SlideShare a Scribd company logo

IT Security Guest Lecture

M
Murthinty

Internal IT security involves securing an organization's network through people, processes, and technologies. It focuses on identity and access management, risk management, policy design, and monitoring networks, applications, databases, endpoints, and messaging. A key process is data leak protection (DLP) systems that identify, monitor, and protect data at rest, in motion, and in use through deep content inspection and centralized management to detect unauthorized data use and transmission. Internal IT security is an evolving field requiring domain expertise and certifications in compliance and security.

Technology
Related topics:
IT Security
1 of 13
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
Internal I.T. Security Security within an organization’s network
Contents 4/5/2010 Soumitri 2
Overview • Brief introduction to what this niche segment is all about • IT Security comprises: o People, Processes & Technologies o Network, Application, Database, Endpoint, Messaging o Policy definition, Policy enforcement, Monitoring & Reporting 4/5/2010 Soumitri 3
Industry Perspective - People • Identity and Access Management – Identity Management • Enterprise Employee Directory – Access Management • Single Sign On, Web Sign On, Tokens, Smart Cards, etc – Privilege Management • Layered solutions, Segregation of Duties – Audit & Reporting – Education & Training 4/5/2010 Soumitri 4
Industry Perspective - Process • Risk Management – Risk Modeling Tools • Policy Design & Development – Templates, External Consultants, etc • Business Continuity & Disaster Recovery – Multiple Geographic Storage Sites • Incident & Threat Management – Incident Response Platforms 4/5/2010 Soumitri 5
Industry Perspective - Process (2) • Information Asset Management – Inventory of Assets (includes People) • Systems Development – Architecture – Modeling Tools – Coding Standards • Operations Management – Monitoring Tools 4/5/2010 Soumitri 6
Industry Perspective - Technology • Network – Perimeter security: Firewalls, WLAN, VPN, NIDPS • Application – Coding standards: Static Analysis Tools, Monitoring • Database – Privilege Management: Encryption, Monitoring • Endpoint – Desktops & Servers: Anti-Virus, DLP Suites, Encryption • Messaging – Anti-Spam/Virus/Malware, Encryption • Data – Disk & File encryption, Monitoring & Management, DRM 4/5/2010 Soumitri 7
What is DLP? • Data Leak Protection: “Systems that identify, monitor, and protect data in use, data in motion, and data at rest through deep content inspection, contextual security analysis of transaction and with a centralized management framework” • Data at Rest – Endpoint actions • Data in Motion – Network actions • Data in Use – Data storage • Systems are designed to detect and prevent the unauthorized use and transmission of confidential information 4/5/2010 Soumitri 8
DLP Process 1) Define Confidential Policy 2) Discover Exposed Data 3) Enforce Policy 4) Feedback & Corrective Mechanism 5) Report Generation and Management 4/5/2010 Soumitri 9
Usage & Benefits • Demonstrates Regulatory Compliance – HIPAA, GLBA, PCI, BASEL II, SOX • Helps prevent Identity Theft • Seamless integration in PMO • Protects Brand & Reputation 4/5/2010 Soumitri 10
Conclusion • Internal IT Security is an evolving technology • It is a niche area requiring domain & technical expertise • Compliance: PCI, SOX, BASEL II, GLBA – At least one compliance knowledge is needed • Certifications: SSCP, CISSP • More Info: International Information Systems Security Certification Consortium website 4/5/2010 Soumitri 11
Conclusion (2) • Career Path: External Security Consultants, IT Security Officer, CISO • Management & Communication skills are required • Firm Knowledge of: – Organization’s strategic objectives – Management issues – Impact of Security policies on Business functions – Comprehensive Technical Info – Future Trends 4/5/2010 Soumitri 12
Thank You & Best Wishes 4/5/2010 Soumitri 13

More Related Content

PPTX
Information security - what is going on 2016
Tomppa Kuusi (formerly Järvinen)
 
PPTX
Identity theft and data responsibilities
Peter Henley
 
PPTX
Data security
Muhammad Yasir
 
PDF
Tax Preparers Presentation
Doug Landoll
 
PDF
VISULOX-Summary-SN
Tillmann A. Basien
 
PPT
Unit 3
abhishek srivastav
 
PDF
OTechs Information Security Training Course
Osman Suliman
 
DOC
Ofer Cohen - areas of expertise
Ofer JRL Cohen
 
Information security - what is going on 2016
Tomppa Kuusi (formerly Järvinen)
 
