Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Data Security @ the personal level

Arnon Rotem-Gal-Oz
April 20, 2017
Technology
0
24

Data Security @ the personal level

personal security briefing to employees (e.g for ISO 27001 compliance)

Arnon Rotem-Gal-Oz

April 20, 2017
Tweet

More Decks by Arnon Rotem-Gal-Oz

See All by Arnon Rotem-Gal-Oz
Brownfield Architecture transformations
arnonrgo
0
75
Software architecture 101
arnonrgo
0
1.2k
Apache Spark - Overview
arnonrgo
0
38
Taking ML to production - a journey
arnonrgo
0
110
Topics in Distributed Systems
arnonrgo
0
24
Docker & Kubernetes
arnonrgo
0
19
Microservices it's deja vu all over again
arnonrgo
0
22
Big Data in the Cloud - Welcome to cost oriented design
arnonrgo
0
17
Big Data Overview
arnonrgo
0
10

Other Decks in Technology

See All in Technology
UI State設計とテスト方針
rmakiyama
2
430
【re:Invent 2024 アプデ】 Prompt Routing の紹介
champ
0
140
Amazon Kendra GenAI Index 登場でどう変わる? 評価から学ぶ最適なRAG構成
naoki_0531
0
100
AWS re:Invent 2024で発表された コードを書く開発者向け機能について
maruto
0
190
OpenAIの蒸留機能(Model Distillation)を使用して運用中のLLMのコストを削減する取り組み
pharma_x_tech
4
550
非機能品質を作り込むための実践アーキテクチャ
knih
3
900
PHPからGoへのマイグレーション for DMMアフィリエイト
yabakokobayashi
1
160
Snowflake女子会#3 Snowpipeの良さを5分で語るよ
lana2548
0
220
MLOps の現場から
asei
6
630
re:Invent をおうちで楽しんでみた ~CloudWatch のオブザーバビリティ機能がスゴい!/ Enjoyed AWS re:Invent from Home and CloudWatch Observability Feature is Amazing!
yuj1osm
0
120
複雑性の高いオブジェクト編集に向き合う: プラガブルなReactフォーム設計
righttouch
PRO
0
110
LINEスキマニにおけるフロントエンド開発
lycorptech_jp
PRO
0
330

Featured

See All Featured
Side Projects
sachag
452
42k
The Cult of Friendly URLs
andyhume
78
6.1k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
7k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
32
2.7k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
26
1.9k
YesSQL, Process and Tooling at Scale
rocio
169
14k
Building a Scalable Design System with Sketch
lauravandoore
460
33k
Agile that works and the tools we love
rasmusluckow
328
21k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k

Transcript

  1. Data Security 
 (@ the personal level) Arnon Rotem-Gal-Oz

  2. So what’s so important about “information security”?

  3. Security is a real problem www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

  4. Information security? 
 Not MY problem - IT should figure

    it out

  5. We’ve met the enemy and he is us

  6. • Hardware • Software • People • Procedur es •

    Data

  7. Formal threat analysis 
 The STRIDE model 
 
 


    Also see • OWASP https://www.owasp.org/ • https://www.owasp.org/index.php/Threat_Risk_Modeling#STRIDE • Common Criteria https://www.commoncriteriaportal.org/

  8. Spoofing (of user identity) 
 Tampering 
 Repudiation 
 Information

    disclosure 
 Denial of service 
 Elevation of privilege
  9. None
  10. None

  11. On the other hand…

  12. None
  13. None

  14. Passwords

  15. None

  16. 2016 is just 
 
 as bad

  17. None
  18. None

  19. Physical theft/loss

  20. Protect your assets

  21. Pay attention to email/text recipient address

  22. Malware

  23. It is up to 
 you!

  24. •Be mindful •Be careful who you trust •Secure your devices

    •Report problems