SlideShare a Scribd company logo

CNIT 160 Ch 4c: Security Program Development (Part 3)

Sam Bowne
Sam Bowne

This chapter discusses developing an information security program, including policy development, third-party risk management, and internal partnerships. It covers establishing security policies, assessing and managing risks from third parties, and collaborating with internal groups like legal, HR, IT, and facilities. Developing strong internal partnerships is important for sharing security responsibilities and managing risks across the organization.

1 of 53
Download to read offline
CNIT 160: Cybersecurity Responsibilities 4. Information Security Program Development Part 3 Pages 235-257
Chapter Topics • This lecture covers: • Policy Development (p. 235) • Third-Party Risk Management • Administrative Activities • Internal Partnerships • External Partnerships • Compliance Management • Personnel Management
Chapter Topics For Later Lectures • Administrative Activities • External Partnerships • Compliance Management • Personnel Management • Project and Program Management • Budget • Business Case Development • Vendor Management
• Security Program Operations • IT Service Management • Controls • Metrics and Monitoring • Continuous Improvement Chapter Topics For Later Lectures
Policy Development
Security Policy • Foundational • Defines principles and required actions • to protect assets and personnel • Audience is all personnel • Full-time and part-time employees • Temporary workers, contractors and consultants
Easily Accessible • So no personnel can claim ignorance • As an excuse for violating policy • Often personnel must acknowledge understanding of policy • At time of hire and annually thereafter
Considerations • Laws, regulations, standards • Risk tolerance • Controls • Organizational culture
Alignment • Alignment with Controls • Policies and controls must not contradict each other • Alignment with Audience • Policy must be understood by the workers • Avoid overly technical policies • May have a separate policy for technical workers
Security Policy Structure
Security Policy Structure
Policy Distribution and Acknowledgement • Policy should be well-known and easily accessible • High-ranking executive should inform workers that they are required to comply with the policy • Executives should lead by example
Third-Party Risk Management
Outsourcing • Must identify risks of cloud services • You can outsource work • But you cannot outsource responsibility
Benefits from Use of Third Parties • Available skills and resources • Economies of scale • Objectivity • Reduced costs
Risks from Use of Third Parties • Higher-than-expected costs • Poor quality or performance • Loss of control • Employee integrity and background • Loss of competitive advantage
Risks from Use of Third Parties (continued) • Errors and omissions • Vendor failure • Differing mission and goals • Difficult recourse for problems • Lowered employee morale
Risks from Use of Third Parties (continued) • Audit and compliance • Applicable laws • Cross-border data transfer • Time zone differences • Language and cultural differences
Identifying Third Parties • Inventory third party vendors in use • Consult with stakeholders • Legal • Procurement • Accounts payable • Facilities • Department heads • Location-specific leaders
IT and Third Parties • Ways to identify third parties in use • Established data connections with third parties • Firewall, IDS, and IPS rules • Connections to Identity and Access Management (IAM) systems • Cloud Access Security Broker (CASB) systems
Applications to Manage Third Parties
Risk Tiering and Vendor Classification • Cannot perform all due diligence on all vendors • Apply a level of due diligence according to the level of risk
Criteria • Volume of sensitive customer data • Volume of sensitive internal data • Operational criticality • Physical access to company buildings • Access to information systems • Contractual obligations
Example
Ch 4c-1
Assessing Third Parties • Questionnaires • Questionnaire confirmation • E.g. requesting evidence • Site visit • External attestation • Such as compliance with SOC2, HITRUST, ISO/IEC 27001, etc.
Assessing Third Parties (continued) • External business intelligence • Services like Dunn & Bradstreet or Lexis Nexus • That collect information on health of companies • External cyber intelligence • Security scans • Dark web monitoring
Assessing Third Parties (continued) • Security scans and penetration tests • Intrusive monitoring • Third party can view internal control data in real time • Such as event logs, firewall logs, or packet captures
CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)
Proactive Issue Remediation • The only means of exchange between customer organization and third party are • Money and reputation • Especially when crossing national boundaries • Consider enforcement mechanisms
Contractual Provisions • Service Level Agreement (SLA) • Quality • Security policy and controls • Business continuity • Employee integrity • Ownership of intellectual property • Roles and responsibilities
Contractual Provisions (continued) • Schedule • Regulations and laws • Warranty • Dispute and resolution • Payment
Responsive Issue Remediation • Results from a questionnaire may be unacceptable • Such as no password change requirements • Discussions with third parties may provoke changes • Or expose satisfactory compensating controls
Onboarding • Process to begin a relationship with a third party • Up-front due diligence • To understand the level of risk • Before signing a legal agreement
Contract Language
Security Incidents • Incident response is more complex • When two organizations are involved
Administrative Activities Internal Partnerships
Importance • Partnerships • Are a source of information • And help manage security • Deputize team members from other groups • Designate security liaisons • But they need training and time allocated for these added duties
Legal • Manages business risk • Through contract negotiations • With service providers, customers, and others • Information security can help • With security clauses • Best if security assessment happens before signing a contract
Human Resources (HR) • Recruiting: background checks • Onboarding • Nondisclosure agreements • Training, including Security Awareness Training • Provisioning Human Resource Information Systems (HRISs)
Human Resources (HR) (continued) • Internal transfers • Move to a different department • Change access to systems and applications • Avoid accumulation of privileges
Human Resources (HR) (continued) • Offboarding • Notify security, IT and other departments • Terminate access rights promptly • To prevent revenge and sabotage • Collect company assets like laptops • Sign nondisclosure and noncompete agreements
Human Resources (HR) (continued) • Training • Investigations • Often in partnership with information security • Forensics and chain of custody • Discipline • Demotion, time off without pay, dismissal, etc.
Facilities • Access control • Workplace surveillance • Equipment check-in/check-out • Guest processing • Security guard • Asset security • Personnel safety
Information Technology (IT) • Access control • Architecture • Hardening • Scanning and patching • Security tools • Firewalls, IDS, spam filters, etc.
Information Technology (IT) (continued) • System monitoring • Security monitoring • Third-party connections
Product Development • Security by design • Secure development • Security testing • Code reviews • Security review of open source software • Developer training • Protection of the development process
Procurement • Due diligence for new purchases
Finance • Accounts Payable is the partnership of last resort for information security • Because when they get involved, the vendor relationship is already established
Business Unit Managers • Security manager should understand how each department functions • Develop relationships of trust
Affiliates and Key Business Partners • Half of all security breaches have their nexus in third parties
Ch 4c-2
Ad

