A presentation on security incidents that lead to customer data breaches, which have been happening at an increasing rate, from the latest Anthem Blue Cross breach, to Target, to Home Depot, to breaches including the MongoHQ incident that lead to the BufferApp compromise.
Event meetup page:
Resource for finding out State laws on data breaches
History has taught us that waiting until a software project is complete and bolting security on through the use of security software or network security countermeasures is not effective enough. To have a chance to build a secure system, a team requires the active support of developers and for the organization to adopt a written information security policy that influences business model decisions and the user story writing workshop. It's not just about code and most non-developer stakeholders truly do not have enough knowledge to make informed decisions without the help of the developers. That means that developers need to be aware of basic legal requirements and be able to communicate these issues during the planning process.
Frank is the CEO of a development agency with team members in Nashville, TN, and in Atlanta, GA. Rietta works primarily with startup companies that are building out their web app and infrastructure.
Whenever you’re considering the security of a system, ask three questions:
1. Secure against what?
2. What is the worst thing that can happen?
3. Compared to what alternative?
This presentation was given on Thursday, February 5, 2015, at the Nash.rb meetup in Nashville, Tennessee.