ISO 27001 is an international standard for information security management. Implementing ISO 27001 can provide several benefits for IT service users and providers. It establishes a risk-based approach to identify and treat security risks across the entire organization. The standard also aligns well with ITIL best practices for IT service management. Specifically, ISO 27001 requirements map to key ITIL processes like risk management, change management, and incident management. Adopting both frameworks can strengthen an organization's information security posture and improve its ability to deliver reliable and secure IT services. Regular audits are also required to ensure ongoing compliance and continual improvement of the information security system.
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...PECB
Using IT Governance as a tool for measuring IT performance. COBIT 5 has provided generic metrics at strategic levels [Enterprise metrics], Tactical level [IT Goals metrics] and Operation Level [Process metrics]. We will highlight the benefits and objectives of the measurements, and then provide an approach along with suggestions on the time/frequency of measurement.
The webinar covers:
• The relation between ISO 27001 and ISO 20000
• How much does project management fit in with both of them
• Integration of information security and IT Services
Presenter:
Adnan Hafiz is an IT GRC, Security Consultant and Lead Auditor and a PECB Certified Trainer with over 10 years of significant, progressive experience in Information Technology field, focusing on Information Security, IT Governance, ISO Standards Implementation & Compliance, IT Service Management, Risk Management, Information Security & IT Service Management Audits, Software Project Management and Process Improvement.
Link of the recorded session published on YouTube: https://youtu.be/0se77tjLL4c
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF aqel aqel
This session will discuss how COBIT 5 can facilitate addressing and mitigating cyber security threats in coordination with the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cyber security. COBIT 5 structured approach utilizing its tested processes will result the following:
More focused and less redundant approach to handle cyber-security threats,
Efficient utilization of available security resources, and
Maintain Clear responsibilities and structured organizational change.
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...PECB
Using IT Governance as a tool for measuring IT performance. COBIT 5 has provided generic metrics at strategic levels [Enterprise metrics], Tactical level [IT Goals metrics] and Operation Level [Process metrics]. We will highlight the benefits and objectives of the measurements, and then provide an approach along with suggestions on the time/frequency of measurement.
The webinar covers:
• The relation between ISO 27001 and ISO 20000
• How much does project management fit in with both of them
• Integration of information security and IT Services
Presenter:
Adnan Hafiz is an IT GRC, Security Consultant and Lead Auditor and a PECB Certified Trainer with over 10 years of significant, progressive experience in Information Technology field, focusing on Information Security, IT Governance, ISO Standards Implementation & Compliance, IT Service Management, Risk Management, Information Security & IT Service Management Audits, Software Project Management and Process Improvement.
Link of the recorded session published on YouTube: https://youtu.be/0se77tjLL4c
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF aqel aqel
This session will discuss how COBIT 5 can facilitate addressing and mitigating cyber security threats in coordination with the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cyber security. COBIT 5 structured approach utilizing its tested processes will result the following:
More focused and less redundant approach to handle cyber-security threats,
Efficient utilization of available security resources, and
Maintain Clear responsibilities and structured organizational change.
When your company displays the ISO 27001, your customers will know that you have policies in place to protect their information from today’s big threats.
The 27000 series of certifications cover a variety of information security. You can optimize your time and energy by focusing on just ISO 27001, arguably the best-known and top preparation standard designed to protect your network through an information security management system (ISMS).
Here is a complete guide to ISO 27001. In this guide we will run you through the standard, stages of planning for ISO 27001, the sections for the standard, the certification process and more.
Find out more about ISO 27001 or get a quote for certification here - https://www.nqa.com/en-gb/certification/standards/iso-27001
This presentation explains COBIT (Control Objectives for Information and Related Technology) standard.
Courtesy:
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
Business IT Management - Intro to CobiT & ITILAhmad Hafeezi
Part 1 of the whole presentation on Business IT Management. This slide touches on the CobiT Framework.
This framework is mainly used as a framework for IT Governance and as a Control Methodology on an organization's IT. But, for those who have never heard of CobiT, it can be a great reference material for understanding what aspects of IT should we know about when it comes to managing IT.