Recommended

CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)
Sam Bowne
 
CNIT 160: 3. Information Risk Management (Part 4)
CNIT 160: 3. Information Risk Management (Part 4)CNIT 160: 3. Information Risk Management (Part 4)
CNIT 160: 3. Information Risk Management (Part 4)
Sam Bowne
 
CNIT 160 4d Security Program Management (Part 4)
CNIT 160 4d Security Program Management (Part 4)CNIT 160 4d Security Program Management (Part 4)
CNIT 160 4d Security Program Management (Part 4)
Sam Bowne
 
CNIT 160 4b: Security Program Management (Part 2)
CNIT 160 4b: Security Program Management (Part 2)CNIT 160 4b: Security Program Management (Part 2)
CNIT 160 4b: Security Program Management (Part 2)
Sam Bowne
 
CNIT 160 4d Security Program Management (Part 4)
CNIT 160 4d Security Program Management (Part 4)CNIT 160 4d Security Program Management (Part 4)
CNIT 160 4d Security Program Management (Part 4)
Sam Bowne
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
Sam Bowne
 
CNIT 160 Ch 4b: Security Program Management
CNIT 160 Ch 4b: Security Program ManagementCNIT 160 Ch 4b: Security Program Management
CNIT 160 Ch 4b: Security Program Management
Sam Bowne
 
CNIT 160: Ch 2a: Introduction to Information Security Governance
CNIT 160: Ch 2a: Introduction to Information Security GovernanceCNIT 160: Ch 2a: Introduction to Information Security Governance
CNIT 160: Ch 2a: Introduction to Information Security Governance
Sam Bowne
 
Ch 3a: Risk Management Concepts
Ch 3a: Risk Management ConceptsCh 3a: Risk Management Concepts
Ch 3a: Risk Management Concepts
Sam Bowne
 
CNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy DevelopmentCNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy Development
Sam Bowne
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
Sam Bowne
 
2. Asset Security
2. Asset Security2. Asset Security
2. Asset Security
Sam Bowne
 
CNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security ProgramsCNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security Programs
Sam Bowne
 
CNIT 160: Ch 3a: Risk Management Concepts & Implementing a Program
CNIT 160: Ch 3a: Risk Management Concepts & Implementing a ProgramCNIT 160: Ch 3a: Risk Management Concepts & Implementing a Program
CNIT 160: Ch 3a: Risk Management Concepts & Implementing a Program
Sam Bowne
 
CNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life CycleCNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life Cycle
Sam Bowne
 
CNIT 160: Ch 3d: Operational Risk Management
CNIT 160: Ch 3d: Operational Risk ManagementCNIT 160: Ch 3d: Operational Risk Management
CNIT 160: Ch 3d: Operational Risk Management
Sam Bowne
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
Karthikeyan Dhayalan
 
Chapter 5 - Identity Management
Chapter 5 - Identity ManagementChapter 5 - Identity Management
Chapter 5 - Identity Management
Karthikeyan Dhayalan
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and Testing
Sam Bowne
 
CNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life CycleCNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life Cycle
Sam Bowne
 
CNIT 160 Ch 4b: Security Program Management
CNIT 160 Ch 4b: Security Program ManagementCNIT 160 Ch 4b: Security Program Management
CNIT 160 Ch 4b: Security Program Management
Sam Bowne
 
3. Security Engineering
3. Security Engineering3. Security Engineering
3. Security Engineering
Sam Bowne
 
CNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security ProgramsCNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security Programs
Sam Bowne
 
