• Pentagon, US in 2007
• Estonia in April 2007
• Computer systems of German Chancellery and three Ministries
• E-mail accounts at National Informatics Centre, India
• Highly classified Govt. computer networks in New Zealand &
Australia
• The software used to carry out these attacks indicate that they were
clearly designed & tested with much greater resources than usual
individual hackers
• Most Govt. agencies and companies around the world use common
computing technologies & systems that are frequently penetrated by
criminal hackers and malware
• Traditional protective measures are not enough to protect against
attacks such as those on Estonia, as the complexity and coordination
in using the botnets was totally new. National networks with less
sophistication in monitoring and defense capabilities could face
serious problems to National security
9. • Online services are becoming prime targets for cyber criminals
• Cyber criminals continue to refine their means of deceit as well as their
victims In summary, the global threats affecting users in 2008 are:
• New & sophisticated forms of attacks
• Attacks targeting new technologies, such as VoIP (vishing –
phishing via VoIP & phreaking – hacking tel networks to make
free long distance calls) and peer-to-peer services
• Attacks targeting online social networks
• Attacks targeting online services, particularly online banking
services
• There is a new level of complexity in malware not seen before. These
are more resilient, are modified over and over again and contain
highly sophisticated functionality such as encryption (Ex. Nuwar also
known as ‘Zhelatin’ and ‘Storm’ worm’ – with a new variant
appearing almost daily)
• As a trend we will see an increase in threats that hijack PCs with bots.
Another challenging trend is the arrival of self-modifying threats
• Given the exponential growth in social networking sites, social
engineering may shortly become the easiest & quickest way to commit
ID theft
10. WHO IS RESPONSIBLE FOR ENSURING VIRTUAL SPACE FREE
OF CYBER THREAT?
Government
Private sector
Users
Academicians
11. ACTION NEEDEDTOBE TAKEN AT DIFFERENT LEVELS
At country level:
Policy directives on data security and privacy protection -
Compliance, liabilities and enforcement (ex. Information
Technology Act 2000)
Standards and guidelines for compliance (ex: ISO 27001, ISO
20001 & CERT-In guidelines)
Conformity assessment infrastructure (enabling and
endorsement actions concerning security product – ISO 15408,
security process – ISO 27001 and security manpower – CISA,
CISSP, ISMS-LA, DISA etc.)
Security incident - early warning and response (National cyber
alert system and crisis management)
12. • Information sharing and cooperation (MoUs with vendors and
overseas CERTs and security forums).
• Pro-active actions to deal with and contain malicious activities on
the net by way of net traffic monitoring, routing and gateway
controls
• Lawful interceptions and Law enforcement.
• Nation wide security awareness campaign.
• Security research and development focusing on tools, technology,
products and services.
13. ACTIONS AT NETWORK LEVEL
Compliance to security best practices (ex. ISO27001), service quality
(ISO 20001) and service level agreements (SLAs) and demonstration.
Pro-active actions to deal with and contain malicious activities,
ensuring quality of services and protecting average end users by way
of net traffic monitoring, routing and gateway controls
Keeping pace with changes in security technology and processes to
remain current (configuration, patch and vulnerability management)
Conform to legal obligations and cooperate with law enforcement
activities including prompt actions on alert/advisories issued by CERT-
In.
Use of secure product and services and skilled manpower.
Crisis management and emergency response.
14. ACTIONS AT CORPORATE LEVEL:
Compliance to security best practices (ex. ISO27001), and demonstration.
Pro-active actions to deal with and contain malicious activities, and
protecting average end users by way of net traffic monitoring, routing
and gateway controls
Keeping pace with changes in security technology and processes to
remain current (configuration, patch and vulnerability management)
Conform to legal obligations and cooperate with law enforcement
activities including prompt actions on advisories issued by CERT-In.
Use of secure product and services and skilled manpower.
Crisis management and emergency response.
