SlideShare a Scribd company logo

Improve Cybersecurity posture by using ISO/IEC 27032

PECB
PECB

Cybersecurity is a universal concern across today’s enterprise and the need for strategic approach is required for appropriate mitigation. Adopting ISO 27032 will help to: • Understanding the nature of Cyberspace and Cybersecurity • Explore Cybersecurity Ecosystem – Roles & Responsibilities • Achieve Cyber Resilience through implementing defensive and detective cybersecurity controls Presenter: Obadare Peter Adewale is a first generation and visionary cyberpreneur. He is a PECB certified Trainer, Fellow Chartered Information Technology Professional, the First Licensed Penetration Tester in Nigeria, second COBIT 5 Assessor in Africa and PCI DSS QSA. He is also an alumnus of Harvard Business School and MIT Sloan School of Management Executive Education. Link of the recorded session published on YouTube: https://youtu.be/NX5RMGOcyBM

Education
1 of 37
Adewale Obadare Cybersecurity Expert Adewale Obadare is a Fellow Chartered Information Technology Professional (UK), Fellow Institute of Brand Management of Nigeria, the First Licensed Penetration Tester in Nigeria , 2nd COBIT 5 Certified Assessor in Africa and a PCI DSS Qualified Security Assessor (QSA). Contact Information +234 802 331 6951 wale@digitalencode.net www.digitalencode.net ng.linkedin.com/in/obadarepeteradewale
• Introduction • Understanding The Nature of Cyberspace and Cyber security • Explore Cyber security Ecosystem – Roles and Responsibilities • Achieve Cyber Resilience through implementing Defensive, Resilience and Detective Cyber security Controls from ISO/IEC 27032 Agenda
Starting Thought I will like to start with the world of the famous chinese warrior – SUN TZU “It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.”
INTRODUCTION: ISO/IEC 27032 STANDARD “STANDARDS ARE GENERALLY REQUIRED WHEN EXCESSIVE DIVERSITY CREATES INEFFICIENCIES OR IMPEDES EFFECTIVENESS.” -----Edward W Hammond and James J. Cimino
6.Overview 7. Stakeholders in the Cyberspace 8. Assets in the cyberspace 9. Threats against the security in the cyberspace 10. Roles of Stakeholders in Cyber security 11. Guidelines for Stakeholders 12. Cyber security Controls 13. Framework of Information sharing and coordination The main sections are: ISO/IEC 27032 Structure and Content
ISO 27001 – Applicable to both Information on Non-Digital and Digital media/Assets - Auditable ISO 27032 – Applicable to protection of Information on Digital Media/assets - Not Auditable ISO 27001 VS 27032
A Look at Recent Cyber Incidents
December 2013
Anatomy of Target Breach Source: http://securityintelligence.com/target-breach-protect-against-similar-attacks-retailers/#.U9-17GP5dJu
Target Data Breach Numbers • 40 million credit cards + 70 million customer records stolen • $54 million: income to cyber criminals • $400 million: cost of replacing credit cards • $150 million: Target initial response cost • $1 billion: estimated ultimate cost to Target • 140: number of active lawsuits against Target • 2: Number of C-suite executives at Target who were fired • 7: Number of Directors targeted by Institutional Shareholder Services for ouster, claiming failed duties to shareholders
Reputation Damage
http://www.threatgeek.com/2014/03/threattoons-new-normal.html
June 4, 2015
March 2016
March 28, 2016
June 14, 2016
2016 Global Risks For which global risks is your region least prepared?
Cyber & Technology Ranking of Threat Categories Over the Years
Business Continuity Institute – February 2016 This year’s top dozen threats to business continuity are: 1. Cyber attack 2. Data breach 3. Unplanned IT and telecom outages 4. Act of terrorism 5. Security Incidents 6. Interruption to Utility Supply 7. Supply Chain Disruption 8. Adverse weather 9. Availability of Talents & Key Skills 10. Health & Safety incident 11. Fire 12. Transport Network Disruption
“The cyberspace can be described as a virtual environment, which does not exist in any physical form, but rather, a complex environment or space resulting from the emergences of the Internet, plus the people, organizations, and activities on all sorts of technology devices and networks that are connected to it” (ISO 27032) Definition - Cyberspace:
Cyberspace security or Cybersecurity is about the security of this virtual world” “Cybersecurity relates to actions that stakeholders should be taking to establish and maintain security in the Cyberspace” (ISO 27032) Definition - Cybersecurity:
Hacking Identity Theft Phishing/Smishing DDOS Virus/Malmare Cyber Stalking Spoofing Spam Cyber Bullying Types of Cyber Attacks:
Online Cyber Criminal Categories Overlap Hackers Sophisticated Phishers SophisticatedNot
– – – – – – assets Digital Asset Components ISO/IEC 27032
– – – – – – assets Each component has its own security requirements ♣ Software Applications, operating systems, utilities Exploitation of programming errors accounts for a substantial portion of information attacks Easy target for accidental or intentional attacks ♣ Hardware Physical components of IS Physical security deals with protection of physical from theft, vandalism, destruction Issue: security for laptop and notebook computers Digital Asset Components