CISSP - Security Assessment
CISSP - Security AssessmentCISSP - Security Assessment
CISSP - Security Assessment
Karthikeyan Dhayalan
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)
Sam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)
Sam Bowne
 
CNIT 160 3a Information Risk Management
CNIT 160 3a Information Risk ManagementCNIT 160 3a Information Risk Management
CNIT 160 3a Information Risk Management
Sam Bowne
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
drsajjad13
 
Ad

More Related Content

What's hot (20)

CNIT 160: Ch 2a: Introduction to Information Security Governance
CNIT 160: Ch 2a: Introduction to Information Security GovernanceCNIT 160: Ch 2a: Introduction to Information Security Governance
CNIT 160: Ch 2a: Introduction to Information Security Governance
Sam Bowne
 
Ch 3a: Risk Management Concepts
Ch 3a: Risk Management ConceptsCh 3a: Risk Management Concepts
Ch 3a: Risk Management Concepts
Sam Bowne
 
CNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy DevelopmentCNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy Development
Sam Bowne
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
Sam Bowne
 
2. Asset Security
2. Asset Security2. Asset Security
2. Asset Security
Sam Bowne
 
CNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security ProgramsCNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security Programs
Sam Bowne
 
CNIT 160: Ch 3a: Risk Management Concepts & Implementing a Program
CNIT 160: Ch 3a: Risk Management Concepts & Implementing a ProgramCNIT 160: Ch 3a: Risk Management Concepts & Implementing a Program
CNIT 160: Ch 3a: Risk Management Concepts & Implementing a Program
Sam Bowne
 
CNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life CycleCNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life Cycle
Sam Bowne
 
CNIT 160: Ch 3d: Operational Risk Management
CNIT 160: Ch 3d: Operational Risk ManagementCNIT 160: Ch 3d: Operational Risk Management
CNIT 160: Ch 3d: Operational Risk Management
Sam Bowne
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
Karthikeyan Dhayalan
 
Chapter 5 - Identity Management
Chapter 5 - Identity ManagementChapter 5 - Identity Management
Chapter 5 - Identity Management
Karthikeyan Dhayalan
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and Testing
Sam Bowne
 
CNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life CycleCNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life Cycle
Sam Bowne
 
CNIT 160 Ch 4b: Security Program Management
CNIT 160 Ch 4b: Security Program ManagementCNIT 160 Ch 4b: Security Program Management
CNIT 160 Ch 4b: Security Program Management
Sam Bowne
 
3. Security Engineering
3. Security Engineering3. Security Engineering
3. Security Engineering
Sam Bowne
 
CNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security ProgramsCNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security Programs
Sam Bowne
 
CISSP - Security Assessment
CISSP - Security AssessmentCISSP - Security Assessment
CISSP - Security Assessment
Karthikeyan Dhayalan
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)
Sam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)
Sam Bowne
 
CNIT 160 3a Information Risk Management
CNIT 160 3a Information Risk ManagementCNIT 160 3a Information Risk Management
CNIT 160 3a Information Risk Management
Sam Bowne
 
CNIT 160: Ch 2a: Introduction to Information Security Governance
CNIT 160: Ch 2a: Introduction to Information Security GovernanceCNIT 160: Ch 2a: Introduction to Information Security Governance
CNIT 160: Ch 2a: Introduction to Information Security Governance
Sam Bowne
 
Ch 3a: Risk Management Concepts
Ch 3a: Risk Management ConceptsCh 3a: Risk Management Concepts
Ch 3a: Risk Management Concepts
Sam Bowne
 
CNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy DevelopmentCNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy Development
Sam Bowne
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
Sam Bowne
 
2. Asset Security
2. Asset Security2. Asset Security
2. Asset Security
Sam Bowne
 
CNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security ProgramsCNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security Programs
Sam Bowne
 
CNIT 160: Ch 3a: Risk Management Concepts & Implementing a Program
CNIT 160: Ch 3a: Risk Management Concepts & Implementing a ProgramCNIT 160: Ch 3a: Risk Management Concepts & Implementing a Program
CNIT 160: Ch 3a: Risk Management Concepts & Implementing a Program
Sam Bowne
 
CNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life CycleCNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life Cycle
Sam Bowne
 
CNIT 160: Ch 3d: Operational Risk Management
CNIT 160: Ch 3d: Operational Risk ManagementCNIT 160: Ch 3d: Operational Risk Management
CNIT 160: Ch 3d: Operational Risk Management
Sam Bowne
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
Karthikeyan Dhayalan
 
Chapter 5 - Identity Management
Chapter 5 - Identity ManagementChapter 5 - Identity Management
Chapter 5 - Identity Management
Karthikeyan Dhayalan
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and Testing
Sam Bowne
 
CNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life CycleCNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life Cycle
Sam Bowne
 
CNIT 160 Ch 4b: Security Program Management
CNIT 160 Ch 4b: Security Program ManagementCNIT 160 Ch 4b: Security Program Management
CNIT 160 Ch 4b: Security Program Management
Sam Bowne
 
3. Security Engineering
3. Security Engineering3. Security Engineering
3. Security Engineering
Sam Bowne
 
CNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security ProgramsCNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security Programs
Sam Bowne
 