CobiT is a public and highly customizable framework. Business owners do not need to follow everything that has been spelled out in the framework. They can pick and choose the processes that are relevant to them and even customize the bits and parts to suit their needs.
Due to the dramatic increase of threats worldwide, there is a need for the companies to find ways how to increase the information security. Therefore, one solution is to implement the ISO/IEC 27001 in order to protect information both internally and externally.
Main points that will be covered are:
• The scope of ISO 27001 & associated other standards references
• Information Security and ISIM Terminologies
• ISIM auditing principles
• Managing audit program & audit activities
Presenter:
Eng. Kefah El-Ghobbas is a specialist in ‘Business Process Excellence' through ‘Business Process Re-engineering' with over 20 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/rTxA8PVULUs
A basic workbook based on ISO/IEC 38500 which organisations can use to re-view their own status.
Delegate materials used in our work with charity boards in NZ
COBIT is a good-practice framework created by international professional association ISACA for information technology management and IT governance. COBIT provides an implementable "set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers.”
You can find the full presentation at http://theProjectLeaders.org
ISO 27004 provides guidance and describes a set of best practices for measuring the result of ISMS in an organization. The standard specifies how to set up a measurement program, what parameters to measure, when to measure, how to measure and helps organizations to decide on how to set performance targets and success criteria.
This whitepaper provides some meaningful examples on metrics along with purposes of metrics (targets).
The whitepaper focuses on metrics in relation to the status of the ISMS and its output. These are also the outputs, which feeds into the management reporting.
IT Governance - Capability Assessment using COBIT 5Eryk Budi Pratama
(re-upload)
Capability assessment of IT Governance using COBIT 5 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
2022 Webinar - ISO 27001 Certification.pdfControlCase
ControlCase Introduction
What is ISO 27001?
What is ISO 27002?
What is ISO 27701, ISO 27017, & ISO 27018?
What is an ISMS?
What is ISO 27001 Certification?
Who Needs ISO 27001?
What is Covered in ISO 27001?
How Many Controls in ISO 27001?
What is the ISO 27001 Certification Process?
How Often Do You Need ISO 27001 Certification?
What are the Challenges to ISO 27001 Compliance?
Why ControlCase?
When your company displays the ISO 27001, your customers will know that you have policies in place to protect their information from today’s big threats.
The 27000 series of certifications cover a variety of information security. You can optimize your time and energy by focusing on just ISO 27001, arguably the best-known and top preparation standard designed to protect your network through an information security management system (ISMS).
Here is a complete guide to ISO 27001. In this guide we will run you through the standard, stages of planning for ISO 27001, the sections for the standard, the certification process and more.
Find out more about ISO 27001 or get a quote for certification here - https://www.nqa.com/en-gb/certification/standards/iso-27001
This presentation explains COBIT (Control Objectives for Information and Related Technology) standard.
Courtesy:
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
Business IT Management - Intro to CobiT & ITILAhmad Hafeezi
Part 1 of the whole presentation on Business IT Management. This slide touches on the CobiT Framework.
This framework is mainly used as a framework for IT Governance and as a Control Methodology on an organization's IT. But, for those who have never heard of CobiT, it can be a great reference material for understanding what aspects of IT should we know about when it comes to managing IT.
CobiT is a public and highly customizable framework. Business owners do not need to follow everything that has been spelled out in the framework. They can pick and choose the processes that are relevant to them and even customize the bits and parts to suit their needs.
Due to the dramatic increase of threats worldwide, there is a need for the companies to find ways how to increase the information security. Therefore, one solution is to implement the ISO/IEC 27001 in order to protect information both internally and externally.
Main points that will be covered are:
• The scope of ISO 27001 & associated other standards references
• Information Security and ISIM Terminologies
• ISIM auditing principles
• Managing audit program & audit activities
Presenter:
Eng. Kefah El-Ghobbas is a specialist in ‘Business Process Excellence' through ‘Business Process Re-engineering' with over 20 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/rTxA8PVULUs
A basic workbook based on ISO/IEC 38500 which organisations can use to re-view their own status.
Delegate materials used in our work with charity boards in NZ
COBIT is a good-practice framework created by international professional association ISACA for information technology management and IT governance. COBIT provides an implementable "set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers.”
