Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Data Security @ the personal level

Arnon Rotem-Gal-Oz
April 20, 2017
Technology
0
24

Data Security @ the personal level

personal security briefing to employees (e.g for ISO 27001 compliance)

Arnon Rotem-Gal-Oz

April 20, 2017
Tweet

More Decks by Arnon Rotem-Gal-Oz

See All by Arnon Rotem-Gal-Oz
Brownfield Architecture transformations
arnonrgo
0
86
Software architecture 101
arnonrgo
0
1.3k
Apache Spark - Overview
arnonrgo
0
38
Taking ML to production - a journey
arnonrgo
0
110
Topics in Distributed Systems
arnonrgo
0
24
Docker & Kubernetes
arnonrgo
0
20
Microservices it's deja vu all over again
arnonrgo
0
22
Big Data in the Cloud - Welcome to cost oriented design
arnonrgo
0
19
Big Data Overview
arnonrgo
0
10

Other Decks in Technology

See All in Technology
エラーバジェット枯渇の原因 - 偽陽性との戦い -
phaya72
1
100
アーキテクチャわからん、の話
shirayanagiryuji
0
150
さいきょうのアーキテクチャを生み出すセンスメイキング
jgeem
0
270
private spaceについてあれこれ調べてみた
operando
1
170
パブリッククラウドのプロダクトマネジメントとアーキテクト
tagomoris
4
770
SREとしてスタッフエンジニアを目指す / SRE Kaigi 2025
tjun
15
6.3k
extensionとschema
yahonda
1
100
20250129 Findy_テスト高活用化
dshirae
0
220
エンジニアとしてプロダクトマネジメントに向き合った1年半
sansantech
PRO
0
100
プロダクト価値を引き上げる、「課題の再定義」という習慣
moeka__c
0
210
Japan AWS Jr. Championsがお届けするre:Invent2024のハイライト ~ラスベガスで見てきた景色~
fukuchiiinu
0
1.1k
Creative Pair
kawaguti
PRO
1
130

Featured

See All Featured
A better future with KSS
kneath
238
17k
4 Signs Your Business is Dying
shpigford
182
22k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7k
The Invisible Side of Design
smashingmag
299
50k
Designing Experiences People Love
moore
139
23k
Testing 201, or: Great Expectations
jmmastey
41
7.2k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
1.3k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
6
220
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Build your cross-platform service in a week with App Engine
jlugia
229
18k

Transcript

  1. Data Security 
 (@ the personal level) Arnon Rotem-Gal-Oz

  2. So what’s so important about “information security”?

  3. Security is a real problem www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

  4. Information security? 
 Not MY problem - IT should figure

    it out

  5. We’ve met the enemy and he is us

  6. • Hardware • Software • People • Procedur es •

    Data

  7. Formal threat analysis 
 The STRIDE model 
 
 


    Also see • OWASP https://www.owasp.org/ • https://www.owasp.org/index.php/Threat_Risk_Modeling#STRIDE • Common Criteria https://www.commoncriteriaportal.org/

  8. Spoofing (of user identity) 
 Tampering 
 Repudiation 
 Information

    disclosure 
 Denial of service 
 Elevation of privilege
  9. None
  10. None

  11. On the other hand…

  12. None
  13. None

  14. Passwords

  15. None

  16. 2016 is just 
 
 as bad

  17. None
  18. None

  19. Physical theft/loss

  20. Protect your assets

  21. Pay attention to email/text recipient address

  22. Malware

  23. It is up to 
 you!

  24. •Be mindful •Be careful who you trust •Secure your devices

    •Report problems