Secure software development in the Russian IT Security Certification Scheme. Alexander Barabanov, Alexey Markov, Valentin Tsirlov
|
|
|
- Charles Craig
- 8 years ago
- Views:
Transcription
1 Secure software development in the Russian IT Security Certification Scheme Alexander Barabanov, Alexey Markov, Valentin Tsirlov
2 Agenda Brief overview Current status of the Russian IT Security Certification Scheme Steps Toward Common Criteria Approach and Secure Software Development Final Remarks 2
3 Brief overview: Historical Perspective Establishment of Russian IT Security Certification Scheme Mandatory requirements for source code analysis Mandatory requirements for antiviruses (based on CC) Mandatory requirements for trusted boot loader (based on CC) Mandatory requirements for firewall and access control systems Guidance based on CC v.2.1 Mandatory requirements for IPS/IDS (based on CC) Mandatory requirements for removable storage protection tools (based on CC) 3
4 Brief overview: who takes part in the certification process? 4
5 Brief overview: typical timeline Obtaining FSTEC ID Normally 1 month Evaluation provided by Laboratory 3-4 months Certification by Certification Body 1 month and more Obtaining a certificate from FSTEC of Russia Normally 1 month 5
6 Brief overview: Accredited Evaluation Laboratories 6
7 Brief overview: Accredited Certification Bodies 7
8 Brief overview: Classical Major Approaches to Evaluation Evaluation of the security functionality Black box testing to ensure that TOE works as it should Evaluation for the absence of non-declared functions Testing of source code for the absence of software vulnerabilities 8
9 Current status of the Russian Scheme: Products Evaluations 9
10 Current status of the Russian Scheme: Certified Products by Types Evaluation Timeline 10
11 Current status of the Russian Scheme: Russian vs. Non-Russian Developers 11
12 Current status of the Russian Scheme: Non-Russian Developers (2) Evaluation Timeline 12
13 Current status of the Russian Scheme: Russian Developers Evaluation Timeline 13
14 Steps Toward Common Criteria Approach: Step #1 (1) 14
15 Steps Toward Common Criteria Approach: Step #1 (2) 15
16 Steps Toward Common Criteria Approach: Step #1 (3) Evaluation Timeline 16
17 Steps Toward Common Criteria Approach: Step #2 (1) 17
18 Steps Toward Common Criteria Approach: Step #2 (2) 18
19 Steps Toward Common Criteria Approach: Step #2 (3) FSTEC of Russia Approved Protection Profiles PP for IPS/IDS PP for Antiviruses PP for Trusted Boot Loaders PP for Removable Storage Protection Protection Profiles in Development PP for Firewalls PP for Operating System PP for DBMS 19
20 Steps Toward Common Criteria Approach: Step #2 (4) 20
21 Certifications against new FSTEC of Russia requirements: projects summary Number of certifications Summary: TOE Types: IDS/IPS, Antivirus, Trusted boot loader Vendors: HP, McAfee, ESET, Trend Micro, PineApp, Kaspersky Lab, Cisco, Echelon, Altx-Soft, Secure Code Number of active labs: 4 21
22 Certifications against new FSTEC of Russia requirements: Russian vs. non-russian TOE 22
23 Steps Toward Secure Software Development Russian standard «Information protection. Secure Software Development. General requirements» (draft) Proposed Secure Software Development Controls: information security threats modeling source code static/dynamic analysis source code review penetration testing... 23
24 Final Remarks 1. First certifications according to the new requirements were provided for non-russian products. 2. More and more leading non-russian developers provide the Russian Evaluations Laboratories with access to their source code, and this tendency shall be observed in the future. 3. Efficiency in detection of vulnerabilities in software submitted for certification will advance. 4. Russian developers will pay more for certification. 5. The number of actively working Evaluations Laboratories will degrade. 24
