Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Data Security @ the personal level

Arnon Rotem-Gal-Oz
PRO
April 20, 2017
Technology
0
24

Data Security @ the personal level

personal security briefing to employees (e.g for ISO 27001 compliance)

Arnon Rotem-Gal-Oz
PRO

April 20, 2017
Tweet

More Decks by Arnon Rotem-Gal-Oz

See All by Arnon Rotem-Gal-Oz
Brownfield Architecture transformations
arnonrgo
PRO
0
72
Software architecture 101
arnonrgo
PRO
0
1.2k
Apache Spark - Overview
arnonrgo
PRO
0
38
Taking ML to production - a journey
arnonrgo
PRO
0
110
Topics in Distributed Systems
arnonrgo
PRO
0
23
Docker & Kubernetes
arnonrgo
PRO
0
16
Microservices it's deja vu all over again
arnonrgo
PRO
0
22
Big Data in the Cloud - Welcome to cost oriented design
arnonrgo
PRO
0
17
Big Data Overview
arnonrgo
PRO
0
10

Other Decks in Technology

See All in Technology
第1回 国土交通省 データコンペ参加者向け勉強会③ - Snowflake x estie編 -
estie
0
130
Security-JAWS【第35回】勉強会クラウドにおけるマルウェアやコンテンツ改ざんへの対策
4su_para
0
180
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
220
Amazon Personalizeの レコメンドシステム構築、実際何するの? 〜大体10分で具体的なイメージをつかむ〜
kniino
1
100
AIチャットボット開発への生成AI活用
ryomrt
0
170
[FOSS4G 2024 Japan LT] LLMを使ってGISデータ解析を自動化したい!
nssv
1
210
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
iOS/Androidで同じUI体験をネ イティブで作成する際に気をつ けたい落とし穴
fumiyasac0921
1
110
Python(PYNQ)がテーマのAMD主催のFPGAコンテストに参加してきた
iotengineer22
0
470
DMARC 対応の話 - MIXI CTO オフィスアワー #04
bbqallstars
1
160
信頼性に挑む中で拡張できる・得られる1人のスキルセットとは?
ken5scal
2
530

Featured

See All Featured
Thoughts on Productivity
jonyablonski
67
4.3k
Code Reviewing Like a Champion
maltzj
520
39k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
A better future with KSS
kneath
238
17k
Art, The Web, and Tiny UX
lynnandtonic
297
20k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
6
410
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
The Art of Programming - Codeland 2020
erikaheidi
52
13k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Side Projects
sachag
452
42k
Designing for Performance
lara
604
68k

Transcript

  1. Data Security 
 (@ the personal level) Arnon Rotem-Gal-Oz

  2. So what’s so important about “information security”?

  3. Security is a real problem www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

  4. Information security? 
 Not MY problem - IT should figure

    it out

  5. We’ve met the enemy and he is us

  6. • Hardware • Software • People • Procedur es •

    Data

  7. Formal threat analysis 
 The STRIDE model 
 
 


    Also see • OWASP https://www.owasp.org/ • https://www.owasp.org/index.php/Threat_Risk_Modeling#STRIDE • Common Criteria https://www.commoncriteriaportal.org/

  8. Spoofing (of user identity) 
 Tampering 
 Repudiation 
 Information

    disclosure 
 Denial of service 
 Elevation of privilege
  9. None
  10. None

  11. On the other hand…

  12. None
  13. None

  14. Passwords

  15. None

  16. 2016 is just 
 
 as bad

  17. None
  18. None

  19. Physical theft/loss

  20. Protect your assets

  21. Pay attention to email/text recipient address

  22. Malware

  23. It is up to 
 you!

  24. •Be mindful •Be careful who you trust •Secure your devices

    •Report problems