1 / 22

From Security to Immunity: Enhancing Cybersecurity Practices

This presentation explores the shift from traditional security to a more proactive approach focused on building immunity against cyber threats. It discusses the need for security, the cost of security overheads, and the concept of immunity. The presentation also delves into the steps involved in achieving immunity, such as requirement gathering and analysis, designing secure solutions, coding and reviews, testing, documentation/user guides, deployment, and maintenance.

ohicks
Télécharger la présentation

From Security to Immunity: Enhancing Cybersecurity Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Immune ITMoving from Security to Immunity... -Ajit Hatti ClubHack2008 Presentation

  2. Contents - I • Security : What is it? • Security : Why we need it? • Security : How we see it? • Security : What does it cost? • Security : Do we own it? • Security : How much is adequate?

  3. Contents II • Immunity : What is it? • Immunity : How much does it cost? • Immunity : Who is responsible? • Immunity : How to get it?

  4. Contents III • Requirement Gathering & Analysis • Designing a Solution • Coding & Reviews • Testing • Documentation/User Guide • Deployment • Maintenance

  5. Security : What is it?

  6. Security: Why do we need it?

  7. Security: How we see it?

  8. Security : What does it cost? An average annual Security Overheads incurred at prime organizations • Expense incurred on security system - 20% • Computational resources engaged in security operations - 15% • Each person spending time on securing personal assets - 21% • Latency introduced due to security operations per connection - 2 sec / MB. • Data transfer only for security updates - 17 % And these figures are bound to increase. (http://www.itbusinessedge.com/blogs/top/?p=207)

  9. Security : Do we own it?

  10. Security: How much is adequate?

  11. Immunity: What is it?

  12. Immunity: How much does it costs?

  13. Immunity: Who is Responsible?

  14. Immunity: How to achieve it? • Embedding Security in each and every steps of our engineering process. • Practice Security; integrate it in all operations. • Greater awareness.

  15. Requirement Gathering & Analysis Implicit Security Considerations Explicit Security Considerations

  16. Designing a Solution • Confidentiality • Enforcing access privileges. • Encryption & Leakage prevention. • Integrity • Defining the limits • Backup and Recovery • Availability • Business Continuity Plan. • Troubleshooting & Failure recovery support

  17. Coding and Reviews • Code Should be : • Less • Clear • Secure • Review for : • Validations • Possible memory corruptions • Initializations

  18. Testing • Sanity Checks • Challenging Access control • Fuzzing • Vulnerability and Pen-Testing • Dog fooding

  19. Documentation/User Guides • Enforcing access control & encryption. • Changing the default configurations, settings and passwords. • Methods of backup and recovery etc. • Advisory on best practices, do’s and don’ts. • Known issues and workarounds.

  20. Deployment & Maintanance • Deploy the solutions with feasibly best & secure configuration. • Follow best practices. • Apply security updates, patches provided by vendors. • Conduct security audits for the system

  21. Conclusion • Security is defined by CIA. • Addressing CIA at each phases of engineering results in Immunity. • Security must be integrated in our thoughts, process and operations. • Immunity comes through ownership of security.

More Related