25 Contact Information Alexander Barabanov, Ph.D., CISSP, CSSLP NPO Echelon Alexey Markov, Dr.Sc., CISSP, Member of IEEE NPO Echelon Valentin Tsirlov, Ph.D., CISSP, CISM NPO Echelon 25
26 Thank you for your attention! 26
Russian IT Security Certification Scheme: Steps Toward Common Criteria Approach
6 15th International Common Criteria Conference, New Delhi, India Russian IT Security Certification Scheme: Steps Toward Common Criteria Approach Alexander Barabanov 1, Alexey Markov 1, Valentin Tsirlov
Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices
The Payment Card Industry (PCI) Data Security Standard (DSS) provides an actionable framework for developing a robust payment card data security process. The Payment Application Data Security Standard
Global Cyber Security Industry Report 2015
Global Cyber Security Industry Report 2015 Phone: +44 20 8123 2220 Fax: +44 207 900 3970 office@marketpublishers.com Global Cyber Security Industry Report 2015 Date: September 1, 2015 Pages: 158 Price:
Global Endpoint Security Market 2015-2019
Brochure More information from http://www.researchandmarkets.com/reports/3097865/ Global Endpoint Security Market 2015-2019 Description: About Endpoint Security Endpoint security is a methodology that
FedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the
TURKISH COMMON CRITERIA CERTIFICATION SCHEME TSE-CCCS TURKISH NATIONAL UPDATE, 2013
TURKISH COMMON CRITERIA CERTIFICATION SCHEME TSE-CCCS TURKISH NATIONAL UPDATE, 2013 Mariye Umay Akkaya Director of TK`s CB 14 th ICCC,10.09.2013,Orlando TURKISH COMMON CRITERIA CERTIFICATION SCHEME-2013
Information Security solutions that protect your business
Information Security solutions that protect your business We deliver Information Security solutions that stabilize your organization helping you build a strong foundation to prevent potential security
FedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SUMMER 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please
iviz Security Inc (In) Security in Security Products 2013
iviz Security Inc (In) Security in Security Products 2013 iviz Security Inc 2013 Introduction We use security products to secure our systems and our businesses. However, the very security products we use,
National Information Assurance Partnership
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report NetIQ Security Manager Version 5.5 Report Number: CCEVS-VR-07-0058 Dated: 9 August 2007
IT Security Evaluation in China
IT Security Evaluation in China Yi Mao, Ph.D., CISSP atsec information security cooperation Austin, TX USA www.atsec.com yi@atsec.com ICCC 2012 September 18-20, Paris, France atsec information security,
Access FedVTE online at: fedvte.usalearning.gov
FALL 2015 Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk her e or email the Help Desk at support@usalearning.net. To speak with a Help Desk
PROACTIVE PROTECTION MADE EASY
PROACTIVE PROTECTION AUTHOR: ANDREW NIKISHIN KASPERSKY LAB Heuristic Analyzer Policy-Based Security Intrusion Prevention System (IPS) Protection against Buffer Overruns Behaviour Blockers Different Approaches
Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications
Thomas K. Lee, Executive Director/CIO Human Resources Department (518) 447-2906 Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) The New York State
CERTIFIED. SECURE SOFTWARE DEVELOPMENT with COMMON CRITERIA
CERTIFIED SECURE SOFTWARE DEVELOPMENT with COMMON CRITERIA CONTENT CC IN A NUTSHELL CC BACKGROUND AIM AND GOAL OF CC ADVANTAGES OF CC WHY DO WE RECOMMEND CC TO DEVELOPERS? WHEN IS CC THE RIGHT CHOICE?
