Introduction to Cybersecurity

Introduction to Cybersecurity
Cybersecurity Presented to ATMIYA University
Krutarth Vasavada • B.E. (Electronics and Communication), AITS 2002- 06 • M.S. (Computer Engineering), San Jose State University, California, US • Certified Cloud Security Professional, ISC2 • 13+ Years into Software Product Development, Cybersecurity, Information Security Audits, Data Privacy & Compliance • Worked in India, USA, EU (currently) in Automobile, Chemicals, Insurance, Investment Banking, and e-Commerce domains.
Topics Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
What is Cybersecurity? Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use
Why Cybersecurity? CONFIDENTIALITY Unauthorized individuals or entities can not get any information that is not intended for them. INTEGRITY The accuracy and completeness of data must be assured. AVAILABILITY It must be ensured that vital information is available whenever needed.
Areas of Cybersecurity Cloud Computing Concepts and Architecture Legal Issues, Contracts and Electronic Discovery Governance and Enterprise Risk Management Compliance and Audit Management Infrastructure Security Application Security Data Security and Encryption
Next Topic Cybersecurity – What? Why? Where? How? 01 Past and Present Scenario 02 Deep Dive – Areas of Cybersecurity 03 Cybersecurity in Software Development Lifecycle 04 Information Security from a Product Perspective 05 Cybersecurity – Skills Matrix and Career Options 06 References 07
Brief History of Cybersecurity Attacks Do you remember “million-dollar lottery” emails? Have you received one? This is called phishing email. It is a training topic in itself.
How are we dealing with challenges? To be honest, pretty badly! Here’s the list of data breaches occurred during the year 2020 so far.
Commonly Known Cybersecurity Attacks Denial-of-service (DoS) and distributed denial- of-service (DDoS) Man-in-the-middle (MitM) Phishing Drive-by attack Identity Theft SQL Injection Cross-site scripting (XSS) Eavesdropping Malware/Ransomware
Cybersecurity Drivers for Organizations Continuous Improvement (e.g., ISMS, Security Roadmap, Training & Awareness, Logging & Monitoring) Compliance (e.g., ISO 27001, GDPR, Local Legislation) Audits (e.g., Technical Platform Audit, Penetration Testing, Customer Due Diligence) Contractual Obligations (e.g., Two-factor authentication, HSM for Key Management)
Challenges for Corporations – Global and Local Internal External Fraud Data Breach Unintended information exposure Loss of reputation Asset theft Loss of business/revenue Internal information leak Penalty/Government fine Today, companies face wide range of challenges in the Cyberseucirty domain which can have internal or external causes and implications.
Cybersecurity in Software Development
Cybersecurity and DevSecOps Purpose & Intent "everyone is responsible for cybersecurity" → everyone thinks about cybersecurity, all the time. How to Achieve? People Technology Processes By promoting security throughout the SDLC. Training and awareness provided to development teams Agile doesn’t mean absence of process Codifying security requirements and checklists which allow built-in security type of development Automation and configuration management CI/CD Secure coding practices “Security as Code” Application level auditing (SAST, DAST)
Information Security from Product and Infrastructure Perspective Application Database Customer Controls Data Center Operations, Policies & Compliance Role-based access Logical Separation Between Customers Single sign-on Geographical Preference (US/EU/Asia) ISO 27001 Certified Information Security Management Audit logs AWS Hosting Audit Logs Offsite Backups GDPR Compliant DPA 24x7 Monitoring Daily Backups User Management / Per-Role Authentication Highest Level of Physical Security Regular Penetration Testing Secure Browser Connections Data Encryption (In Transit and At Rest) Task Level Permission More than 85 Global Certifications/Attestations Third-Party Audits Two-Factor Authentication No Direct Access to All Employees Ability to Export Data Certified Disaster Recovery Practices CSA-STAR Participation Secure Architecture Segregation of Duty Configurable Password/IT Policy Continuous Capacity Monitoring Competent In-House Development Team
Personal Data Processing – New Era • Architecture Supporting Secure-by-design / Privacy-by-design Principles • The new architecture will be built based on the following considerations – • “Forget me” requests • Restrict processing • Export data • Keeping data no longer than necessary • Access control • Audit logs • Local legislations • Further Reading https://gdpr-info.eu/art-25-gdpr/
Cybersecurity – Skills Matrix and Career Options INFRASTRUCTURE COMPLIANCE TECHNOLOGY PRODUCT LEADERSHIP SPECIALIZED AREAS Next Generation Firewall Configuration Authentication Infrastructure Hardware Encryption AWS CI/CD ISO 27001 ISO 27018 SOC2 NIST C5 (German Market) Internal/External Audits Security Testing RESTful API OWASP Project Automated Incident Handling Threat Modeling Security Features Product Roadmap Customer Liaison Vendor Management Budget Input/Cost Estimation Risk Analysis Security Awareness Training Ethical Hacking Cryptography Masking/Tokenization Encryption Keys Management
Reference Reading OWASP Project - https://owasp.org/ NIST Cybersecurity Framework - https://www.nist.gov/cyberframework ISO 27001 - https://www.iso.org/isoiec- 27001-information-security.html Web Security Academy - https://portswigger.net/web-security
Questions? Thank you!

Check these out next

Introduction to Cybersecurity

Recomendados

Más contenido relacionado

Presentaciones para ti(20)

Similar a Introduction to Cybersecurity(20)

Último(20)

Introduction to Cybersecurity