SlideShare a Scribd company logo

Cyber security uddhav phondba-cwin18_india

Capgemini
Capgemini

Cybersecurity and information security implementation

Technology
1 of 35
Download to read offline
CW IN CAPGEMINI WEEK OF INNOVATION NETWORKS CyberSecurity Uddhav Phondba, Mumbai, 26 Sep 2018
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 2© 2018 Capgemini. All rights reserved. We have all heard about Security
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 3 Designing Security
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 4 Implementing Security
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 5 Enforcing Security
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 6
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 7 Cybersecurity is such a MONSTER!!!
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 8 Cybersecurity is such a MONSTER!!! Or is it really so?
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 9 Cybersecurity is such a MONSTER!!! Let’s find out… Or is it really so?
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 10 Cybersecurity – the definition as per ISO/IEC 27032:2012 Cyberspace Security The complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form. “Preservation of Confidentiality, Integrity and Availability of Information” in Cyberspace Cybersecurity
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 11 Cybersecurity – the definition as per ISO/IEC 27032:2012 Cyberspace Security The complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form. “Preservation of Confidentiality, Integrity and Availability of Information” in Cyberspace Cybersecurity CIA TRIAD
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 12 Cybersecurity – the definition as per ISO/IEC 27032:2012 Cyberspace Security The complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form. “Preservation of Confidentiality, Integrity and Availability of Information” in Cyberspace Cybersecurity The standard is actually about “Information security” in Cyberspace CIA TRIAD
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 13 How do we implement Information Security?
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 14 NIST Cybersecurity Framework - a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes •Asset Management •Business Environment •Governance •Risk Assessment •Risk Management Strategy Identify •Access Control •Awareness and Training •Data Security •Info Protection Processes & Procedures •Maintenance •Protective Technology Protect •Anomalies and Events •Security Continuous Monitoring •Detection Processes Detect •Response Planning •Communications •Analysis •Mitigation •Improvements Respond •Recovery Planning •Improvements •Communications Recover 1 2 3 4 5
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 15 ISO/IEC 27001:2013 – Annex A Controls A.5 Information security policies A.6 Organization of information security A.7 Human resource security A.8 Asset management A.9 Access control A.10 Cryptography A.11 Physical and environmental security A.12 Operations security A.13 Communications security A.14 System acquisition, development and maintenance A.15 Supplier relationships
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 16 Implementation of Information Security By implementing Security Controls that form Defense against Threats Technical Management System
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 17 Implementation of Information Security By implementing Security Controls that form Defense against Threats Network Host Application Data Technical Management System Technical Controls
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 18 Implementation of Information Security By implementing Security Controls that form Defense against Threats Network Host Application Data Technical Management System Focus of this session is on the Technical Controls Technical Controls
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 19 Implementation of Information Security By implementing Security Controls that form Defense against Threats Network Host Application Data Technical Management System Focus of this session is on the Technical Controls Technical Controls How do we know that the controls are adequate and working?
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 20 Validation of Application Security Vulnerability Assessment and Penetration Testing ( VAPT) - To identify vulnerabilities - To ensure on a regular basis that the security controls are working Vulnerability Scanning - Examines the exposed assets (network, server, applications) for vulnerabilities Penetration testing - Looks at vulnerabilities and will try and exploit them.
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 21 What value do I get from Penetration Testing? 1. Validate your controls 2. Prioritize your risks. 3. Train developers to make fewer mistakes 4. Uncover holes in your security. 5. Determine the feasibility of attack vectors. 6. Justify security investment/tools 7. Meet compliance requirements 8. Post Incident analysis 9. Improve Security response time 10. Bring synergy between Dev and Ops teams
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 22 When should the Penetration testing be done? After deployment of new infrastructure After deployment of new application After major change to infrastructure (e.g. changes to firewall rules, updating of firmware, patches) After major change to application (e.g. upgrades to softwares, code changes)
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 23 What do the Penetration Tests check for?
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 24 What do the Penetration Tests check for? OWASP Top 10 - 2017 A1:2017 - Injection A2:2017 - Broken Authentication A3:2017 - Sensitive Data Exposure A4:2017 - XML External Entities (XXE) A5:2017 - Broken Access Control A6:2017 - Security Misconfiguration A7:2017 - Cross-Site Scripting (XSS) A8:2017 - Insecure Deserialization A9:2017 - Using Components with Known Vulnerabilities A10:2017 - Insufficient Logging & Monitoring
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 25 Ways to get Penetration Testing done
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 26 Ways to get Penetration Testing done Open up your application to entire world1
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 27 Ways to get Penetration Testing done Open up your application to entire world1 Get the client to conduct penetration tests and act on findings once report is received2
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 28 Ways to get Penetration Testing done Open up your application to entire world1 Get the client to conduct penetration tests and act on findings once report is received2 Pay an external vendor or Capgemini Sogeti to carry out the Pen test3
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 29 Ways to get Penetration Testing done Open up your application to entire world1 Get the client to conduct penetration tests and act on findings once report is received2 Pay an external vendor or Capgemini Sogeti to carry out the Pen test3 Do it yourself !!!???4
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 30 OWASP Zed Attack Proxy(ZAP) : one of the world’s most popular free security tools Open Source freeware supported by a strong community User-friendly penetration testing tool that finds vulnerabilities in web apps. Provides automated scanners and a set of tools for those who wish to find vulnerabilities manually Ideal for functional testers who are new to pen testing, or for developers Supports Selenium integration; you can run Selenium tests through ZAP Official ZAP plugin for the Jenkins continuous integration and delivery application Sonarqube plugin for publishing ZAP results
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 31 What do you achieve? Assurance that security controls are adequate and working1 No major findings in client initiated penetration tests.2 No sleepless nights fixing security defects just before production release3 No additional costs!!4
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 32© 2018 Capgemini. All rights reserved. ….and live happily ever after
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 33Presentation Title | Author | Date © 2018 Capgemini. All rights reserved. Image Credits 1. www.dilbert.com 2. www.thesecurityawarenesscompany.com/wp-content/uploads/2015/05/CIAtriad- copy2.png 3. https://pixabay.com/en/cyber-security-word-computer-cloud-2120014/ 4. https://depositphotos.com/31528535/stock-video-unstressed-businessman- relaxing-on-the.html
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 34Presentation Title | Author | Date © 2018 Capgemini. All rights reserved. uddhav.phondba@capgemini.com Uddhav Phondba Senior Architect, Program Manager Digital Customer eXperience +91 22 6944 4001 – Extn 228 4267 https://www.linkedin.com/in/uddhavphondba/ About me
CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. Copyright © 2018 Capgemini. All rights reserved. A global leader in consulting, technology services and digital transformation, Capgemini is at the forefront of innovation to address the entire breadth of clients’ opportunities in the evolving world of cloud, digital and platforms. Building on its strong 50-year heritage and deep industry-specific expertise, Capgemini enables organizations to realize their business ambitions through an array of services from strategy to operations. Capgemini is driven by the conviction that the business value of technology comes from and through people. It is a multicultural company of 200,000 team members in over 40 countries. The Group reported 2017 global revenues of EUR 12.8 billion. About Capgemini Learn more about us at www.capgemini.com