CISSP - Security Assessment
CISSP - Security AssessmentCISSP - Security Assessment
CISSP - Security Assessment
Karthikeyan Dhayalan
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)
Sam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)
Sam Bowne
 
CNIT 160 3a Information Risk Management
CNIT 160 3a Information Risk ManagementCNIT 160 3a Information Risk Management
CNIT 160 3a Information Risk Management
Sam Bowne
 

Similar to CNIT 160 Ch 4c: Security Program Development (Part 3) (20)

1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
drsajjad13
 
Ch5-20_CISA.ppt About CISA Certification
Ch5-20_CISA.ppt About CISA CertificationCh5-20_CISA.ppt About CISA Certification
Ch5-20_CISA.ppt About CISA Certification
RahulBhole12
 
2211-III-IV-Information Security Cyber.ppt
2211-III-IV-Information Security Cyber.ppt2211-III-IV-Information Security Cyber.ppt
2211-III-IV-Information Security Cyber.ppt
harrypaggy
 
Intro.ppt
Intro.pptIntro.ppt
Intro.ppt
RamaNingaiah
 
Introduction to Information Security CSE
Introduction to Information Security CSEIntroduction to Information Security CSE
Introduction to Information Security CSE
BurhanKhan774154
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
Hernan Huwyler, MBA CPA
 
bh-win-04-conacher.ppt
bh-win-04-conacher.pptbh-win-04-conacher.ppt
bh-win-04-conacher.ppt
Rakesh Kumar
 
Intro kavindu rasanjahshdjdhhjxjxuxgxjdjs
Intro kavindu rasanjahshdjdhhjxjxuxgxjdjsIntro kavindu rasanjahshdjdhhjxjxuxgxjdjs
Intro kavindu rasanjahshdjdhhjxjxuxgxjdjs
rasanjakavindu54
 
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
SharudinBoriak1
 
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
BhuwanS
 
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
sikandar girgoukar
 
CISA-Exam-Prep-Domain-5-2019.pdf. CISA exam
CISA-Exam-Prep-Domain-5-2019.pdf. CISA examCISA-Exam-Prep-Domain-5-2019.pdf. CISA exam
CISA-Exam-Prep-Domain-5-2019.pdf. CISA exam
gregtap1
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptx
dotco
 
12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated
wdsnead
 
Introduction_to_Security_Assessments.ppt
Introduction_to_Security_Assessments.pptIntroduction_to_Security_Assessments.ppt
Introduction_to_Security_Assessments.ppt
sudsdeep
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
IGN MANTRA
 
Introduction to Information security ppt
Introduction to Information security pptIntroduction to Information security ppt
Introduction to Information security ppt
krishkiran2408
 
Introduction to Information security ppt
Introduction to Information security pptIntroduction to Information security ppt
Introduction to Information security ppt
krishkiran2408
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
drsajjad13
 
Ch5-20_CISA.ppt About CISA Certification
Ch5-20_CISA.ppt About CISA CertificationCh5-20_CISA.ppt About CISA Certification
Ch5-20_CISA.ppt About CISA Certification
RahulBhole12
 
2211-III-IV-Information Security Cyber.ppt
2211-III-IV-Information Security Cyber.ppt2211-III-IV-Information Security Cyber.ppt
2211-III-IV-Information Security Cyber.ppt
harrypaggy
 
Intro.ppt
Intro.pptIntro.ppt
Intro.ppt
RamaNingaiah
 
Introduction to Information Security CSE
Introduction to Information Security CSEIntroduction to Information Security CSE
Introduction to Information Security CSE
BurhanKhan774154
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
Hernan Huwyler, MBA CPA
 
bh-win-04-conacher.ppt
bh-win-04-conacher.pptbh-win-04-conacher.ppt
bh-win-04-conacher.ppt
Rakesh Kumar
 
Intro kavindu rasanjahshdjdhhjxjxuxgxjdjs
Intro kavindu rasanjahshdjdhhjxjxuxgxjdjsIntro kavindu rasanjahshdjdhhjxjxuxgxjdjs
Intro kavindu rasanjahshdjdhhjxjxuxgxjdjs
rasanjakavindu54
 
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
SharudinBoriak1
 
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
BhuwanS
 
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
sikandar girgoukar
 
CISA-Exam-Prep-Domain-5-2019.pdf. CISA exam
CISA-Exam-Prep-Domain-5-2019.pdf. CISA examCISA-Exam-Prep-Domain-5-2019.pdf. CISA exam
CISA-Exam-Prep-Domain-5-2019.pdf. CISA exam
gregtap1
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptx
dotco
 
12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated
wdsnead
 
Introduction_to_Security_Assessments.ppt
Introduction_to_Security_Assessments.pptIntroduction_to_Security_Assessments.ppt
Introduction_to_Security_Assessments.ppt
sudsdeep
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
IGN MANTRA
 
Introduction to Information security ppt
Introduction to Information security pptIntroduction to Information security ppt
Introduction to Information security ppt
krishkiran2408
 
