innovateinfosec.com

Why Information Security is becoming the most important for

Mid-size Business to Large size BusinessAjay Porus

Director & Principal Consultant Innovate InfoSecCISA, ITIL, ISO27001, CPISI, RSA certified Analyst, CCNA Security,

Qualysguard certified specialistDigital forensics & Cyber crime expert- US DOD Cyber crime center

innovateinfosec.com Disclaimer• Information used to create the training has been

taken from various sources and books. Credit for the information remains with the original authors and registered brands and trademarks belongs to their legitimate owners and does not violate any of Licenses and intellectual property rights

• This training material either in hard or soft forms contains my personal opinion and has nothing to do with my any current or past employers.

innovateinfosec.com My Profile

• I am an Information Security and technology Enthusiast.

• I do Consulting and training – A startup – Innovate InfoSec Pvt. Ltd.

• More Than 15 certification in Information security, cyber Security, Risk & Compliance

• Publications: Cloud Computing and its Security Benefits – Enterprise IT Security Magazine

Senior Cyber Leadership - Why a Technically Competent Cyber Workforce is Not Enough – Cyber Security Forum Initiative (CSFI) • Volunteer work: Honeynet Project India• Cloud Security Alliance – Founder

Hyderabad Chapter

innovateinfosec.com Agenda• Security industry history• Arrival of Information age & associated risks• Today’s world of information• Major attacks on corporates and aftermaths• Current Threat landscape Risk assessment• Major Issues• What we do?

innovateinfosec.com

innovateinfosec.com

innovateinfosec.com

innovateinfosec.com

innovateinfosec.com

innovateinfosec.com

innovateinfosec.com

innovateinfosec.com

innovateinfosec.com

Perfect Storm Approaching Welcome 2015

• Major victims countries in 2015

innovateinfosec.com Incident Vs Breaches

innovateinfosec.com Threat Actions

innovateinfosec.com Br

each

Disc

over

y

innovateinfosec.com

Threat Actors

innovateinfosec.com

Reasons of Successful Attacks

• Technical Vulnerabilities: Web App vulnerabilities Network Vulnerabilities OS Vulnerabilities Configuration Vulnerabilities Architectural Vulnerabilities Missed patches Miscellaneous Vulnerabilities

• Process Vulnerabilities No or Lack of Information Security Awareness Non Skilled Workforce Non-Standardization & Lack of well written Documentation Human Psychology Unorganized & unethical Organization culture Improper or no implementation of Security Controls Lack of Employee Satisfaction

innovateinfosec.com

What you Loose in a Breach

innovateinfosec.com InfoSec Industry Land Scape

Partners

innovateinfosec.com Solutions

innovateinfosec.com IIS Service Portfolio

• Information Security Architecture Assessment and Assurance Service

• Application Security Services• Data Security Services• Identity & Access Management Services• Network Security• Cloud Security• Security Reviews Services• Sustenance Services for Security Compliance• Physical Security

innovateinfosec.com IIS Service Portfolio

• Cyber Hygiene Services• Due Diligence Services• Digital Forensics & Investigation Services• Offensive Services: For Law Enforcement Only• Training Services• Web App & Mobile App development• Managed Security Services

innovateinfosec.com