You can find the full presentation at http://theProjectLeaders.org
ISO 27004 provides guidance and describes a set of best practices for measuring the result of ISMS in an organization. The standard specifies how to set up a measurement program, what parameters to measure, when to measure, how to measure and helps organizations to decide on how to set performance targets and success criteria.
This whitepaper provides some meaningful examples on metrics along with purposes of metrics (targets).
The whitepaper focuses on metrics in relation to the status of the ISMS and its output. These are also the outputs, which feeds into the management reporting.
IT Governance - Capability Assessment using COBIT 5Eryk Budi Pratama
(re-upload)
Capability assessment of IT Governance using COBIT 5 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
2022 Webinar - ISO 27001 Certification.pdfControlCase
ControlCase Introduction
What is ISO 27001?
What is ISO 27002?
What is ISO 27701, ISO 27017, & ISO 27018?
What is an ISMS?
What is ISO 27001 Certification?
Who Needs ISO 27001?
What is Covered in ISO 27001?
How Many Controls in ISO 27001?
What is the ISO 27001 Certification Process?
How Often Do You Need ISO 27001 Certification?
What are the Challenges to ISO 27001 Compliance?
Why ControlCase?
PECB Webinar: The alignment of Information Security in Service ManagementPECB
The webinar covers:
• Using ISO 27001 and/or COBIT as a framework
• Defining the proper KPI’s
• Information security in service management
Presenter:
This session was presented by Arthur Donkers, Managing Partner of ITSX and a PECB Certified Trainer with more than 30 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/epYUd3mzKzo
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
Because of the ongoing increase in consumer data collection, breaches have also been increasing.
In this regards the information security, data privacy, and cybersecurity standards provide some guidelines and requirements on how to better manage and deal with such breaches.
Amongst others, the webinar covers:
• ISO 27032:2012 – A Framework for Cybersecurity Risks
• ISO/IEC 27000-series, Standards, 27001 vs 27002
• ISO 27002:2022 and 27001:2022 Updates
Presenters:
Danny Manimbo
Danny Manimbo is a Principal with Schellman, based in Denver, Colorado. As a member of Schellman’s West Coast/Mountain region management team, Danny is primarily responsible for co-leading Schellman's ISO practice and the development and oversight of Schellman's SOC practice line, as well as specialty practices such as HIPAA. Danny has been with Schellman for nine years and has over 11 years of experience in providing data security audit and compliance services.
Erik Tomasi
Erik Tomasi is the Managing Partner at EMTsec, a security consulting firm based in Miami and New York. He leads the firm’s consulting division and manages client relationships across several industry sectors. Mr. Tomasi is considered an expert in information security, risk management, and technology management.
Sawyer Miller
Sawyer is a Senior Manager who oversees the ISO practice for risk3sixty, an Atlanta-based Security, Privacy, and Compliance firm helping clients implement business-first information security and compliance programs.
Date: June 22, 2022
Tags: ISO, ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27032, Data protection, Data Privacy, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/isoiec-270022022--information-security-cybersecurity-and-privacy-protection
https://pecb.com/whitepaper/no-iso-27001-certified-companies-among-largest-data-breaches-2014-2015
https://pecb.com/whitepaper/isoiec-270022013-information-technology---security-techniques-code-of-practice-for-information-security-controls
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/fE3DqISAfQY
Data is a valuable resource or tool for any organization to understand its customers and their needs and requirements. Companies spend a good amount of money and time collecting data and losing this data would cost spending time and money
Certvalue is one of the leading ISO consulting & certification company with experts in every industry sector based out in your location. We focus more on improvement, best practices & profit rather than just documentation or certification. We help organisation to achieve certification at affordable cost.
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...Tromenz Learning
ISO 27001 provides a comprehensive set of guidelines for organizations to implement, maintain, and continually improve their ISMS. The standard outlines a systematic approach to identifying, analysing, and managing information security risks, ensuring that appropriate controls are in place to protect the confidentiality, integrity, and availability of information assets.
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001IJNSA Journal
In this paper, after giving a brief definition of Information Security Management Systems (ISMS), ISO 27001, IT governance and COBIT, pros and cons of implementing only COBIT, implementing only IS0 27001 and implementing both COBIT and ISO 27001 together when governing information security in enterprises will be issued.