Introduction to Information security ppt
Introduction to Information security pptIntroduction to Information security ppt
Introduction to Information security ppt
krishkiran2408
 
Ad

More from Sam Bowne (20)

Introduction to the Class & CISSP Certification
Introduction to the Class & CISSP CertificationIntroduction to the Class & CISSP Certification
Introduction to the Class & CISSP Certification
Sam Bowne
 
Cyberwar
CyberwarCyberwar
Cyberwar
Sam Bowne
 
3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities
Sam Bowne
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
Sam Bowne
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the Application
Sam Bowne
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)
Sam Bowne
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic Curves
Sam Bowne
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-Hellman
Sam Bowne
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1
Sam Bowne
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android Applications
Sam Bowne
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)
Sam Bowne
 
10 RSA
10 RSA10 RSA
10 RSA
Sam Bowne
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3
Sam Bowne
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard Problems
Sam Bowne
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)
Sam Bowne
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis Methodology
Sam Bowne
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated Encryption
Sam Bowne
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)
Sam Bowne
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)
Sam Bowne
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream Ciphers
Sam Bowne
 
Introduction to the Class & CISSP Certification
Introduction to the Class & CISSP CertificationIntroduction to the Class & CISSP Certification
Introduction to the Class & CISSP Certification
Sam Bowne
 
Cyberwar
CyberwarCyberwar
Cyberwar
Sam Bowne
 
3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities
Sam Bowne
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
Sam Bowne
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the Application
Sam Bowne
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)
Sam Bowne
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic Curves
Sam Bowne
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-Hellman
Sam Bowne
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1
Sam Bowne
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android Applications
Sam Bowne
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)
Sam Bowne
 
10 RSA
10 RSA10 RSA
10 RSA
Sam Bowne
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3
Sam Bowne
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard Problems
Sam Bowne
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)
Sam Bowne
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis Methodology
Sam Bowne
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated Encryption
Sam Bowne
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)
Sam Bowne
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)
Sam Bowne
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream Ciphers
Sam Bowne
 
Ad

Recently uploaded (20)

Rock Art As a Source of Ancient Indian History
Rock Art As a Source of Ancient Indian HistoryRock Art As a Source of Ancient Indian History
Rock Art As a Source of Ancient Indian History
Virag Sontakke
 
Origin of Brahmi script: A breaking down of various theories
Origin of Brahmi script: A breaking down of various theoriesOrigin of Brahmi script: A breaking down of various theories
Origin of Brahmi script: A breaking down of various theories
PrachiSontakke5
 
Chemotherapy of Malignancy -Anticancer.pptx
Chemotherapy of Malignancy -Anticancer.pptxChemotherapy of Malignancy -Anticancer.pptx
Chemotherapy of Malignancy -Anticancer.pptx
Mayuri Chavan
 
LDMMIA Reiki Yoga S5 Daily Living Workshop
LDMMIA Reiki Yoga S5 Daily Living WorkshopLDMMIA Reiki Yoga S5 Daily Living Workshop
LDMMIA Reiki Yoga S5 Daily Living Workshop
LDM Mia eStudios
 
History Of The Monastery Of Mor Gabriel Philoxenos Yuhanon Dolabani
History Of The Monastery Of Mor Gabriel Philoxenos Yuhanon DolabaniHistory Of The Monastery Of Mor Gabriel Philoxenos Yuhanon Dolabani
History Of The Monastery Of Mor Gabriel Philoxenos Yuhanon Dolabani
fruinkamel7m
 
Redesigning Education as a Cognitive Ecosystem: Practical Insights into Emerg...
Redesigning Education as a Cognitive Ecosystem: Practical Insights into Emerg...Redesigning Education as a Cognitive Ecosystem: Practical Insights into Emerg...
Redesigning Education as a Cognitive Ecosystem: Practical Insights into Emerg...
Leonel Morgado
 
Botany Assignment Help Guide - Academic Excellence
Botany Assignment Help Guide - Academic ExcellenceBotany Assignment Help Guide - Academic Excellence
Botany Assignment Help Guide - Academic Excellence
online college homework help
 
All About the 990 Unlocking Its Mysteries and Its Power.pdf
All About the 990 Unlocking Its Mysteries and Its Power.pdfAll About the 990 Unlocking Its Mysteries and Its Power.pdf
All About the 990 Unlocking Its Mysteries and Its Power.pdf
TechSoup
 
puzzle Irregular Verbs- Simple Past Tense
puzzle Irregular Verbs- Simple Past Tensepuzzle Irregular Verbs- Simple Past Tense
puzzle Irregular Verbs- Simple Past Tense
OlgaLeonorTorresSnch
 
Ajanta Paintings: Study as a Source of History
Ajanta Paintings: Study as a Source of HistoryAjanta Paintings: Study as a Source of History
Ajanta Paintings: Study as a Source of History
Virag Sontakke
 
How to Manage Upselling in Odoo 18 Sales
How to Manage Upselling in Odoo 18 SalesHow to Manage Upselling in Odoo 18 Sales
How to Manage Upselling in Odoo 18 Sales
Celine George
 