22 July, 2010 IT Security Center (ISEC) Information-technology Promotion Agency (IPA) Copyright 2010 Information-Technology Promotion Agency, Japan 1
22 July, 2010 IT Security Center (ISEC) Information-technology Promotion Agency (IPA) Copyright 2010 Information-Technology Promotion Agency, Japan 1 Introduction of IPA Copyright 2010 Information-Technology
Real Performance? Ján Vrabec vrabec@eset.sk David Harley dharley@eset.com
Real Performance? Ján Vrabec vrabec@eset.sk David Harley dharley@eset.com Agenda Introduction Detection vs. Whole Product Test Performance Tests Black box testing suites Irrelevant Testing Types of users
Information Security Attack Tree Modeling for Enhancing Student Learning
Information Security Attack Tree Modeling for Enhancing Student Learning Jidé B. Odubiyi, Computer Science Department Bowie State University, Bowie, MD and Casey W. O Brien, Network Technology Department
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
John P Zelsnack CISSP/CISM/CRISC/Securty+/ITILv3 Senior Technical Manager/Cyber Security Engineer General Dynamics - Advanced Information Systems
John P Zelsnack CISSP/CISM/CRISC/Securty+/ITILv3 Senior Technical Manager/Cyber Security Engineer General Dynamics - Advanced Information Systems AGENDA Who Am I? Breaking it down Why Do We Care Questions
Korea IT Security Evaluation and Certification Scheme
Korea IT Security Evaluation and Certification Scheme 2005. 9. 28 Korea Certification Body Dae Ho, Lee Agenda I KECS Introduction II Role and Responsibility of CB III Evaluation and Certification Procedure
Information Security Specialist Training on the Basis of ISO/IEC 27002
Information Security Specialist Training on the Basis of ISO/IEC 27002 Natalia Miloslavskaya, Alexander Tolstoy Moscow Engineering Physics Institute (State University), Russia, {milmur, ait}@mephi.edu
State of Montana Information Technology Managers Advisory Council
State of Montana Information Technology Managers Advisory Council Welcome and Introductions (1:00-1:05) Joe Frohlich, Past Chair Council Business Meeting August 7, 2013 1:00 3:30 Room 152 State Capitol
UNDERSTANDING PCI 3.0 AND HOW TO REDUCE YOUR SCOPE
UNDERSTANDING PCI 3.0 AND HOW TO REDUCE YOUR SCOPE April 30 th, 2014 Sean Mathena CISSP, CISA, QSA Trustwave Managing Consultant WELCOME AND AGENDA PCI-DSS 3.0 Review the high-level areas that have changed
PCI DSS 3.0 : THE CHANGES AND HOW THEY WILL EFFECT YOUR BUSINESS
PCI DSS 3.0 : THE CHANGES AND HOW THEY WILL EFFECT YOUR BUSINESS CIVICA Conference 22 January 2015 WELCOME AND AGENDA Change is here! PCI-DSS 3.0 is mandatory starting January 1, 2015 Goals of the session
InfoSec Academy Pen Testing & Hacking Track
Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security
PCSL. PCSL IT Consulting Institute 机 安 全 软 件 病 毒 检 测 率 测 试
2014 IT Consulting Institute ⓫ 手 机 安 全 软 件 病 毒 检 测 率 测 试 报 告 目 录 Table of Contents P1 P2 P3 测 试 背 景 测 试 流 程 待 测 软 件 P4 P6 P7 测 试 结 果 月 度 奖 项 相 关 信 息 P8 权 利 说 明 P9 免 责 声 明 CHAP. 1 Background 1 CHAP. 2 Test
Africa Cyber Security Market by Solution, by Service, by Verticals, by Country - Global forecast to 2020
Brochure More information from http://www.researchandmarkets.com/reports/3281044/ Africa Cyber Security Market by Solution, by Service, by Verticals, by Country - Global forecast to 2020 Description: Africa
Click to edit Master title style. How To Choose The Right MSSP
How To Choose The Right MSSP Meet Eric Eric Devansky Director of Global Security Services 15 Years of experience in the Cyber Security industry CISSP Palo Alto CNSE VMWare VCP Connect with me: @TruShield