Everyday information is collected, processed, stored and transmitted in many forms including electronic, physical and verbal, within all types of organizations. All this is reached by using a huge range of devices and systems starting from personal computers, cellular phones, servers, workstations, personal digital assistants, telecommunications networks systems, industrial/process control systems, environmental control systems, etc. So, organizations are trying to achieve their missions, objectives and their business functions in very complex atmosphere.
Information systems, or better say, their latest achievements are giving competitive advantages to organizations, and they are helping organizations to offer the best for their clients. However, now it is a known fact that same achievements have become serious threats of losing of functions, image, or reputation of organization.
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
ISMS Awareness Taining on ISO 27001 done by Industry Experts,customized for you & connected with relevance to your Industry, products,services & Processes
[To download this complete presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
ISO/IEC 27001:2022 is the latest internationally-recognised standard for Information Security Management Systems (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It provides a robust framework to protect information that can be adapted to all types and sizes of organization. Organizations that have significant exposure to information-security related risks are increasingly choosing to implement an ISMS that complies with ISO/IEC 27001.
This ISMS awareness PPT presentation material is designed for organizations who are embarking on ISO/IEC 27001:2022 implementation and need to create awareness of information security among its employees.
LEARNING OBJECTIVES
1. Acquire knowledge on the fundamentals of information security
2. Describe the ISO/IEC 27001:2022 structure
3. Understand the ISO/ IEC 27001:2022 implementation and certification process
4. Gather useful tips on handling an audit session
Hey everyone! I am a consultant who specializes in iso 27001 certification. This page will be dedicated to sharing my experiences and learning from others in this field.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
4. PRESENTATION
OUTLINE
Introduction to InfoSec Management System
What is InfoSec?
InfoSec Frameworks
Why using ISO 27001?
How to implement ISO 27001?
The Strong Correlation between InfoSec with ITIL
The Dimensions Modelling
Some Key Implementations
Some Important Notes
The Continual Improvement
It’s the Perfect Combination Ever!
Have You Aware Enough?
Can You See the Advantages?
The Never-ending (Good) Improvements
6. What is Information Security
Management System?
It is a set of policies and controls that manage
security and risks systematically, across the
entire enterprise. Remember, we should
maintain these CIA triads:
Confidentiality
Secret information is protected from unauthorized
disclosure.
Integrity
Information is protected from unauthorized changes
to ensure that it is reliable and correct.
Availability
Protecting the functionality of support systems and
ensuring that information is fully available at the
point in time.
Information
Assets
7. About Information Assets …
“Aset informasi adalah kumpulan data
yang memiliki nilai dan diakui oleh
suatu lembaga untuk keperluan
menjalankan fungsi bisnisnya, serta
memenuhi persyaratan lembaga itu
sendiri.”
(Queensland Government Enterprise Architecture)
8. Information Security Management System Frameworks
01
This Payment Card Industry
Data Security Standard used by
47% of organizations (the
handling of credit and debit card
information).
02
This International Organization
for Standardization used by
35% of organizations (best
practices by many).
03
This Critical Security Controls
used by 32% of organizations
(developed voluntarily).
04
This National Institute of
Standards Technology
Cybersecurity Framework used
by 29% of organizations (many
amandements).
PCI DSS ISO 27001 CIS NIST
Its Headquarter located in Geneva, which was
founded in London (UK) on 23 February 1947.
Nowadays, ISO strives to standardize business
processes and procedures around the world. It has
published more than 22,700 standards.
Among those numerous standards, there is ISO 27001
which is the accepted global benchmark for the
effective management of information assets, enabling
organizations to avoid costly penalties and financial
losses.
What is ISO?
Source: https://www.itgovernanceusa.com/blog/top-4-cybersecurity-frameworks
9. Why do We Need ISO 27001?
Comply with
Regulations
Increasing the
Customers’ Trust
Minimizing Risk & Threats, Incidents,
Unnecessary Expenses, etc.
Comply with PP. 71; Permen.
Kominfo; Perban. BSSN; and
many others.