Identity theft and data responsibilities
Peter Henley
 
Data security
Muhammad Yasir
 
Tax Preparers Presentation
Doug Landoll
 
VISULOX-Summary-SN
Tillmann A. Basien
 
Unit 3
abhishek srivastav
 
OTechs Information Security Training Course
Osman Suliman
 
Ofer Cohen - areas of expertise
Ofer JRL Cohen
 

What's hot (19)

DOCX
Brian m cv
Amir Shahzad Afridi
 
PPTX
Tips memulai karir di cybersecurity
PT Datacomm Diangraha
 
PPTX
Data security strategies and drivers
Freeform Dynamics
 
DOC
JM_Resume
John Morris
 
PPTX
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge Pereira
 
PDF
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
rmcsoft
 
PPTX
Introduction to Security (Hardware, Software, Data & Policies)
Amr Salah
 
PDF
Classification-HowToBoostInformationProtection
Gianmarco Ferri
 
PPT
Security In Web Conferencing
pchen
 
PPTX
Data protection and security
nazar60
 
PPTX
Fasoo Secure Document (FSD) for SharePoint
Fasoo
 
PPTX
Ethical hacking
sushmach10
 
PPTX
NRF Presentation v2
Pete Pouridis
 
PPTX
Cyber security
Perfect Training Center
 
KEY
New Massachusetts Data Privacy Regulation
becarreno
 
PPTX
Tyler Technology Expo
Tony DeGonia (LION)
 
PDF
Data Security Solutions_2010 @Vilnius December Opening
Andris Soroka
 
PDF
Intro to information security
Viraj Ekanayake
 
PDF
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Techsylvania
 
Brian m cv
Amir Shahzad Afridi
 
Tips memulai karir di cybersecurity
PT Datacomm Diangraha
 
Data security strategies and drivers
Freeform Dynamics
 
JM_Resume
John Morris
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge Pereira
 
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
rmcsoft
 
Introduction to Security (Hardware, Software, Data & Policies)
Amr Salah
 
Classification-HowToBoostInformationProtection
Gianmarco Ferri
 
Security In Web Conferencing
pchen
 
Data protection and security
nazar60
 
Fasoo Secure Document (FSD) for SharePoint
Fasoo
 
Ethical hacking
sushmach10
 
NRF Presentation v2
Pete Pouridis
 
Cyber security
Perfect Training Center
 
New Massachusetts Data Privacy Regulation
becarreno
 
Tyler Technology Expo
Tony DeGonia (LION)
 
Data Security Solutions_2010 @Vilnius December Opening
Andris Soroka
 
Intro to information security
Viraj Ekanayake
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Techsylvania
 
Ad

Similar to IT Security Guest Lecture (20)

PPTX
CISA Training - Chapter 4 - 2016
Hafiz Sheikh Adnan Ahmed
 
PDF
Rothke stimulating your career as an information security professional
Ben Rothke
 
PPTX
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
James Wier
 
PPTX
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
PPT
It Audit And Forensics
JED Consulting Services LLC
 
PDF
Information Security for Small Business
Julius Clark, CISSP, CISA
 
PDF
Information Security for Small Business
Julius Clark, CISSP, CISA
 
PPT
002.itsecurity bcp v1
Mohammad Ashfaqur Rahman
 
PDF
Leading Practices in Information Security & Privacy
Donny Shimamoto
 
PDF
Emerging Trends in Information Privacy and Security
Jessica Santamaria
 
PDF
Emerging Trends in Information Privacy and Security
Jessica Santamaria
 
PDF
232 a7d01
SMK PRASASTI KARANG BERAHI JAMBI
 
PDF
How to Build and Implement your Company's Information Security Program
Financial Poise
 
PDF
IS3 Capabilities Brief
mrsjennbrown
 
PPTX
Data Management - NA CACS 2009
CISA1567
 
PPT
Lecture Data Classification And Data Loss Prevention
Nicholas Davis
 
PPT
Data Classification And Loss Prevention
Nicholas Davis
 
PPT
Lecture data classification_and_data_loss_prevention
Nicholas Davis
 
PDF
Is3 Capabilities Brief
mageeb
 
PPT
Securing your esi_piedmont
scm24
 
CISA Training - Chapter 4 - 2016
Hafiz Sheikh Adnan Ahmed
 
Rothke stimulating your career as an information security professional
Ben Rothke
 
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
James Wier
 
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
It Audit And Forensics
JED Consulting Services LLC
 
