Submit Search
Upload
Cyber security uddhav phondba-cwin18_india
•
0 likes
•
113 views
Capgemini
Follow
Cybersecurity and information security implementation
Read less
Read more
Technology
Report
Share
Report
Share
1 of 35
Download now
Download to read offline
Recommended
Top Healthcare Trends 2022
Top Healthcare Trends 2022
Capgemini
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022
Capgemini
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022
Capgemini
Top Trends in Payments 2022
Top Trends in Payments 2022
Capgemini
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022
Capgemini
Retail Banking Trends book 2022
Retail Banking Trends book 2022
Capgemini
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022
Capgemini
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
Capgemini
Recommended
Top Healthcare Trends 2022
Top Healthcare Trends 2022
Capgemini
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022
Capgemini
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022
Capgemini
Top Trends in Payments 2022
Top Trends in Payments 2022
Capgemini
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022
Capgemini
Retail Banking Trends book 2022
Retail Banking Trends book 2022
Capgemini
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022
Capgemini
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
Capgemini
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021
Capgemini
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021
Capgemini
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021
Capgemini
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021
Capgemini
Top Trends in Payments: 2021
Top Trends in Payments: 2021
Capgemini
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021
Capgemini
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021
Capgemini
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous Planning
Capgemini
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020
Capgemini
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020
Capgemini
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020
Capgemini
Top Trends in Payments: 2020
Top Trends in Payments: 2020
Capgemini
Top Trends in Commercial Banking: 2020
Top Trends in Commercial Banking: 2020
Capgemini
Top Trends in Wealth Management 2020
Top Trends in Wealth Management 2020
Capgemini
How to get off the white elephant of physical and leverage the true benefits ...
How to get off the white elephant of physical and leverage the true benefits ...
Capgemini
Connected Autonomous Planning: a continuous touchless model enabling an agile...
Connected Autonomous Planning: a continuous touchless model enabling an agile...
Capgemini
Data Center of the Future: Designing a modernized, high performance computing...
Data Center of the Future: Designing a modernized, high performance computing...
Capgemini
Connected Storytelling
Connected Storytelling
Capgemini
NYDJ and Capgemini
NYDJ and Capgemini
Capgemini
Grocery Fullforce Solution: Capgemini Unified Commerce Solution for Grocery
Grocery Fullforce Solution: Capgemini Unified Commerce Solution for Grocery
Capgemini
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
Raghuram Pandurangan
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
More Related Content
More from Capgemini
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021
Capgemini
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021
Capgemini
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021
Capgemini
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021
Capgemini
Top Trends in Payments: 2021
Top Trends in Payments: 2021
Capgemini
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021
Capgemini
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021
Capgemini
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous Planning
Capgemini
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020
Capgemini
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020
Capgemini
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020
Capgemini
Top Trends in Payments: 2020
Top Trends in Payments: 2020
Capgemini
Top Trends in Commercial Banking: 2020
Top Trends in Commercial Banking: 2020
Capgemini
Top Trends in Wealth Management 2020
Top Trends in Wealth Management 2020
Capgemini
How to get off the white elephant of physical and leverage the true benefits ...
How to get off the white elephant of physical and leverage the true benefits ...
Capgemini
Connected Autonomous Planning: a continuous touchless model enabling an agile...
Connected Autonomous Planning: a continuous touchless model enabling an agile...
Capgemini
Data Center of the Future: Designing a modernized, high performance computing...
Data Center of the Future: Designing a modernized, high performance computing...
Capgemini
Connected Storytelling
Connected Storytelling
Capgemini
NYDJ and Capgemini
NYDJ and Capgemini
Capgemini
Grocery Fullforce Solution: Capgemini Unified Commerce Solution for Grocery
Grocery Fullforce Solution: Capgemini Unified Commerce Solution for Grocery
Capgemini
More from Capgemini
(20)
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021
Top Trends in Payments: 2021
Top Trends in Payments: 2021
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous Planning
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020
Top Trends in Payments: 2020
Top Trends in Payments: 2020
Top Trends in Commercial Banking: 2020
Top Trends in Commercial Banking: 2020
Top Trends in Wealth Management 2020
Top Trends in Wealth Management 2020
How to get off the white elephant of physical and leverage the true benefits ...