BMS Consulting Cyber Security and IT Technology Team
BMS Consulting Cyber Security and IT Technology Team Cyber Security and IT Technology Team Who we are High professional team from Ukraine which specializes on InfoSec and complex IT projects around the
Big 4 Information Security Forum
San Francisco ISACA Chapter Proudly Presents: Big 4 Information Security Forum A Day-Long, Multi-Session Event, being held in San Francisco @ the Sir Francis Drake Hotel! *** PLEASE NOTE THIS EVENT WILL
Manually Add Programs to Your Firewall or Anti-Virus Programs Trusted List. ZoneAlarm
Manually Add Programs to Your Firewall or Anti-Virus Programs Trusted List ZoneAlarm AVG Open the AVG Anti-Virus plus Firewall. Double-click the Firewall button to configure the Firewall. Add the programs
ENTERPRISE EPP COMPARATIVE REPORT
ENTERPRISE EPP COMPARATIVE REPORT Security Stack: Socially Engineered Malware Authors Bhaarath Venkateswaran, Randy Abrams, Thomas Skybakmoen Tested Products Bitdefender Endpoint Security v5.3.15.539 ESET
Open Smart Card Infrastructure for Europe
Open Smart Card Infrastructure for Europe v2 Volume 8: Part 3-1: Authors: Security and Protection Profiles (Common Criteria Supporting Document) eesc TB3 Protection Profiles, Security Certification NOTICE
Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:
Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for
Information Security @ Blue Valley Schools FEBRUARY 2015
Information Security @ Blue Valley Schools FEBRUARY 2015 Student Data Privacy & Security Blue Valley is committed to providing an education beyond expectations to each of our students. To support that
Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013
Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory
Penetration Testing. Request for Proposal
Penetration Testing Request for Proposal Head Office: 24 - The Mall, Peshawar Cantt, 25000 Khyber Pakhtunkhwa, Islamic Republic of Pakistan UAN: +92-91-111-265-265, Fax: +92-91-5278146 Website: www.bok.com.pk
Windows Updates vs. Web Threats
Windows Updates vs. Web Threats HOW WELL DO WINDOWS UPDATES PROTECT AGAINST MALWARE? Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This test explores how much
How to choose the right NGFW for your organization: Independent 3 rd Party Testing
How to choose the right NGFW for your organization: Independent 3 rd Party Testing Daniel Ayoub, CISSP, CISM, CISA, CEH Manager, Product Marketing Dell Marketing 2 Confidential Marketing vs. Reality 3
Goals. Understanding security testing
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
World-class security solutions for your business. Kaspersky. OpenSpaceSecurity
World-class security solutions for your business Kaspersky Open Open Kaspersky Open Space Security is a suite of products that offers security coverage for all types of network endpoints, from mobile devices
HP Cyber Security Control Cyber Insight & Defence
HP Cyber Security Control Cyber Insight & Defence Security awareness at board level Security leadership is under immense pressure Cyber threat Extended supply chain Financial loss Reputation damage Cost
BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE
BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE About the Author. Acknowledgments. Introduction. Chapter 1 Understanding the Threats. Quantifying the Threat.
TCS Managed Security Services
IT OUTSOURCING VENDOR PROFILE OF: TCS Managed Security Services 1. Background... 1 2. Revenue Summary... 1 3. Key Offerings... 2 3.1.. Security Monitoring and Incident Management... 2 3.2.. Network security...