This standard already
recognized all over the world
which always updated regularly.
Having a risk-based approach so that organization
can detect various potential threats, even planning
how to deal with them.
A Standard which Fits with Chapter
5.1.3 in ITIL v4
Intended to protect the information needed by the
organization to conduct its business, including the
understanding and managing risks to the
confidentiality, integrity, & availability of information,
as well as other aspects.
10. 1. Regulations by Indonesian Government Regulation
Kewajiban
Penyelenggara Sistem Elektronik wajib melakukan pengamanan terhadap komponen Sistem
Elektronik.
(Peraturan Pemerintah No. 71 Tahun 2019 – Pasal 23)
Sanksi Administratif
a. teguran tertulis;
b. denda administratif;
c. penghentian sementara;
d. pemutusan Akses; dan/atau
e. dikeluarkan dari daftar.
(Peraturan Pemerintah No. 71 Tahun 2019 – Pasal 100 ayat 2)
11. Let’s Check the Chapter 1 of PP No. 71 Year 2019
About the “General Requirements”
12. Chapter 1 of PP No. 71 Year 2019 (Continued)
About the “General Requirements”
13. 2. Regulations by the Minister of Communication and Information
Kewajiban
PSE Strategis dan Tinggi wajib memiliki sertifikat pengamanan/keamanan informasi.
PSE Rendah dapat memiliki sertifikat pengamanan/keamanan informasi.
(Peraturan Menteri Kominfo No. 4 Tahun 2016 – Bab IV pasal 10 & 11)
Sanksi Administratif
a. Teguran tertulis; dan
b. Pemberhentian sementara Nama Domain Indonesia.
(Peraturan Menteri Kominfo No. 4 Tahun 2016 – Bab X pasal 25 ayat 2)
14. 3. Regulations by National Cyber & Crypto Agency (BSSN):
Kewajiban
PSE Strategis: ISO 27001 + Indeks KAMI + Standar Keamanan lain yang ditetapkan oleh
Kementerian/Lembaga terkait.
PSE Tinggi: ISO 27001 dan/atau Indeks KAMI + Standar Keamanan lain yang ditetapkan oleh
Kementerian/Lembaga terkait.
PSE Rendah: ISO 27001 atau Indeks KAMI
(Peraturan Badan BSSN No. 8 Tahun 2020 – Bab IV Pasal 9)
Sanksi
Teguran tertulis, setelah bila ditemukan adanya pelanggaran.
(Peraturan Badan BSSN No. 8 Tahun 2020 – Bab VI Pasal 37)
15. How to Implement ISO 27001?
The organization
shall determine the
boundaries and
applicability of the
ISMS to establish its
scope. Don’t forget to
refer to the
regulations.
Identify the
Scope
Which aspect(s)? Top-tier direction Fulfill requirements Review & improve!
Top Management
shall demonstrate
leadership and
commitment with
respect to the ISMS
by doing 8 points of
activities.
Top
Management
Commitment
There are 26
Requirements plus
114 Clauses/Annex
shall be followed
(implemented), which
most of them are
mandatory
requirements.
Implement
Requirements &
Clauses/Annex
Check/recheck
implementation and
practice using
activities called
audits (regular or
annual) that lead to a
stronger ISMS
practices.
Audits & Get
Certified
16.
17. The Dimensions Modelling
This includes the information created,
managed and used in the course of
organization’s needs, also the use of
technologies that support and enable that
system.
Information & Technology
This ranges from formal contracts with
clear separation of responsibilities, to
flexible partnerships where they share
common goals and risks and collaborate
to achieve desired outcomes.
Partners & Suppliers
The organization also needs a culture
that supports its objectives, and the right
level of capacity and competency among
its workforce also motivate people to
work in desirable ways.
Organizations & People
It refers to the daily activities, workflows,
controls, and procedures needed to
achieve organization’s objectives.