How to get off the white elephant of physical and leverage the true benefits ...
Connected Autonomous Planning: a continuous touchless model enabling an agile...
Connected Autonomous Planning: a continuous touchless model enabling an agile...
Data Center of the Future: Designing a modernized, high performance computing...
Data Center of the Future: Designing a modernized, high performance computing...
Connected Storytelling
Connected Storytelling
NYDJ and Capgemini
NYDJ and Capgemini
Grocery Fullforce Solution: Capgemini Unified Commerce Solution for Grocery
Grocery Fullforce Solution: Capgemini Unified Commerce Solution for Grocery
Recently uploaded
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
Raghuram Pandurangan
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
MounikaPolabathina
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Alan Dix
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
Zilliz
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
BkGupta21
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Nathaniel Shimoni
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
LoriGlavin3
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
LoriGlavin3
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Pixlogix Infotech
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
hariprasad279825
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
Recently uploaded
(20)
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Cyber security uddhav phondba-cwin18_india
1.
CW IN CAPGEMINI WEEK OF INNOVATION NETWORKS CyberSecurity Uddhav Phondba,
Mumbai, 26 Sep 2018
2.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 2© 2018 Capgemini. All rights reserved. We have all heard about Security
3.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 3 Designing Security
4.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 4 Implementing Security
5.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 5 Enforcing Security
6.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 6
7.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 7 Cybersecurity is such a MONSTER!!!
8.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 8 Cybersecurity is such a MONSTER!!! Or is it really so?
9.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 9 Cybersecurity is such a MONSTER!!! Let’s find out… Or is it really so?
10.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 10 Cybersecurity – the definition as per ISO/IEC 27032:2012 Cyberspace Security The complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form. “Preservation of Confidentiality, Integrity and Availability of Information” in Cyberspace Cybersecurity
11.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 11 Cybersecurity – the definition as per ISO/IEC 27032:2012 Cyberspace Security The complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form. “Preservation of Confidentiality, Integrity and Availability of Information” in Cyberspace Cybersecurity CIA TRIAD
12.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 12 Cybersecurity – the definition as per ISO/IEC 27032:2012 Cyberspace Security The complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form. “Preservation of Confidentiality, Integrity and Availability of Information” in Cyberspace Cybersecurity The standard is actually about “Information security” in Cyberspace CIA TRIAD
13.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 13 How do we implement Information Security?
14.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 14 NIST Cybersecurity Framework - a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes •Asset Management •Business Environment •Governance •Risk Assessment •Risk Management Strategy Identify •Access Control •Awareness and Training •Data Security •Info Protection Processes & Procedures •Maintenance •Protective Technology Protect •Anomalies and Events •Security Continuous Monitoring •Detection Processes Detect •Response Planning •Communications •Analysis •Mitigation •Improvements Respond •Recovery Planning •Improvements •Communications Recover 1 2 3 4 5
15.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 15 ISO/IEC 27001:2013 – Annex A Controls A.5 Information security policies A.6 Organization of information security A.7 Human resource security A.8 Asset management A.9 Access control A.10 Cryptography A.11 Physical and environmental security A.12 Operations security A.13 Communications security A.14 System acquisition, development and maintenance A.15 Supplier relationships
16.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 16 Implementation of Information Security By implementing Security Controls that form Defense against Threats Technical Management System
17.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 17 Implementation of Information Security By implementing Security Controls that form Defense against Threats Network Host Application Data Technical Management System Technical Controls
18.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 18 Implementation of Information Security By implementing Security Controls that form Defense against Threats Network Host Application Data Technical Management System Focus of this session is on the Technical Controls Technical Controls
19.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 19 Implementation of Information Security By implementing Security Controls that form Defense against Threats Network Host Application Data Technical Management System Focus of this session is on the Technical Controls Technical Controls How do we know that the controls are adequate and working?
20.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 20 Validation of Application Security Vulnerability Assessment and Penetration Testing ( VAPT) - To identify vulnerabilities - To ensure on a regular basis that the security controls are working Vulnerability Scanning - Examines the exposed assets (network, server, applications) for vulnerabilities Penetration testing - Looks at vulnerabilities and will try and exploit them.