Periodic training and up gradation of skills for personnel engaged in
security related activities
Promote acceptable users’ behavior in the interest of safe computing
both within and outside.
15. ACTIONS AT SMALL USER LEVEL:
Maintain a level of awareness necessary for self-protection.
Use legal software and update at regular intervals.
Beware of security pitfalls while on the net and adhere to security
advisories as necessary.
Maintain reasonable and trust-worthy access control to prevent
abuse of computer resources
17. BY FACILITATING INTERNATIONALCOOPERATIONARRANGEMENTS
It is an inevitable reality that some countries will become safe havens for
cyber criminals and international pressure to crack down won’t work.
It is believed that in next few years Govts are likely to get aggressive
and pursue action against the specific individuals/groups/companies,
regardless of location
It is also likely that Govts will start putting pressure on intermediary
bodies that have the skills and resources, such as banks, ISPs and
software vendors to protect the public from malware, hacking and social
engineering
We may see industry sector codes of practice demanding improved
security measures, backed probably by assurance and insurance
schemes
Greater connectivity, more embedded systems and less obvious
perimeters
Compliance regulations will drive upgrades and changes and also
increase system complexity and legal wrangles – increase in civil suits
for security breaches
Massive data storing patterns that ensure data never goes away – a
boon to law enforcement agencies
18. • Enabling Govt. as a key stakeholder in creating appropriate
environment/conditions by way of policies and legal/regulatory
framework to address important aspect of data security and privacy
protection concerns. National Cyber Security policy will ensure
amendments to Indian IT Act and designing security and privacy
assurance framework, crisis management plan (CMP) etc.
• Enabling User agencies in Govt. and critical sectors to improve the
security posture of their IT systems and networks and enhance their
ability to resist cyber attacks and recover within reasonable time if
attacks do occur. Formulation of security standards/ guidelines,
empanelment of IT security auditors, creating a network & database of
points-of-contact and CISOs of Govt & critical sector organizations for
smooth and efficient communication to deal with security incidents and
emergencies, CISO training programs on security related topics and
CERT-In initiatives, cyber security drills and security conformity
assessment infrastructure covering products, process and people.
19. • Enabling CERT-In to enhance its capacity and outreach and to
achieve force multiplier effects to serve its constituency in an
effective manner as a `Trusted referral agency’. Specific actions
include – National cyber security strategy (11th Five Year Plan),
National Cyber Alert system, MoUs with vendors, MoUs with CERTs
across the world, network of sectoral CERTs in India, membership
with international/regional CERT forums for exchange of
information and expertise & rapid response, targeted projects and
training programs for use of and compliance to international best
practices in security and incident response.
• Public Communication & Contact programs to increase cyber
security awareness and to communicate Govt. policies on cyber
security.
20. SUGGESTIONS FOR FORTIFICATION OF CYBER SECURITY POLICY:
Social economic political and technological background should be
taken into account while finalizing this policy.
As India is a developing country hence it should be considered not
in continuum with developed world while finalization of this policy.
Short and long term consistent realistic objectives should be there in
the policy.
Fundamental root issues should be addressed in order to be able to
sustain secondary issues.
Policy should consider available resources and their budgeting to
support the short and long term objective.
Policy should not be static in nature. So as to be tuned to the
changing needs. There must be a provision for a constant review in
order to improve the policy and remove the impediments if any.
21. FINALLY IT IS REQUIRED TO CREATE A SECURITY ASSURANCE
LADDER!!!
Security control emphasis depends on the kind of environment
• Low risk : ‘Awareness’ – know your security concerns and
follow best practices
• Medium risk: ‘Awareness & Action’ – Proactive strategies
leave you better prepared to handle security threats and
incidents
• High risk: ‘Awareness, Action and Assurance’ – Since
security failures could be disastrous and may lead to
unaffordable consequences, assurance (basis of trust &
confidence) that the security controls work when needed
most is essential.