SecurityReviews_CNSCon_2023.pdf

1、Ragashree M C,CISSPGraduate Student,Carnegie Mellon UniversityTechnical Lead,CNCF TAG SecuritySneak Peak into the Security Assessment with the communityWhat a wonderful world.-We are more connected now,that ever-Innovation everywhere!What a wonderful world.-Huge number of connected devices,services.

2、-Larger attack surface that ever-How secure really is it?Meanwhile,Agenda What is a security assessment?How is it different from audits?How to perform a security review?What are the resources available?Announcement!How to get a TAG-security security assessment?Whats next?What is a security assessmen

3、t?How is it different from audits?How to perform a security review?What are the resources available?.Announcement!How to get a TAG-security security assessment?Whats next?Security Assessments Dives into Systemic/design Subjective Longer validityWhat is a security assessment?How is it different from

4、audits?How to perform a security review?What are the resources available?.Announcement!How to get a TAG-security security assessment?Whats next?Security Assessments vsSecurity Audits Longer validity vs Single point in time Systemic/design issues vs process/implementation issues Subjective vs objecti

5、ve What is a security assessment?How is it different from audits?How to perform a security review?What are the resources available?.Announcement!How to get a TAG-security security assessment?Whats next?Source:AliExpress,Marvel Chinese Brand Name Creation|LabbrandDisclaimer All characters represented

6、 in this artwork belongs to the respective owner.ActorsThe good,the neutral,the badSystem goals Confidentiality Integrity Availability Non-repudiation,Secrecy,Privacy.Source:AliExpress,Marvel Chinese Brand Name Creation|LabbrandDisclaimer All characters represented in this artwork belongs to the res