21.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 21 What value do I get from Penetration Testing? 1. Validate your controls 2. Prioritize your risks. 3. Train developers to make fewer mistakes 4. Uncover holes in your security. 5. Determine the feasibility of attack vectors. 6. Justify security investment/tools 7. Meet compliance requirements 8. Post Incident analysis 9. Improve Security response time 10. Bring synergy between Dev and Ops teams
22.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 22 When should the Penetration testing be done? After deployment of new infrastructure After deployment of new application After major change to infrastructure (e.g. changes to firewall rules, updating of firmware, patches) After major change to application (e.g. upgrades to softwares, code changes)
23.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 23 What do the Penetration Tests check for?
24.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 24 What do the Penetration Tests check for? OWASP Top 10 - 2017 A1:2017 - Injection A2:2017 - Broken Authentication A3:2017 - Sensitive Data Exposure A4:2017 - XML External Entities (XXE) A5:2017 - Broken Access Control A6:2017 - Security Misconfiguration A7:2017 - Cross-Site Scripting (XSS) A8:2017 - Insecure Deserialization A9:2017 - Using Components with Known Vulnerabilities A10:2017 - Insufficient Logging & Monitoring
25.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 25 Ways to get Penetration Testing done
26.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 26 Ways to get Penetration Testing done Open up your application to entire world1
27.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 27 Ways to get Penetration Testing done Open up your application to entire world1 Get the client to conduct penetration tests and act on findings once report is received2
28.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 28 Ways to get Penetration Testing done Open up your application to entire world1 Get the client to conduct penetration tests and act on findings once report is received2 Pay an external vendor or Capgemini Sogeti to carry out the Pen test3
29.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 29 Ways to get Penetration Testing done Open up your application to entire world1 Get the client to conduct penetration tests and act on findings once report is received2 Pay an external vendor or Capgemini Sogeti to carry out the Pen test3 Do it yourself !!!???4
30.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 30 OWASP Zed Attack Proxy(ZAP) : one of the world’s most popular free security tools Open Source freeware supported by a strong community User-friendly penetration testing tool that finds vulnerabilities in web apps. Provides automated scanners and a set of tools for those who wish to find vulnerabilities manually Ideal for functional testers who are new to pen testing, or for developers Supports Selenium integration; you can run Selenium tests through ZAP Official ZAP plugin for the Jenkins continuous integration and delivery application Sonarqube plugin for publishing ZAP results
31.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 31 What do you achieve? Assurance that security controls are adequate and working1 No major findings in client initiated penetration tests.2 No sleepless nights fixing security defects just before production release3 No additional costs!!4
32.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 32© 2018 Capgemini. All rights reserved. ….and live happily ever after
33.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 33Presentation Title | Author | Date © 2018 Capgemini. All rights reserved. Image Credits 1. www.dilbert.com 2. www.thesecurityawarenesscompany.com/wp-content/uploads/2015/05/CIAtriad- copy2.png 3. https://pixabay.com/en/cyber-security-word-computer-cloud-2120014/ 4. https://depositphotos.com/31528535/stock-video-unstressed-businessman- relaxing-on-the.html
34.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 34Presentation Title | Author | Date © 2018 Capgemini. All rights reserved. uddhav.phondba@capgemini.com Uddhav Phondba Senior Architect, Program Manager Digital Customer eXperience +91 22 6944 4001 – Extn 228 4267 https://www.linkedin.com/in/uddhavphondba/ About me
35.
CWIN18: Cyber Security
| Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. Copyright © 2018 Capgemini. All rights reserved. A global leader in consulting, technology services and digital transformation, Capgemini is at the forefront of innovation to address the entire breadth of clients’ opportunities in the evolving world of cloud, digital and platforms. Building on its strong 50-year heritage and deep industry-specific expertise, Capgemini enables organizations to realize their business ambitions through an array of services from strategy to operations. Capgemini is driven by the conviction that the business value of technology comes from and through people. It is a multicultural company of 200,000 team members in over 40 countries. The Group reported 2017 global revenues of EUR 12.8 billion. About Capgemini Learn more about us at www.capgemini.com
Download now