THE BEST WAY TO CATCH A THIEF. Patrick Bedwell, Vice President, Product Marketing
THE BEST WAY TO CATCH A THIEF Patrick Bedwell, Vice President, Product Marketing AlienVault Vision Accelerating and simplifying threat detection and incident response for IT teams with limited resources,
NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice
NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to
INDEPENDENT VALIDATION OF FORTINET SOLUTIONS. NSS Labs Real-World Group Tests
INDEPENDENT VALIDATION OF FORTINET SOLUTIONS NSS Labs Real-World Group Tests INDEPENDENT VALIDATION OF FORTINET SOLUTIONS Introduction Organizations can get overwhelmed by vendor claims and alleged silver
Global Security Software Market 2015-2019
Brochure More information from http://www.researchandmarkets.com/reports/3129404/ Global Security Software Market 2015-2019 Description: About Security Software Security software comprise a suite of security
SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles
PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the
Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM
Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active
Security Industry Market Share Analysis
Security Industry Market Share Analysis September 2011 Introduction The Research OPSWAT releases quarterly market share reports for several sectors of the security industry. This quarter s report includes
Five ways to simplify the vulnerability management lifecycle. Scott Sidel, CISSP, CEH, ETC May 2005
Five ways to simplify the vulnerability management lifecycle Scott Sidel, CISSP, CEH, ETC May 2005 Why do we patch? No system is perfect. Vulnerabilities ship out-of-the-box Threats on the wire Even while
Malaysian Common Criteria Evaluation & Certification (MyCC) Scheme Activities and Updates. Copyright 2010 CyberSecurity Malaysia
Malaysian Common Criteria Evaluation & Certification (MyCC) Scheme Activities and Updates Copyright 2010 CyberSecurity Malaysia Agenda 1. Understand Why we need product evaluation and certification ICT
Are you prepared to be next? Invensys Cyber Security
Defense In Depth Are you prepared to be next? Invensys Cyber Security Sven Grone Critical Controls Solutions Consultant Presenting on behalf of Glen Bounds Global Modernization Consultant Agenda Cyber
QRadar SIEM 6.3 Datasheet
QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar
Prinect. Is Your Prinect Workflow Safe from a Cyber Attack?
Prinect Is Your Prinect Workflow Safe from a Cyber Attack? Anti-Virus Software & Your Prinect Workflow Security is a key concern of today s digital world. Fully protecting your business requires a multi-prong
S-Terra CSP: the future champion of the Russian network security market
S-Terra CSP: the future champion of the Russian network security market CONTENT Who do we are? Why are we better? Why we must win? 2003, 2004 S-Terra CSP 2 Origin of the «S-Terra CSP» NPO ELAS legendary
Security Solution Vendors 2015 Suppliers and solutions for network, data & storage, and endpoint security
Security Solution Vendors 2015 Suppliers and solutions for network, data & storage, and endpoint security German specialist for site connectivity LANCOM emerges as Champion in the techconsult audit: Security
Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
A Study on the Secure Software Development Life Cycle for Common Criteria (CC) Certification
, pp. 131-142 http://dx.doi.org/10.14257/ijseia.2015.9.10.13 A Study on the Secure Software Development Life Cycle for Common Criteria (CC) Certification Min-gyu Lee 1, Hyo-jung Sohn 2, Baek-min Seong
Why The Security You Bought Yesterday, Won t Save You Today
9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About
IT Compliance Volume II
The Essentials Series IT Compliance Volume II sponsored by by Rebecca Herold Security Products Must Be Secure by Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMI April 2007 Software Vulnerabilities in the
Foregenix Incident Response Handbook. A comprehensive guide of what to do in the unfortunate event of a compromise
Foregenix Incident Response Handbook A comprehensive guide of what to do in the unfortunate event of a compromise Breadth of Expertise - You re in safe hands Foregenix is a global Information Security
Application Security Best Practices. Wally LEE <wally.lee@scs.com.sg> Principal Consultant
Application Security Best Practices Wally LEE Principal Consultant 17/18 March 2009 Speaker Profile Wally LEE CISSP BS7799 Lead Auditor Certified Ultimate Hacking Instructor Certified
PCI DSS 3.0 Changes & Challenges P R E S I D E N T/ C O - F O U N D E R F R S EC U R E
PCI DSS 3.0 Changes & Challenges EVAN FRANCEN, CISSP CISM P R E S I D E N T/ C O - F O U N D E R F R S EC U R E PCI DSS 3.0 Changes & Challenges Topics FRSecure, the company Introduction to PCI-DSS Recent
FIA Protection Against Mileage Fraud by Common Criteria
Informal document GRSG-108-37 (108th GRSG, 4-8 May 2015, agenda item 3) FIA Protection Against Mileage Fraud by Common Criteria UNECE 2015 05 05 FIA Protection against Mileage Fraud by Common Criteria
PCI DSS 3.0 and You Are You Ready?