♣ Data – Often the most valuable asset possessed by an organization main target of deliberate attacks and – Proper development and use of database management systems increases data security ♣ People – Can be the weakest link (greatest threat) to security in an organization Policy, education and training, awareness and technology are all used to prevent people from accidentally or intentially damaging or losing information Social engineering can be used to manipulate the actions of people to obtain access information about a system – – Digital Asset Components (Contd)
Architecture Design Implementation Operation Any digital asset can be digitally invaded if there is an issue with any of the following factors: “ADIO” Any System Can Be Digitally Invaded:
ISO/IEC 27032 Clause 12.2 – Application Level Control 1. Display of short notices, which provide clear, concise one-page summaries (using simple language of the company’s essentials policies. 2. Secure handling of session for web applications. 3. Secure Input validation and handling to prevent common attacks such as SQL-Injection. 4. Secure web pages scripting to prevent common attacks such as cross-site scripting.. 5. Code security review and testing by appropriately skilled entities. 6. Service Authentication – by the use of sub domains by providers and possibly the use of HTTPS credentials registered to the organisation Defense In-Depth Using ISO/IEC 27032
ISO/IEC 27032 Clause 12.3 – Server Protection 1. Configure servers, including underlying operating systems in accordance to a baseline security configuration guide. 2. Implement a system to test and 3. Implement a system to test and deploy security updates, and ensure the server operating system and application are kept up-to- date promptly when new security updates are available. 4. Monitor the security performance of the server through regular reviews of the audit trails. 5. Review the security configuration. 6. Run licensed anti-malicious software controls (such as anti- spyware and anti-virus) on the server. 7. Have a good vulnerability management system in place for all online applications. Defense In-Depth Using ISO/IEC 27032
ISO/IEC 27032 Clause 12.4 – End- user controls 1. Use of supported operating systems, with the most updated security patches installed. 2. Use of latest supported software applications, with most patches installed. 3. Use anti-virus and anti-spyware tools – can make use of security tools as a service from service provider 4. Enable script blockers, phishing filters and other available web browser security features. 5. Enable a personal firewall and HIPS 6. Enable automated updates notifications Defense In-Depth Using ISO/IEC 27032
ISO/IEC 27032 Clause 12.5 – Controls against social engineering 1. Put in place appropriate policies 2. Categorisation and classification of information 3. Awareness and Training 4. Cyber security Awareness Test Defense In-Depth Using ISO/IEC 27032
the ♣ Security as Art – No hard and fast rules or universally accepted solutions – Requires knowledge and experience of systems and goals to build the solution that best fits the organization's needs ♣ Security as Science – Defensive, Resilience &Detection Strategies – Technology is a major component of information security solutions – Requires knowledge of technologies, and use of accepted standards and practices ♣ Security as Social Science – People are a critical component in the organization and in security of the organization – Security must consider and address human factors Cyber Security: Art and Science
Conclusion CYBER SECURITY IS everyone’s responsibility and it a Journey NOT a Destination
Conclusion
IT Security Training Courses  ISO/IEC 27032 Lead Cybersecurity Manager 5 Day Course  ISO/IEC 27034 Application Security Foundation 2 Days Course  ISO/IEC 27034 Application Security Lead Implementer 5 Days Course  ISO/IEC 27034 Application Security Lead Auditor 5 Days Course Exam and certification fees are included in the training price. https://www.pecb.com/it-security| www.pecb.com/events
THANK YOU ? +234 802 331 6951 wale@digitalencode.net www.digitalencode.net ng.linkedin.com/in/obadarepeteradewale

Recommended

PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000Ramana K V
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 BenefitsDejan Kosutic
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
27001.pptx
27001.pptx27001.pptx
27001.pptxAvniJain836319
 

Recommended

PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000Ramana K V
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 BenefitsDejan Kosutic
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
27001.pptx
27001.pptx27001.pptx
27001.pptxAvniJain836319
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityTharindunuwan9
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons Computer Learning Centers / 5PE
 