Value Streams & Processes
18. Some Existing Key Implementations
1. The Risk Assessment & Register
InfoSec
Annex 6.1.2 & 6.1.3
Req. 4.1
Req. 5.1 & 5.2
Req. 5.3
Annex 12.1.3
Annex 12.1.2
Annex 16.1.1 & 16.1.5
IT Service
Chapter 2.5.3 & 5.1.10
Chapter 3.5
Chapter 4.3.4
Chapter 4.4.1
Chapter 5.2.3
Chapter 5.2.4
Chapter 5.2.5
2. Internal & External Factors
3. Top Management Leadership and Commitment
4. Organizational Roles, Responsibilities and Authorities
5. Capacity Management
6. Change Management
7. Incident Management
Part I
19. Some Existing Key Implementations
8. Asset Register
InfoSec
Annex 8.1.1 & 8.1.2
Annex 12.4.1 – 12.4.3
Annex 16.1.2 & 16.1.4
Annex 14.2.1 – 14.2.9
IT Service
Chapter 5.2.6
Chapter 5.2.7
Chapter 5.2.7
Chapter 5.3.3
9. Logs Monitoring
10. Event Management
11. Software Development
Part II
20. Some ISMS Important Notes for ITSM
1. Deploy Information Security Policies, Targets and How to Achieve Them
2. Register their assets, risks & their treatments thoroughly
3. Define the needed human resources, their competencies & integrity agreements
4. Raise and monitor the employees’ awareness on securing information & its assets
5. Deploy the Information Classification as well as Documented Information Handling
6. Define & conduct the audit or review regularly
Fundamentally, based on ISO 27001 Requirements, it will be better for your organization to:
7. Define regulations to the Physical Security, Removable Media Usage, etc.
23. Let’s Rewind to Chapter 1 of PP No. 71 Year 2019
About the “General Requirements”
24. Which Thought that Never Come in Your Mind?
Shut your mouth,
our data is not
that important!
Confidentiality
Don't worry, nothing
will happen, don't
overthink about it!
Integrity
Hey listen, our
system is very
sophisticated
and safe!
Availability
ISO is a risk-based thinking. So please, minimize those low-awareness thoughts!!!
25. These Are the Real Advantages
ISO 20000-1 (IT Service Management)
ISO 27701 (Personal Information MS);
ISO 27032 (Cybersecurity);
ISO 27017 (InfoSec for Cloud Computing)
ISO 27018 (Privacy in Cloud Computing);
ISO 27033 (IT Network Security);
ISO 27045 (Big Data Security & Privacy);
ISO 27400 (Security & Privacy for IoT).
Extending the Compliances &
Protections
Obey and comply with state regulations that
have important impacts on maintaining
information security on a national scale.
Upholding Our Country’s
Nationalism
Having an ISMS certified by an accredited
certification body is concrete evidence that
your organization is in a strong position for
paying attention their internal/external needs.
Strengthen the Confidence of IT
Service Users
Organizations & people, information &
technology, value stream & processes,
partners & suppliers will be encapsuled with
ISMS mindset.
Strengthen the 4-dimension
Modelling
26. Wait, There Are Some Hidden Advantages!
It is about the
continual processes
of delivering fast and
reliable IT service
Information
Technology
Infrastructure
Library (ITIL)
IT Service
It is about the
continual processes
of securing the
information assets
International
Organization for
Standardization
(ISO) 27001
Information Security
+
(Pasal 3 PP. No. 71 year 2019)
=
Reliable + Secure
27. The Never-ending (Good) Improvements
Strive to be diligent in reviewing your
password and PIN usage, is it strong
enough?
Avoid spreading sensitive and
confidential information/data without
control, especially on social media.
For You, Your Family, and Your Organization
Use the appropriate method when
destroying unused document or
information.
Pay attention to your surroundings
when processing important or
sensitive information.
Be patient, don’t be easily attracted by
tempting and suspicious offers.
Strive to be diligent in reviewing any
kind of transactions, as well as login or
logout history.
Strive diligently to review the availability
and security status of your valuable
information assets.
Strive to be diligent in educating
yourself related to information security.
Learn, then implement improvements every time you faced information security incidents
28. “A person who constantly care about any possible
information security threats & risks in order to maintain
the reputation of you or your organization, don’t mock
them!”
Febryan Alandiestya
29. “Security is a process, not a product”
Bruce Schneier
(A famous American cryptographer, computer security professional, privacy specialist, and writer)