Recommended

Top Healthcare Trends 2022
Top Healthcare Trends 2022Top Healthcare Trends 2022
Top Healthcare Trends 2022Capgemini
 
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Capgemini
 
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Capgemini
 
Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022Capgemini
 
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Capgemini
 
Retail Banking Trends book 2022
Retail Banking Trends book 2022Retail Banking Trends book 2022
Retail Banking Trends book 2022Capgemini
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Capgemini
 
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですキャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですCapgemini
 

Recommended

Top Healthcare Trends 2022
Top Healthcare Trends 2022Top Healthcare Trends 2022
Top Healthcare Trends 2022Capgemini
 
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Capgemini
 
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Capgemini
 
Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022Capgemini
 
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Capgemini
 
Retail Banking Trends book 2022
Retail Banking Trends book 2022Retail Banking Trends book 2022
Retail Banking Trends book 2022Capgemini
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Capgemini
 
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですキャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですCapgemini
 
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Capgemini
 
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Capgemini
 
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Capgemini
 
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Capgemini
 
Top Trends in Payments: 2021
Top Trends in Payments: 2021Top Trends in Payments: 2021
Top Trends in Payments: 2021Capgemini
 
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Capgemini
 
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Capgemini
 
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini
 
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Capgemini
 
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Capgemini
 
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Capgemini
 
Top Trends in Payments: 2020
Top Trends in Payments: 2020Top Trends in Payments: 2020
Top Trends in Payments: 2020Capgemini
 
Top Trends in Commercial Banking: 2020
Top Trends in Commercial Banking: 2020Top Trends in Commercial Banking: 2020
Top Trends in Commercial Banking: 2020Capgemini
 
Top Trends in Wealth Management 2020
Top Trends in Wealth Management 2020Top Trends in Wealth Management 2020
Top Trends in Wealth Management 2020Capgemini
 