PCI DSS 3.0 and You Are You Ready? 2014 STUDENT FINANCIAL SERVICES CONFERENCE Linda Combs combslc@jmu.edu Ron King rking@campusguard.com AGENDA PCI and Bursar Office Role Key Themes in v3.0 Timelines Changes
Evolution of Penetration Testing
Alexander Polyakov, QSA,PA-QSA CTO Digital Security (dsec.ru) Head of DSecRG (dsecrg.com) ERPSCAN Architect (erpscan.com) Head of OWASP-EAS Pentests? Again? Why? Many companies are doing this Many companies
Phone: +44 20 8123 2220 Fax: +44 207 900 3970 office@marketpublishers.com https://marketpublishers.com
Wireless Network Security Market by Solutions (Firewall, IPS/IDS, Encryption, I&AM, UTM), Services (Security Operations, Consulting, Managed Security Services) - Worldwide Market Forecasts and Analysis
How To Perform An External Security Vulnerability Assessment Of An External Computer System
External Vulnerability Assessment -Executive Summary- Prepared for: ABC ORGANIZATION On March 9, 2008 Prepared by: AOS Security Solutions 1 of 5 Table of Contents Executive Summary... 3 Immediate Focus
PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com
PCI Compliance - A Realistic Approach Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com What What is PCI A global forum launched in September 2006 for ongoing enhancement
CSU, Chico Credit Card PCI-DSS Risk Assessment
CSU, Chico Credit Card PCI-DSS Risk Assessment Division/ Department Name: Merchant ID Financial Account Location (University, Auxiliary Organization) Business unit functional contact: : Title: Telephone:
Report on CAP Cybersecurity November 5, 2015
Agenda Number 7. Report on CAP Cybersecurity November 5, 2015 Phil Cook CISSP, CISM Manager, Information Technologies Risk #1 External Attacks PR 81 Protect and secure CAP's Information Technology assets
Director, IT Security District Office Kern Community College District JOB DESCRIPTION
Director, IT Security District Office Kern Community College District JOB DESCRIPTION Definition Reporting to the Chief Information Officer, the Director of IT Security develops and implements procedures,
Securely Yours LLC Top Security Topics for 2013. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC Top Security Topics for 2013 Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps
Learning objectives for today s session
Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Learning objectives for today s session Understand what a black box and white box assessment is and how they differ Identify
Cisco ICM/IPCC Enterprise and Hosted Anti-Virus Software Guidelines
Introduction Cisco ICM/IPCC Enterprise and Hosted Anti-Virus Software Guidelines This document provides guidelines for implementing anti-virus software in a Cisco ICM/IPCC Enterprise (or Hosted) solution.
Interaction between State and Private Healthcare in Russia
Interaction between State and Private Healthcare in Russia F.Кadyrov Deputy Director of the Central Public Health Research Institute, prof., Russia 1 Constitution of the Russian Federation grants equal
Penetration Testing Getting the Most out of Your Assessment. Chris Wilkinson Crowe Horwath LLP September 22, 2010
Penetration Testing Getting the Most out of Your Assessment Chris Wilkinson Crowe Horwath LLP September 22, 2010 Introduction Chris Wilkinson, CISSP Crowe Horwath LLP Product Manager - Penetration Testing
Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM
Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM TODAY S AGENDA Describe the need for SIEM Explore different options available for SIEM Demonstrate a few Use Cases Cover some caveats
Korean National Protection Profile for Voice over IP Firewall V1.0 Certification Report
KECS-CR-16-36 Korean National Protection Profile for Voice over IP Firewall V1.0 Certification Report Certification No.: KECS-PP-0717-2016 2016. 6. 10 IT Security Certification Center History of Creation
Security Industry Market Share Analysis
Security Industry Market Share Analysis December Introduction The Research OPSWAT releases quarterly market share reports for several sectors of the security industry. This report includes both worldwide
Mobile Security Apps. Hendrik Pilz Director Technical Lab / Mobile Security hpilz@av-test.de
Hendrik Pilz Director Technical Lab / Mobile Security hpilz@av-test.de The test report is also available on About AV-TEST 24 employees in Magdeburg and Leipzig Tests of security solutions for consumers
Moderator: Benjamin McGee, CISSP Cyber Security Lead SAIC
From Security Assessment to Vulnerability Remediation: The Realities of Deploying a Cloud-Based Application Risk Management Solution Moderator: Benjamin McGee, CISSP Cyber Security Lead SAIC Setting the
Data Driven Security Framework to Success
Data Driven Security Framework to Success Presented by Leonard Jacobs, MBA, CISSP, CSSA Founder, President and CEO of Netsecuris Inc. 1 Topics The Explosion of Security Data Threat-centric Security vs.