More Related Content

What's hot

Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityTharindunuwan9
 

What's hot (20)

Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
 
ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber Security
 

Similar to Improve Cybersecurity posture by using ISO/IEC 27032

Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Outpost24
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeNational Retail Federation
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challengescyberprosocial
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimemuhammad awais
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
Network Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptNetwork Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptAkfeteAssefa
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxInfosectrain3
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 

Similar to Improve Cybersecurity posture by using ISO/IEC 27032 (20)

Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk Imperative
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challenges
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crime
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
ITrust Cybersecurity Services - Datasheet EN
ITrust Cybersecurity Services - Datasheet ENITrust Cybersecurity Services - Datasheet EN
ITrust Cybersecurity Services - Datasheet EN
 
Network Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptNetwork Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.ppt
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptx
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
ENSA_Module_3.pptx
ENSA_Module_3.pptxENSA_Module_3.pptx
ENSA_Module_3.pptx
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 

More from PECB

DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemPECB
 

More from PECB (20)

DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 

Recently uploaded

GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxnelietumpap1
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 

Recently uploaded (20)

GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 

Improve Cybersecurity posture by using ISO/IEC 27032

  • 1.
  • 2. Adewale Obadare Cybersecurity Expert Adewale Obadare is a Fellow Chartered Information Technology Professional (UK), Fellow Institute of Brand Management of Nigeria, the First Licensed Penetration Tester in Nigeria , 2nd COBIT 5 Certified Assessor in Africa and a PCI DSS Qualified Security Assessor (QSA). Contact Information +234 802 331 6951 wale@digitalencode.net www.digitalencode.net ng.linkedin.com/in/obadarepeteradewale
  • 3. • Introduction • Understanding The Nature of Cyberspace and Cyber security • Explore Cyber security Ecosystem – Roles and Responsibilities • Achieve Cyber Resilience through implementing Defensive, Resilience and Detective Cyber security Controls from ISO/IEC 27032 Agenda
  • 4. Starting Thought I will like to start with the world of the famous chinese warrior – SUN TZU “It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.”
  • 5. INTRODUCTION: ISO/IEC 27032 STANDARD “STANDARDS ARE GENERALLY REQUIRED WHEN EXCESSIVE DIVERSITY CREATES INEFFICIENCIES OR IMPEDES EFFECTIVENESS.” -----Edward W Hammond and James J. Cimino
  • 6. 6.Overview 7. Stakeholders in the Cyberspace 8. Assets in the cyberspace 9. Threats against the security in the cyberspace 10. Roles of Stakeholders in Cyber security 11. Guidelines for Stakeholders 12. Cyber security Controls 13. Framework of Information sharing and coordination The main sections are: ISO/IEC 27032 Structure and Content
  • 7. ISO 27001 – Applicable to both Information on Non-Digital and Digital media/Assets - Auditable ISO 27032 – Applicable to protection of Information on Digital Media/assets - Not Auditable ISO 27001 VS 27032
  • 8. A Look at Recent Cyber Incidents
  • 10. Anatomy of Target Breach Source: http://securityintelligence.com/target-breach-protect-against-similar-attacks-retailers/#.U9-17GP5dJu
  • 11. Target Data Breach Numbers • 40 million credit cards + 70 million customer records stolen • $54 million: income to cyber criminals • $400 million: cost of replacing credit cards • $150 million: Target initial response cost • $1 billion: estimated ultimate cost to Target • 140: number of active lawsuits against Target • 2: Number of C-suite executives at Target who were fired • 7: Number of Directors targeted by Institutional Shareholder Services for ouster, claiming failed duties to shareholders
  • 18. 2016 Global Risks For which global risks is your region least prepared?
  • 19. Cyber & Technology Ranking of Threat Categories Over the Years
  • 20. Business Continuity Institute – February 2016 This year’s top dozen threats to business continuity are: 1. Cyber attack 2. Data breach 3. Unplanned IT and telecom outages 4. Act of terrorism 5. Security Incidents 6. Interruption to Utility Supply 7. Supply Chain Disruption 8. Adverse weather 9. Availability of Talents & Key Skills 10. Health & Safety incident 11. Fire 12. Transport Network Disruption
  • 21. “The cyberspace can be described as a virtual environment, which does not exist in any physical form, but rather, a complex environment or space resulting from the emergences of the Internet, plus the people, organizations, and activities on all sorts of technology devices and networks that are connected to it” (ISO 27032) Definition - Cyberspace:
  • 22. Cyberspace security or Cybersecurity is about the security of this virtual world” “Cybersecurity relates to actions that stakeholders should be taking to establish and maintain security in the Cyberspace” (ISO 27032) Definition - Cybersecurity:
  • 23. Hacking Identity Theft Phishing/Smishing DDOS Virus/Malmare Cyber Stalking Spoofing Spam Cyber Bullying Types of Cyber Attacks:
  • 24. Online Cyber Criminal Categories Overlap Hackers Sophisticated Phishers SophisticatedNot
  • 26. – – – – – – assets Each component has its own security requirements ♣ Software Applications, operating systems, utilities Exploitation of programming errors accounts for a substantial portion of information attacks Easy target for accidental or intentional attacks ♣ Hardware Physical components of IS Physical security deals with protection of physical from theft, vandalism, destruction Issue: security for laptop and notebook computers Digital Asset Components
  • 27. ♣ Data – Often the most valuable asset possessed by an organization main target of deliberate attacks and – Proper development and use of database management systems increases data security ♣ People – Can be the weakest link (greatest threat) to security in an organization Policy, education and training, awareness and technology are all used to prevent people from accidentally or intentially damaging or losing information Social engineering can be used to manipulate the actions of people to obtain access information about a system – – Digital Asset Components (Contd)
  • 28. Architecture Design Implementation Operation Any digital asset can be digitally invaded if there is an issue with any of the following factors: “ADIO” Any System Can Be Digitally Invaded:
  • 29. ISO/IEC 27032 Clause 12.2 – Application Level Control 1. Display of short notices, which provide clear, concise one-page summaries (using simple language of the company’s essentials policies. 2. Secure handling of session for web applications. 3. Secure Input validation and handling to prevent common attacks such as SQL-Injection. 4. Secure web pages scripting to prevent common attacks such as cross-site scripting.. 5. Code security review and testing by appropriately skilled entities. 6. Service Authentication – by the use of sub domains by providers and possibly the use of HTTPS credentials registered to the organisation Defense In-Depth Using ISO/IEC 27032
  • 30. ISO/IEC 27032 Clause 12.3 – Server Protection 1. Configure servers, including underlying operating systems in accordance to a baseline security configuration guide. 2. Implement a system to test and 3. Implement a system to test and deploy security updates, and ensure the server operating system and application are kept up-to- date promptly when new security updates are available. 4. Monitor the security performance of the server through regular reviews of the audit trails. 5. Review the security configuration. 6. Run licensed anti-malicious software controls (such as anti- spyware and anti-virus) on the server. 7. Have a good vulnerability management system in place for all online applications. Defense In-Depth Using ISO/IEC 27032
  • 31. ISO/IEC 27032 Clause 12.4 – End- user controls 1. Use of supported operating systems, with the most updated security patches installed. 2. Use of latest supported software applications, with most patches installed. 3. Use anti-virus and anti-spyware tools – can make use of security tools as a service from service provider 4. Enable script blockers, phishing filters and other available web browser security features. 5. Enable a personal firewall and HIPS 6. Enable automated updates notifications Defense In-Depth Using ISO/IEC 27032
  • 32. ISO/IEC 27032 Clause 12.5 – Controls against social engineering 1. Put in place appropriate policies 2. Categorisation and classification of information 3. Awareness and Training 4. Cyber security Awareness Test Defense In-Depth Using ISO/IEC 27032
  • 33. the ♣ Security as Art – No hard and fast rules or universally accepted solutions – Requires knowledge and experience of systems and goals to build the solution that best fits the organization's needs ♣ Security as Science – Defensive, Resilience &Detection Strategies – Technology is a major component of information security solutions – Requires knowledge of technologies, and use of accepted standards and practices ♣ Security as Social Science – People are a critical component in the organization and in security of the organization – Security must consider and address human factors Cyber Security: Art and Science
  • 34. Conclusion CYBER SECURITY IS everyone’s responsibility and it a Journey NOT a Destination
  • 36. IT Security Training Courses  ISO/IEC 27032 Lead Cybersecurity Manager 5 Day Course  ISO/IEC 27034 Application Security Foundation 2 Days Course  ISO/IEC 27034 Application Security Lead Implementer 5 Days Course  ISO/IEC 27034 Application Security Lead Auditor 5 Days Course Exam and certification fees are included in the training price. https://www.pecb.com/it-security| www.pecb.com/events
  • 37. THANK YOU ? +234 802 331 6951 wale@digitalencode.net www.digitalencode.net ng.linkedin.com/in/obadarepeteradewale