How to get off the white elephant of physical and leverage the true benefits ...
How to get off the white elephant of physical and leverage the true benefits ...How to get off the white elephant of physical and leverage the true benefits ...
How to get off the white elephant of physical and leverage the true benefits ...Capgemini
 
Connected Autonomous Planning: a continuous touchless model enabling an agile...
Connected Autonomous Planning: a continuous touchless model enabling an agile...Connected Autonomous Planning: a continuous touchless model enabling an agile...
Connected Autonomous Planning: a continuous touchless model enabling an agile...Capgemini
 
Data Center of the Future: Designing a modernized, high performance computing...
Data Center of the Future: Designing a modernized, high performance computing...Data Center of the Future: Designing a modernized, high performance computing...
Data Center of the Future: Designing a modernized, high performance computing...Capgemini
 
Connected Storytelling
Connected StorytellingConnected Storytelling
Connected StorytellingCapgemini
 
NYDJ and Capgemini
NYDJ and CapgeminiNYDJ and Capgemini
NYDJ and CapgeminiCapgemini
 
Grocery Fullforce Solution: Capgemini Unified Commerce Solution for Grocery
Grocery Fullforce Solution: Capgemini Unified Commerce Solution for GroceryGrocery Fullforce Solution: Capgemini Unified Commerce Solution for Grocery
Grocery Fullforce Solution: Capgemini Unified Commerce Solution for GroceryCapgemini
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

More Related Content

More from Capgemini

Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Capgemini
 
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Capgemini
 
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Capgemini
 
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Capgemini
 
Top Trends in Payments: 2021
Top Trends in Payments: 2021Top Trends in Payments: 2021
Top Trends in Payments: 2021Capgemini
 
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Capgemini
 
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Capgemini
 
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini
 
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Capgemini
 
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Capgemini
 
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Capgemini
 
Top Trends in Payments: 2020
Top Trends in Payments: 2020Top Trends in Payments: 2020
Top Trends in Payments: 2020Capgemini
 
Top Trends in Commercial Banking: 2020
Top Trends in Commercial Banking: 2020Top Trends in Commercial Banking: 2020
Top Trends in Commercial Banking: 2020Capgemini
 
Top Trends in Wealth Management 2020
Top Trends in Wealth Management 2020Top Trends in Wealth Management 2020
Top Trends in Wealth Management 2020Capgemini
 
How to get off the white elephant of physical and leverage the true benefits ...
How to get off the white elephant of physical and leverage the true benefits ...How to get off the white elephant of physical and leverage the true benefits ...
How to get off the white elephant of physical and leverage the true benefits ...Capgemini
 
Connected Autonomous Planning: a continuous touchless model enabling an agile...
Connected Autonomous Planning: a continuous touchless model enabling an agile...Connected Autonomous Planning: a continuous touchless model enabling an agile...
Connected Autonomous Planning: a continuous touchless model enabling an agile...Capgemini
 
Data Center of the Future: Designing a modernized, high performance computing...
Data Center of the Future: Designing a modernized, high performance computing...Data Center of the Future: Designing a modernized, high performance computing...
Data Center of the Future: Designing a modernized, high performance computing...Capgemini
 
Connected Storytelling
Connected StorytellingConnected Storytelling
Connected StorytellingCapgemini
 
NYDJ and Capgemini
NYDJ and CapgeminiNYDJ and Capgemini
NYDJ and CapgeminiCapgemini
 
Grocery Fullforce Solution: Capgemini Unified Commerce Solution for Grocery
Grocery Fullforce Solution: Capgemini Unified Commerce Solution for GroceryGrocery Fullforce Solution: Capgemini Unified Commerce Solution for Grocery
Grocery Fullforce Solution: Capgemini Unified Commerce Solution for GroceryCapgemini
 

More from Capgemini (20)

Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021
 
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Life Insurance Top Trends 2021
Life Insurance Top Trends 2021
 
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021
 
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021
 
Top Trends in Payments: 2021
Top Trends in Payments: 2021Top Trends in Payments: 2021
Top Trends in Payments: 2021
 
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Health Insurance Top Trends 2021
Health Insurance Top Trends 2021
 
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021
 
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous Planning
 
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020
 
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020
 
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020
 
Top Trends in Payments: 2020
Top Trends in Payments: 2020Top Trends in Payments: 2020
Top Trends in Payments: 2020
 
Top Trends in Commercial Banking: 2020
Top Trends in Commercial Banking: 2020Top Trends in Commercial Banking: 2020
Top Trends in Commercial Banking: 2020
 
Top Trends in Wealth Management 2020
Top Trends in Wealth Management 2020Top Trends in Wealth Management 2020
Top Trends in Wealth Management 2020
 
How to get off the white elephant of physical and leverage the true benefits ...
How to get off the white elephant of physical and leverage the true benefits ...How to get off the white elephant of physical and leverage the true benefits ...
How to get off the white elephant of physical and leverage the true benefits ...
 