TERMINOLOGIES,GRIEF PROCESS AND LOSS AMD ITS TYPES .pptx
TERMINOLOGIES,GRIEF PROCESS AND LOSS AMD ITS TYPES .pptxTERMINOLOGIES,GRIEF PROCESS AND LOSS AMD ITS TYPES .pptx
TERMINOLOGIES,GRIEF PROCESS AND LOSS AMD ITS TYPES .pptx
PoojaSen20
 
antiquity of writing in ancient India- literary & archaeological evidence
antiquity of writing in ancient India- literary & archaeological evidenceantiquity of writing in ancient India- literary & archaeological evidence
antiquity of writing in ancient India- literary & archaeological evidence
PrachiSontakke5
 
Bridging the Transit Gap: Equity Drive Feeder Bus Design for Southeast Brooklyn
Bridging the Transit Gap: Equity Drive Feeder Bus Design for Southeast BrooklynBridging the Transit Gap: Equity Drive Feeder Bus Design for Southeast Brooklyn
Bridging the Transit Gap: Equity Drive Feeder Bus Design for Southeast Brooklyn
i4jd41bk
 
What is the Philosophy of Statistics? (and how I was drawn to it)
What is the Philosophy of Statistics? (and how I was drawn to it)What is the Philosophy of Statistics? (and how I was drawn to it)
What is the Philosophy of Statistics? (and how I was drawn to it)
jemille6
 
ANTI-VIRAL DRUGS unit 3 Pharmacology 3.pptx
ANTI-VIRAL DRUGS unit 3 Pharmacology 3.pptxANTI-VIRAL DRUGS unit 3 Pharmacology 3.pptx
ANTI-VIRAL DRUGS unit 3 Pharmacology 3.pptx
Mayuri Chavan
 
2025 The Senior Landscape and SET plan preparations.pptx
2025 The Senior Landscape and SET plan preparations.pptx2025 The Senior Landscape and SET plan preparations.pptx
2025 The Senior Landscape and SET plan preparations.pptx
mansk2
 
Myopathies (muscle disorders) for undergraduate
Myopathies (muscle disorders) for undergraduateMyopathies (muscle disorders) for undergraduate
Myopathies (muscle disorders) for undergraduate
Mohamed Rizk Khodair
 
Overview Well-Being and Creative Careers
Overview Well-Being and Creative CareersOverview Well-Being and Creative Careers
Overview Well-Being and Creative Careers
University of Amsterdam
 
*"The Segmented Blueprint: Unlocking Insect Body Architecture"*.pptx
*"The Segmented Blueprint: Unlocking Insect Body Architecture"*.pptx*"The Segmented Blueprint: Unlocking Insect Body Architecture"*.pptx
*"The Segmented Blueprint: Unlocking Insect Body Architecture"*.pptx
Arshad Shaikh
 
Rock Art As a Source of Ancient Indian History
Rock Art As a Source of Ancient Indian HistoryRock Art As a Source of Ancient Indian History
Rock Art As a Source of Ancient Indian History
Virag Sontakke
 
Origin of Brahmi script: A breaking down of various theories
Origin of Brahmi script: A breaking down of various theoriesOrigin of Brahmi script: A breaking down of various theories
Origin of Brahmi script: A breaking down of various theories
PrachiSontakke5
 
Chemotherapy of Malignancy -Anticancer.pptx
Chemotherapy of Malignancy -Anticancer.pptxChemotherapy of Malignancy -Anticancer.pptx
Chemotherapy of Malignancy -Anticancer.pptx
Mayuri Chavan
 
LDMMIA Reiki Yoga S5 Daily Living Workshop
LDMMIA Reiki Yoga S5 Daily Living WorkshopLDMMIA Reiki Yoga S5 Daily Living Workshop
LDMMIA Reiki Yoga S5 Daily Living Workshop
LDM Mia eStudios
 
History Of The Monastery Of Mor Gabriel Philoxenos Yuhanon Dolabani
History Of The Monastery Of Mor Gabriel Philoxenos Yuhanon DolabaniHistory Of The Monastery Of Mor Gabriel Philoxenos Yuhanon Dolabani
History Of The Monastery Of Mor Gabriel Philoxenos Yuhanon Dolabani
fruinkamel7m
 
Redesigning Education as a Cognitive Ecosystem: Practical Insights into Emerg...
Redesigning Education as a Cognitive Ecosystem: Practical Insights into Emerg...Redesigning Education as a Cognitive Ecosystem: Practical Insights into Emerg...
Redesigning Education as a Cognitive Ecosystem: Practical Insights into Emerg...
Leonel Morgado
 
Botany Assignment Help Guide - Academic Excellence
Botany Assignment Help Guide - Academic ExcellenceBotany Assignment Help Guide - Academic Excellence
Botany Assignment Help Guide - Academic Excellence
online college homework help
 
