Data breaches are a major problem faced by society. We trust increasing amounts of private information to web applications, some built by startups and others by major corporations. No matter the organization though, these systems are built by individual developers making practical, specific coding decisions within their code that impact the security of the system and its data.
Individual developers have a responsibility have a personal standard of due care in their work. To be aware of what decisions they can personally make that protect their systems’ users and their employers or clients.
In this talk, the students are expected to become exposed to and learn:
1. That users perceive a breach a privacy even when the actions may be legal and permitted by terms of service.
2. The concept of relative risks and the balancing act that is fundamental to a comprehensive information security plan
3. That a data breach is the disclosure and access of sensitive information to an unauthorized person and that it does not matter if specific evil was done with that information
4. A short list of State and Federal laws that define legally protected private information, called Personally Identifiable Information (PII)
5. A discussion on professional ethics and reasonable standard of due care.
6. Become familiar with the OWASP Top 10, which is a list of ways that web applications are frequently compromised.
7. Become familiar with the availability of inexpensive physical 2 factor authentication and security credential devices that can be integrated into a system being built in Ruby on Rails.
With this knowledge, the hope is that the students will rise to the occasion and seek out additional knowledge about this topic. Moreover, by drawing a personal line in the sand, that each developer will be better prepared to push back within their organizations when sensitive information is being included with an application and to recommend appropriate safe guards or to decline to implement features if reasonable due care is being left out of the process.
The video of the presentation is available at