Connected Autonomous Planning: a continuous touchless model enabling an agile...
Connected Autonomous Planning: a continuous touchless model enabling an agile...Connected Autonomous Planning: a continuous touchless model enabling an agile...
Connected Autonomous Planning: a continuous touchless model enabling an agile...
 
Data Center of the Future: Designing a modernized, high performance computing...
Data Center of the Future: Designing a modernized, high performance computing...Data Center of the Future: Designing a modernized, high performance computing...
Data Center of the Future: Designing a modernized, high performance computing...
 
Connected Storytelling
Connected StorytellingConnected Storytelling
Connected Storytelling
 
NYDJ and Capgemini
NYDJ and CapgeminiNYDJ and Capgemini
NYDJ and Capgemini
 
Grocery Fullforce Solution: Capgemini Unified Commerce Solution for Grocery
Grocery Fullforce Solution: Capgemini Unified Commerce Solution for GroceryGrocery Fullforce Solution: Capgemini Unified Commerce Solution for Grocery
Grocery Fullforce Solution: Capgemini Unified Commerce Solution for Grocery
 

Recently uploaded

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 

Recently uploaded (20)

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 

Cyber security uddhav phondba-cwin18_india

  • 2. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 2© 2018 Capgemini. All rights reserved. We have all heard about Security
  • 3. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 3 Designing Security
  • 4. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 4 Implementing Security
  • 5. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 5 Enforcing Security
  • 6. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 6
  • 7. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 7 Cybersecurity is such a MONSTER!!!
  • 8. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 8 Cybersecurity is such a MONSTER!!! Or is it really so?
  • 9. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 9 Cybersecurity is such a MONSTER!!! Let’s find out… Or is it really so?
  • 10. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 10 Cybersecurity – the definition as per ISO/IEC 27032:2012 Cyberspace Security The complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form. “Preservation of Confidentiality, Integrity and Availability of Information” in Cyberspace Cybersecurity
  • 11. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 11 Cybersecurity – the definition as per ISO/IEC 27032:2012 Cyberspace Security The complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form. “Preservation of Confidentiality, Integrity and Availability of Information” in Cyberspace Cybersecurity CIA TRIAD
  • 12. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 12 Cybersecurity – the definition as per ISO/IEC 27032:2012 Cyberspace Security The complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form. “Preservation of Confidentiality, Integrity and Availability of Information” in Cyberspace Cybersecurity The standard is actually about “Information security” in Cyberspace CIA TRIAD
  • 13. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 13 How do we implement Information Security?
  • 14. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 14 NIST Cybersecurity Framework - a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes •Asset Management •Business Environment •Governance •Risk Assessment •Risk Management Strategy Identify •Access Control •Awareness and Training •Data Security •Info Protection Processes & Procedures •Maintenance •Protective Technology Protect •Anomalies and Events •Security Continuous Monitoring •Detection Processes Detect •Response Planning •Communications •Analysis •Mitigation •Improvements Respond •Recovery Planning •Improvements •Communications Recover 1 2 3 4 5
  • 15. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 15 ISO/IEC 27001:2013 – Annex A Controls A.5 Information security policies A.6 Organization of information security A.7 Human resource security A.8 Asset management A.9 Access control A.10 Cryptography A.11 Physical and environmental security A.12 Operations security A.13 Communications security A.14 System acquisition, development and maintenance A.15 Supplier relationships
  • 16. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 16 Implementation of Information Security By implementing Security Controls that form Defense against Threats Technical Management System
  • 17. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 17 Implementation of Information Security By implementing Security Controls that form Defense against Threats Network Host Application Data Technical Management System Technical Controls
  • 18. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 18 Implementation of Information Security By implementing Security Controls that form Defense against Threats Network Host Application Data Technical Management System Focus of this session is on the Technical Controls Technical Controls
  • 19. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 19 Implementation of Information Security By implementing Security Controls that form Defense against Threats Network Host Application Data Technical Management System Focus of this session is on the Technical Controls Technical Controls How do we know that the controls are adequate and working?