Information Security for Small Business
Julius Clark, CISSP, CISA
 
Information Security for Small Business
Julius Clark, CISSP, CISA
 
002.itsecurity bcp v1
Mohammad Ashfaqur Rahman
 
Leading Practices in Information Security & Privacy
Donny Shimamoto
 
Emerging Trends in Information Privacy and Security
Jessica Santamaria
 
Emerging Trends in Information Privacy and Security
Jessica Santamaria
 
232 a7d01
SMK PRASASTI KARANG BERAHI JAMBI
 
How to Build and Implement your Company's Information Security Program
Financial Poise
 
IS3 Capabilities Brief
mrsjennbrown
 
Data Management - NA CACS 2009
CISA1567
 
Lecture Data Classification And Data Loss Prevention
Nicholas Davis
 
Data Classification And Loss Prevention
Nicholas Davis
 
Lecture data classification_and_data_loss_prevention
Nicholas Davis
 
Is3 Capabilities Brief
mageeb
 
Securing your esi_piedmont
scm24
 
Ad

Recently uploaded (20)

PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
August Patch Tuesday
Ivanti
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Encapsulation theory and applications.pdf
gurumoop
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
August Patch Tuesday
Ivanti
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 

IT Security Guest Lecture

  • 1. Internal I.T. Security Security within an organization’s network
  • 2. Contents 4/5/2010 Soumitri 2
  • 3. Overview • Brief introduction to what this niche segment is all about • IT Security comprises: o People, Processes & Technologies o Network, Application, Database, Endpoint, Messaging o Policy definition, Policy enforcement, Monitoring & Reporting 4/5/2010 Soumitri 3
  • 4. Industry Perspective - People • Identity and Access Management – Identity Management • Enterprise Employee Directory – Access Management • Single Sign On, Web Sign On, Tokens, Smart Cards, etc – Privilege Management • Layered solutions, Segregation of Duties – Audit & Reporting – Education & Training 4/5/2010 Soumitri 4
  • 5. Industry Perspective - Process • Risk Management – Risk Modeling Tools • Policy Design & Development – Templates, External Consultants, etc • Business Continuity & Disaster Recovery – Multiple Geographic Storage Sites • Incident & Threat Management – Incident Response Platforms 4/5/2010 Soumitri 5
  • 6. Industry Perspective - Process (2) • Information Asset Management – Inventory of Assets (includes People) • Systems Development – Architecture – Modeling Tools – Coding Standards • Operations Management – Monitoring Tools 4/5/2010 Soumitri 6
  • 7. Industry Perspective - Technology • Network – Perimeter security: Firewalls, WLAN, VPN, NIDPS • Application – Coding standards: Static Analysis Tools, Monitoring • Database – Privilege Management: Encryption, Monitoring • Endpoint – Desktops & Servers: Anti-Virus, DLP Suites, Encryption • Messaging – Anti-Spam/Virus/Malware, Encryption • Data – Disk & File encryption, Monitoring & Management, DRM 4/5/2010 Soumitri 7
  • 8. What is DLP? • Data Leak Protection: “Systems that identify, monitor, and protect data in use, data in motion, and data at rest through deep content inspection, contextual security analysis of transaction and with a centralized management framework” • Data at Rest – Endpoint actions • Data in Motion – Network actions • Data in Use – Data storage • Systems are designed to detect and prevent the unauthorized use and transmission of confidential information 4/5/2010 Soumitri 8
  • 9. DLP Process 1) Define Confidential Policy 2) Discover Exposed Data 3) Enforce Policy 4) Feedback & Corrective Mechanism 5) Report Generation and Management 4/5/2010 Soumitri 9
  • 10. Usage & Benefits • Demonstrates Regulatory Compliance – HIPAA, GLBA, PCI, BASEL II, SOX • Helps prevent Identity Theft • Seamless integration in PMO • Protects Brand & Reputation 4/5/2010 Soumitri 10
  • 11. Conclusion • Internal IT Security is an evolving technology • It is a niche area requiring domain & technical expertise • Compliance: PCI, SOX, BASEL II, GLBA – At least one compliance knowledge is needed • Certifications: SSCP, CISSP • More Info: International Information Systems Security Certification Consortium website 4/5/2010 Soumitri 11
  • 12. Conclusion (2) • Career Path: External Security Consultants, IT Security Officer, CISO • Management & Communication skills are required • Firm Knowledge of: – Organization’s strategic objectives – Management issues – Impact of Security policies on Business functions – Comprehensive Technical Info – Future Trends 4/5/2010 Soumitri 12
  • 13. Thank You & Best Wishes 4/5/2010 Soumitri 13