All About the 990 Unlocking Its Mysteries and Its Power.pdf
All About the 990 Unlocking Its Mysteries and Its Power.pdfAll About the 990 Unlocking Its Mysteries and Its Power.pdf
All About the 990 Unlocking Its Mysteries and Its Power.pdf
TechSoup
 
puzzle Irregular Verbs- Simple Past Tense
puzzle Irregular Verbs- Simple Past Tensepuzzle Irregular Verbs- Simple Past Tense
puzzle Irregular Verbs- Simple Past Tense
OlgaLeonorTorresSnch
 
Ajanta Paintings: Study as a Source of History
Ajanta Paintings: Study as a Source of HistoryAjanta Paintings: Study as a Source of History
Ajanta Paintings: Study as a Source of History
Virag Sontakke
 
How to Manage Upselling in Odoo 18 Sales
How to Manage Upselling in Odoo 18 SalesHow to Manage Upselling in Odoo 18 Sales
How to Manage Upselling in Odoo 18 Sales
Celine George
 
TERMINOLOGIES,GRIEF PROCESS AND LOSS AMD ITS TYPES .pptx
TERMINOLOGIES,GRIEF PROCESS AND LOSS AMD ITS TYPES .pptxTERMINOLOGIES,GRIEF PROCESS AND LOSS AMD ITS TYPES .pptx
TERMINOLOGIES,GRIEF PROCESS AND LOSS AMD ITS TYPES .pptx
PoojaSen20
 
antiquity of writing in ancient India- literary & archaeological evidence
antiquity of writing in ancient India- literary & archaeological evidenceantiquity of writing in ancient India- literary & archaeological evidence
antiquity of writing in ancient India- literary & archaeological evidence
PrachiSontakke5
 
Bridging the Transit Gap: Equity Drive Feeder Bus Design for Southeast Brooklyn
Bridging the Transit Gap: Equity Drive Feeder Bus Design for Southeast BrooklynBridging the Transit Gap: Equity Drive Feeder Bus Design for Southeast Brooklyn
Bridging the Transit Gap: Equity Drive Feeder Bus Design for Southeast Brooklyn
i4jd41bk
 
What is the Philosophy of Statistics? (and how I was drawn to it)
What is the Philosophy of Statistics? (and how I was drawn to it)What is the Philosophy of Statistics? (and how I was drawn to it)
What is the Philosophy of Statistics? (and how I was drawn to it)
jemille6
 
ANTI-VIRAL DRUGS unit 3 Pharmacology 3.pptx
ANTI-VIRAL DRUGS unit 3 Pharmacology 3.pptxANTI-VIRAL DRUGS unit 3 Pharmacology 3.pptx
ANTI-VIRAL DRUGS unit 3 Pharmacology 3.pptx
Mayuri Chavan
 
2025 The Senior Landscape and SET plan preparations.pptx
2025 The Senior Landscape and SET plan preparations.pptx2025 The Senior Landscape and SET plan preparations.pptx
2025 The Senior Landscape and SET plan preparations.pptx
mansk2
 
Myopathies (muscle disorders) for undergraduate
Myopathies (muscle disorders) for undergraduateMyopathies (muscle disorders) for undergraduate
Myopathies (muscle disorders) for undergraduate
Mohamed Rizk Khodair
 
Overview Well-Being and Creative Careers
Overview Well-Being and Creative CareersOverview Well-Being and Creative Careers
Overview Well-Being and Creative Careers
University of Amsterdam
 
*"The Segmented Blueprint: Unlocking Insect Body Architecture"*.pptx
*"The Segmented Blueprint: Unlocking Insect Body Architecture"*.pptx*"The Segmented Blueprint: Unlocking Insect Body Architecture"*.pptx
*"The Segmented Blueprint: Unlocking Insect Body Architecture"*.pptx
Arshad Shaikh
 

CNIT 160 Ch 4c: Security Program Development (Part 3)