  • 20. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 20 Validation of Application Security Vulnerability Assessment and Penetration Testing ( VAPT) - To identify vulnerabilities - To ensure on a regular basis that the security controls are working Vulnerability Scanning - Examines the exposed assets (network, server, applications) for vulnerabilities Penetration testing - Looks at vulnerabilities and will try and exploit them.
  • 21. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 21 What value do I get from Penetration Testing? 1. Validate your controls 2. Prioritize your risks. 3. Train developers to make fewer mistakes 4. Uncover holes in your security. 5. Determine the feasibility of attack vectors. 6. Justify security investment/tools 7. Meet compliance requirements 8. Post Incident analysis 9. Improve Security response time 10. Bring synergy between Dev and Ops teams
  • 22. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 22 When should the Penetration testing be done? After deployment of new infrastructure After deployment of new application After major change to infrastructure (e.g. changes to firewall rules, updating of firmware, patches) After major change to application (e.g. upgrades to softwares, code changes)
  • 23. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 23 What do the Penetration Tests check for?
  • 24. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 24 What do the Penetration Tests check for? OWASP Top 10 - 2017 A1:2017 - Injection A2:2017 - Broken Authentication A3:2017 - Sensitive Data Exposure A4:2017 - XML External Entities (XXE) A5:2017 - Broken Access Control A6:2017 - Security Misconfiguration A7:2017 - Cross-Site Scripting (XSS) A8:2017 - Insecure Deserialization A9:2017 - Using Components with Known Vulnerabilities A10:2017 - Insufficient Logging & Monitoring
  • 25. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 25 Ways to get Penetration Testing done
  • 26. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 26 Ways to get Penetration Testing done Open up your application to entire world1
  • 27. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 27 Ways to get Penetration Testing done Open up your application to entire world1 Get the client to conduct penetration tests and act on findings once report is received2
  • 28. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 28 Ways to get Penetration Testing done Open up your application to entire world1 Get the client to conduct penetration tests and act on findings once report is received2 Pay an external vendor or Capgemini Sogeti to carry out the Pen test3
  • 29. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 29 Ways to get Penetration Testing done Open up your application to entire world1 Get the client to conduct penetration tests and act on findings once report is received2 Pay an external vendor or Capgemini Sogeti to carry out the Pen test3 Do it yourself !!!???4
  • 30. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 30 OWASP Zed Attack Proxy(ZAP) : one of the world’s most popular free security tools Open Source freeware supported by a strong community User-friendly penetration testing tool that finds vulnerabilities in web apps. Provides automated scanners and a set of tools for those who wish to find vulnerabilities manually Ideal for functional testers who are new to pen testing, or for developers Supports Selenium integration; you can run Selenium tests through ZAP Official ZAP plugin for the Jenkins continuous integration and delivery application Sonarqube plugin for publishing ZAP results
  • 31. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 31 What do you achieve? Assurance that security controls are adequate and working1 No major findings in client initiated penetration tests.2 No sleepless nights fixing security defects just before production release3 No additional costs!!4
  • 32. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 32© 2018 Capgemini. All rights reserved. ….and live happily ever after
  • 33. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 33Presentation Title | Author | Date © 2018 Capgemini. All rights reserved. Image Credits 1. www.dilbert.com 2. www.thesecurityawarenesscompany.com/wp-content/uploads/2015/05/CIAtriad- copy2.png 3. https://pixabay.com/en/cyber-security-word-computer-cloud-2120014/ 4. https://depositphotos.com/31528535/stock-video-unstressed-businessman- relaxing-on-the.html
  • 34. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. 34Presentation Title | Author | Date © 2018 Capgemini. All rights reserved. uddhav.phondba@capgemini.com Uddhav Phondba Senior Architect, Program Manager Digital Customer eXperience +91 22 6944 4001 – Extn 228 4267 https://www.linkedin.com/in/uddhavphondba/ About me
  • 35. CWIN18: Cyber Security | Uddhav Phondba | 26/09/18 © 2018 Capgemini. All rights reserved. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. Copyright © 2018 Capgemini. All rights reserved. A global leader in consulting, technology services and digital transformation, Capgemini is at the forefront of innovation to address the entire breadth of clients’ opportunities in the evolving world of cloud, digital and platforms. Building on its strong 50-year heritage and deep industry-specific expertise, Capgemini enables organizations to realize their business ambitions through an array of services from strategy to operations. Capgemini is driven by the conviction that the business value of technology comes from and through people. It is a multicultural company of 200,000 team members in over 40 countries. The Group reported 2017 global revenues of EUR 12.8 billion. About Capgemini Learn more about us at www.capgemini.com