Cyber Security
Theory and Best Practices
Embedded Files
Lecture 02: Cybersecurity Standards
Lecture 02: Cybersecurity Standards
1-App Security
1-App Security
OWASP: Improve web/mobile app security During SDLC: design, coding, testing
CNCF: Cloud Native Computing Foundation – governs cloud-native ecosystems, Promote secure, scalable microservices
PCI: Payment card Industry security, Year 2004, Enforce 12 requirements: firewall, encryption, access control, logging, scanning
2-Data Focus
2-Data Focus
GDBR: A legal framework that sets standards for collecting, processing, storing & transferring personal data of EU citizens, giving them more control over their data.
Key Practices:
Consent: Users must agree explicitly
Right to access: Users can ask what data you hold.
Right to be forgotten: Users can request deletion.
Data minimization: Only collect what’s necessary.
Breach notification: Report data breaches within 72 hours.
3-Compliant focus
3-Compliant focus
ISO: International standard for Information Security Management Systems (ISMS) ,To build and certify a risk-based security program across people, process, tech, Implement controls from ISO 27002, perform risk assessments, audits, get certified
NIST (National Institute of Standards and Technology): U.S. government-backed standards (e.g., NIST CSF, 800-53, 800-171) , Public/private orgs wanting risk-based, modular security
ISACA: Global org for IT governance, author of COBIT, Risk IT, CSX, se COBIT for governance, CSX for cyber resilience, map to ISO/NIST/PCI
4-Threat detection/Simulation
4-Threat detection/Simulation
MITRE: U.S. nonprofit R&D org managing cybersecurity knowledge bases (e.g., ATT&CK, CVE) , To classify threats, adversary behaviors, and share vulnerability intelligence, Use MITRE ATT&CK for TTPs, CVE for known vulnerabilities, integrate with SIEM/EDR
STRIDE: By microsoft
5-Cloud and SaaS Security
5-Cloud and SaaS Security
CSA: Cloud Security Alliance – defines cloud security best practices, Secures cloud environments & services, Use in cloud design, vendor selection, and third-party risk assessments
CNCF: Cloud Native Computing Foundation, A Linux Foundation project that governs and supports cloud-native open-source technologies like Kubernetes, Prometheus, and Envoy. o standardize, secure, and scale modern applications using containers, microservices, and declarative APIs. It drives interoperability and vendor-neutral innovation.
6-Software Process
6-Software Process
DevSecOps
Dr. Ghoniem Lawaty
Tech Evangelist @TechHuB Egypt
Page updated
Google Sites
Report abuse