  • 1. CNIT 160: Cybersecurity Responsibilities 4. Information Security Program Development Part 3 Pages 235-257
  • 2. Chapter Topics • This lecture covers: • Policy Development (p. 235) • Third-Party Risk Management • Administrative Activities • Internal Partnerships • External Partnerships • Compliance Management • Personnel Management
  • 3. Chapter Topics For Later Lectures • Administrative Activities • External Partnerships • Compliance Management • Personnel Management • Project and Program Management • Budget • Business Case Development • Vendor Management
  • 4. • Security Program Operations • IT Service Management • Controls • Metrics and Monitoring • Continuous Improvement Chapter Topics For Later Lectures
  • 6. Security Policy • Foundational • Defines principles and required actions • to protect assets and personnel • Audience is all personnel • Full-time and part-time employees • Temporary workers, contractors and consultants
  • 7. Easily Accessible • So no personnel can claim ignorance • As an excuse for violating policy • Often personnel must acknowledge understanding of policy • At time of hire and annually thereafter
  • 8. Considerations • Laws, regulations, standards • Risk tolerance • Controls • Organizational culture
  • 9. Alignment • Alignment with Controls • Policies and controls must not contradict each other • Alignment with Audience • Policy must be understood by the workers • Avoid overly technical policies • May have a separate policy for technical workers
  • 12. Policy Distribution and Acknowledgement • Policy should be well-known and easily accessible • High-ranking executive should inform workers that they are required to comply with the policy • Executives should lead by example
  • 14. Outsourcing • Must identify risks of cloud services • You can outsource work • But you cannot outsource responsibility
  • 15. Benefits from Use of Third Parties • Available skills and resources • Economies of scale • Objectivity • Reduced costs
  • 16. Risks from Use of Third Parties • Higher-than-expected costs • Poor quality or performance • Loss of control • Employee integrity and background • Loss of competitive advantage
  • 17. Risks from Use of Third Parties (continued) • Errors and omissions • Vendor failure • Differing mission and goals • Difficult recourse for problems • Lowered employee morale
  • 18. Risks from Use of Third Parties (continued) • Audit and compliance • Applicable laws • Cross-border data transfer • Time zone differences • Language and cultural differences
  • 19. Identifying Third Parties • Inventory third party vendors in use • Consult with stakeholders • Legal • Procurement • Accounts payable • Facilities • Department heads • Location-specific leaders
  • 20. IT and Third Parties • Ways to identify third parties in use • Established data connections with third parties • Firewall, IDS, and IPS rules • Connections to Identity and Access Management (IAM) systems • Cloud Access Security Broker (CASB) systems
  • 22. Risk Tiering and Vendor Classification • Cannot perform all due diligence on all vendors • Apply a level of due diligence according to the level of risk
  • 23. Criteria • Volume of sensitive customer data • Volume of sensitive internal data • Operational criticality • Physical access to company buildings • Access to information systems • Contractual obligations
  • 26. Assessing Third Parties • Questionnaires • Questionnaire confirmation • E.g. requesting evidence • Site visit • External attestation • Such as compliance with SOC2, HITRUST, ISO/IEC 27001, etc.
  • 27. Assessing Third Parties (continued) • External business intelligence • Services like Dunn & Bradstreet or Lexis Nexus • That collect information on health of companies • External cyber intelligence • Security scans • Dark web monitoring
  • 28. Assessing Third Parties (continued) • Security scans and penetration tests • Intrusive monitoring • Third party can view internal control data in real time • Such as event logs, firewall logs, or packet captures
  • 31. Proactive Issue Remediation • The only means of exchange between customer organization and third party are • Money and reputation • Especially when crossing national boundaries • Consider enforcement mechanisms
  • 32. Contractual Provisions • Service Level Agreement (SLA) • Quality • Security policy and controls • Business continuity • Employee integrity • Ownership of intellectual property • Roles and responsibilities
  • 33. Contractual Provisions (continued) • Schedule • Regulations and laws • Warranty • Dispute and resolution • Payment
  • 34. Responsive Issue Remediation • Results from a questionnaire may be unacceptable • Such as no password change requirements • Discussions with third parties may provoke changes • Or expose satisfactory compensating controls
  • 35. Onboarding • Process to begin a relationship with a third party • Up-front due diligence • To understand the level of risk • Before signing a legal agreement
  • 37. Security Incidents • Incident response is more complex • When two organizations are involved
  • 39. Importance • Partnerships • Are a source of information • And help manage security • Deputize team members from other groups • Designate security liaisons • But they need training and time allocated for these added duties
  • 40. Legal • Manages business risk • Through contract negotiations • With service providers, customers, and others • Information security can help • With security clauses • Best if security assessment happens before signing a contract
  • 41. Human Resources (HR) • Recruiting: background checks • Onboarding • Nondisclosure agreements • Training, including Security Awareness Training • Provisioning Human Resource Information Systems (HRISs)
  • 42. Human Resources (HR) (continued) • Internal transfers • Move to a different department • Change access to systems and applications • Avoid accumulation of privileges
  • 43. Human Resources (HR) (continued) • Offboarding • Notify security, IT and other departments • Terminate access rights promptly • To prevent revenge and sabotage • Collect company assets like laptops • Sign nondisclosure and noncompete agreements
  • 44. Human Resources (HR) (continued) • Training • Investigations • Often in partnership with information security • Forensics and chain of custody • Discipline • Demotion, time off without pay, dismissal, etc.
  • 45. Facilities • Access control • Workplace surveillance • Equipment check-in/check-out • Guest processing • Security guard • Asset security • Personnel safety
  • 46. Information Technology (IT) • Access control • Architecture • Hardening • Scanning and patching • Security tools • Firewalls, IDS, spam filters, etc.
  • 47. Information Technology (IT) (continued) • System monitoring • Security monitoring • Third-party connections
  • 48. Product Development • Security by design • Secure development • Security testing • Code reviews • Security review of open source software • Developer training • Protection of the development process
  • 49. Procurement • Due diligence for new purchases
  • 50. Finance • Accounts Payable is the partnership of last resort for information security • Because when they get involved, the vendor relationship is already established
  • 51. Business Unit Managers • Security manager should understand how each department functions • Develop relationships of trust
  • 52. Affiliates and Key Business Partners • Half of all security breaches have their nexus in third parties
  翻译: