Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security stories in online payment company

Avatar for Raden Ardiansyah Natakusumah Raden Ardiansyah Natakusumah
December 13, 2018
Technology
0
26

Security stories in online payment company

Avatar for Raden Ardiansyah Natakusumah

Raden Ardiansyah Natakusumah

December 13, 2018
Tweet

More Decks by Raden Ardiansyah Natakusumah

See All by Raden Ardiansyah Natakusumah
Bug Bounty: Do and Don’t
Avatar for Raden Ardiansyah Natakusumah rully
0
62
Protect your business with PCI DSS
Avatar for Raden Ardiansyah Natakusumah rully
0
42
Intrusion Prevention System based on Machine Learning
Avatar for Raden Ardiansyah Natakusumah rully
0
160
PCI DSS Security Awareness
Avatar for Raden Ardiansyah Natakusumah rully
0
160

Other Decks in Technology

See All in Technology
OpenShiftでllm-dを動かそう!
Avatar for jpishikawa jpishikawa
0
140
会社紹介資料 / Sansan Company Profile
Avatar for Sansan, Inc. sansan33
PRO
15
400k
Cosmos World Foundation Model Platform for Physical AI
Avatar for Takuya MINAGAWA takmin
0
970
量子クラウドサービスの裏側 〜Deep Dive into OQTOPUS〜
Avatar for OQTOPUS oqtopus
0
140
[CV勉強会@関東 World Model 読み会] Orbis: Overcoming Challenges of Long-Horizon Prediction in Driving World Models (Mousakhan+, NeurIPS 2025)
Avatar for abemii_ abemii
0
150
SREのプラクティスを用いた3領域同時 マネジメントへの挑戦 〜SRE・情シス・セキュリティを統合した チーム運営術〜
Avatar for coconala_engineer coconala_engineer
2
770
~Everything as Codeを諦めない~ 後からCDK
Avatar for mu7889yoon / Yuta Nakamura mu7889yoon
3
480
Codex 5.3 と Opus 4.6 にコーポレートサイトを作らせてみた / Codex 5.3 vs Opus 4.6
Avatar for ama-ch ama_ch
0
200
Agent Skils
Avatar for ディップ株式会社 dip_tech
PRO
0
130
フルカイテン株式会社 エンジニア向け採用資料
Avatar for FULL KAITEN fullkaiten
0
10k
【Oracle Cloud ウェビナー】[Oracle AI Database + AWS] Oracle Database@AWSで広がるクラウドの新たな選択肢とAI時代のデータ戦略
Avatar for oracle4engineer oracle4engineer
PRO
2
180
顧客との商談議事録をみんなで読んで顧客解像度を上げよう
Avatar for shibayu36 shibayu36
0
290

Featured

See All Featured
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4.2k
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
330
40k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
34
2.6k
<Decoding/> the Language of Devs - We Love SEO 2024
Avatar for Nikki Halliwell nikkihalliwell
1
130
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.6k
How To Speak Unicorn (iThemes Webinar)
Avatar for Michelle Schulp Hunt marktimemedia
1
380
Building Experiences: Design Systems, User Experience, and Full Site Editing
Avatar for Michelle Schulp Hunt marktimemedia
0
410
Crafting Experiences
Avatar for Bethany Jepchumba bethany
1
50
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
51
51k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
275
41k
Google's AI Overviews - The New Search
Avatar for Barry Adams badams
0
910
Sam Torres - BigQuery for SEOs
Avatar for Tech SEO Connect techseoconnect
PRO
0
190

Transcript

  1. 13 December 2018 • Raden Ardiansyah Natakusumah • FintechNite •

    UnionSPACE, Jakarta Security stories in online payment company

  2. https://about.me/r_u_l_l_y

  3. Newbie

  4. 14.5 years

  5. None
  6. None
  7. None
  8. None
  9. None

  10. Registered Penetration Tester

  11. Practitioner Security Analyst

  12. None
  13. None

  14. The Story ….

  15. Online Payment Company

  16. Potential Employees

  17. Minimize the Risk

  18. Human Resource Department

  19. Background Checks

  20. Criminal Record

  21. Reference Checks

  22. Credit History

  23. 1st Day!

  24. Onboarding Process

  25. Security Awareness Training

  26. All New Hires

  27. Information Security Policy

  28. And Other Policies

  29. Developer

  30. Secure Coding Training

  31. Incident Response Team

  32. From various departments

  33. Incident Response Training

  34. See You Next Year!

  35. Time to work!

  36. Don’t forget …

  37. Use Badge

  38. Infra Team

  39. Review the Network Diagram

  40. Review the configuration

  41. Review the rules

  42. Update patches

  43. Support Team

  44. Anti Malware, Personal Firewall

  45. Change default credential, default configuration

  46. Asset inventory

  47. Dev Team

  48. Develop Secure Applications

  49. Secure Coding Guidelines

  50. OWASP, SANS CWE Top 25

  51. Security Team

  52. Security Code Review

  53. Vulnerability Assessment

  54. Penetration Testing

  55. Examine documents changes

  56. Business Justification? Tested? Approved?

  57. Monitoring

  58. Logs, Security Events

  59. At a time ….

  60. Incident occurred

  61. Incident Response Plan

  62. Roles, responsibilities, and communication

  63. Follow the procedure

  64. Post-incident investigation

  65. Business Team

  66. Business Needs

  67. External Entity

  68. Regulator

  69. Need compliance!

  70. None

  71. ISO 27001

  72. PCI DSS

  73. Not that hard

  74. Why?

  75. Focus

  76. Security

  77. Not Compliance

  78. Security

  79. ALL responsibility

  80. Security

  81. Business as Usual

  82. Questions?

  83. Lawrence Lessig method - 2005

  84. 84 LET’S GO.