SAQ D Compliance. Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP
SAQ D Compliance Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP Ground Rules WARNING: Potential Death by PowerPoint Interaction Get clarification Share your institution s questions, challenges,
Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP
Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Learning objectives for today s session Understand different types of application assessments and how they differ Be
IBM Security in the Software Development Lifecycle
IBM Security in the Software Development Lifecycle Service Definition 1 1. Summary 1.1 Service Description This offering is provided by IBM Global Technology Services, Security and Privacy, for the design
National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Cisco Intrusion Detection System Sensor Appliance IDS-4200 series Version 4.1(3) Report
31-05-2007. Sérgio Martinho Microsoft Portugal Sergio.Martinho@microsoft.com
As melhores soluções servidoras empresariais e a maior facilidade de gestão 31-05-2007 Sérgio Martinho Microsoft Portugal Sergio.Martinho@microsoft.com Agenda IT Solution Priorities by Vertical Market
IT Senior Audit Leader
IT Senior Audit Leader Locations: Minneapolis, MN; Phoenix, AZ; Denver, CO; Des Moines, IA; Philadelphia, PA; Charlotte, NC; San Francisco, CA and San Antonio, TX Job Description Wells Fargo Audit Services
Security Compliance: Making the Proper Decisions
Security Compliance: Making the Proper Decisions L. Arnold Johnson National Information Assurance Partnership National Institute of Standards and Technology Short Answer to Moderators Questions Advice
Case Study: Security Implementation for a Non-Profit Hospital
Case Study: Security Implementation for a Non-Profit Hospital The Story Security Challenges and Analysis The Case The Clone Solution The Results The Story About the hospital A private, not-for-profit hospital
RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY 229 Information Security Fundamentals
RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE CISY 229 Information Security Fundamentals I. Basic Course Information A. Course Number & Title: CISY-229 Information Security Fundamentals B. New or Modified
SUSE Linux Enterprise 12 Security Certifications Common Criteria, EAL, FIPS, PCI DSS,... What's All This About?
SUSE Linux Enterprise 12 Security Certifications Common Criteria, EAL, FIPS, PCI DSS,... What's All This About? Matthias G. Eckermann Senior Product Manager SUSE Linux Enterprise mge@suse.com Agenda Evaluation
Insecurity in Security Software
Insecurity in Security Software Maik Morgenstern Andreas Marx AV-Test GmbH http://www.av-test.org Virus Bulletin 2005 Conference presentation about Insecurity in Security Software Copyright 2005 AV-Test
ISSECO Syllabus Public Version v1.0
ISSECO Syllabus Public Version v1.0 ISSECO Certified Professional for Secure Software Engineering Date: October 16th, 2009 This document was produced by the ISSECO Working Party Syllabus Introduction to
Global Antivirus Software Package Market 2015-2019
Brochure More information from http://www.researchandmarkets.com/reports/3498718/ Global Antivirus Software Package Market 2015-2019 Description: About antivirus software package An antivirus scans the