Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security stories in online payment company
Search
Raden Ardiansyah Natakusumah
December 13, 2018
Technology
0
26
Security stories in online payment company
Raden Ardiansyah Natakusumah
December 13, 2018
Tweet
Share
More Decks by Raden Ardiansyah Natakusumah
See All by Raden Ardiansyah Natakusumah
Bug Bounty: Do and Don’t
rully
0
62
Protect your business with PCI DSS
rully
0
42
Intrusion Prevention System based on Machine Learning
rully
0
160
PCI DSS Security Awareness
rully
0
160
Other Decks in Technology
See All in Technology
広告の効果検証を題材にした因果推論の精度検証について
zozotech
PRO
0
210
Agile Leadership Summit Keynote 2026
m_seki
1
670
Bedrock PolicyでAmazon Bedrock Guardrails利用を強制してみた
yuu551
0
260
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
5
1.6k
Why Organizations Fail: ノーベル経済学賞「国家はなぜ衰退するのか」から考えるアジャイル組織論
kawaguti
PRO
1
180
コンテナセキュリティの最新事情 ~ 2026年版 ~
kyohmizu
6
1.4k
仕様書駆動AI開発の実践: Issue→Skill→PRテンプレで 再現性を作る
knishioka
2
680
マネージャー視点で考えるプロダクトエンジニアの評価 / Evaluating Product Engineers from a Manager's Perspective
hiro_torii
0
180
AI駆動開発を事業のコアに置く
tasukuonizawa
1
360
会社紹介資料 / Sansan Company Profile
sansan33
PRO
15
400k
SchooでVue.js/Nuxtを技術選定している理由
yamanoku
3
200
ランサムウェア対策としてのpnpm導入のススメ
ishikawa_satoru
0
220
Featured
See All Featured
A Modern Web Designer's Workflow
chriscoyier
698
190k
Typedesign – Prime Four
hannesfritz
42
3k
Optimising Largest Contentful Paint
csswizardry
37
3.6k
Measuring Dark Social's Impact On Conversion and Attribution
stephenakadiri
1
130
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
65
4 Signs Your Business is Dying
shpigford
187
22k
Crafting Experiences
bethany
1
50
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
57
New Earth Scene 8
popppiees
1
1.5k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.1k
Making the Leap to Tech Lead
cromwellryan
135
9.7k
Producing Creativity
orderedlist
PRO
348
40k
Transcript
13 December 2018 • Raden Ardiansyah Natakusumah • FintechNite •
UnionSPACE, Jakarta Security stories in online payment company
https://about.me/r_u_l_l_y
Newbie
14.5 years
None
None
None
None
None
Registered Penetration Tester
Practitioner Security Analyst
None
None
The Story ….
Online Payment Company
Potential Employees
Minimize the Risk
Human Resource Department
Background Checks
Criminal Record
Reference Checks
Credit History
1st Day!
Onboarding Process
Security Awareness Training
All New Hires
Information Security Policy
And Other Policies
Developer
Secure Coding Training
Incident Response Team
From various departments
Incident Response Training
See You Next Year!
Time to work!
Don’t forget …
Use Badge
Infra Team
Review the Network Diagram
Review the configuration
Review the rules
Update patches
Support Team
Anti Malware, Personal Firewall
Change default credential, default configuration
Asset inventory
Dev Team
Develop Secure Applications
Secure Coding Guidelines
OWASP, SANS CWE Top 25
Security Team
Security Code Review
Vulnerability Assessment
Penetration Testing
Examine documents changes
Business Justification? Tested? Approved?
Monitoring
Logs, Security Events
At a time ….
Incident occurred
Incident Response Plan
Roles, responsibilities, and communication
Follow the procedure
Post-incident investigation
Business Team
Business Needs
External Entity
Regulator
Need compliance!
None
ISO 27001
PCI DSS
Not that hard
Why?
Focus
Security
Not Compliance
Security
ALL responsibility
Security
Business as Usual
Questions?
Lawrence Lessig method - 2005
84 LET’S GO.
rully
zozotech
m_seki
yuu551
oracle4engineer
kawaguti
kyohmizu
knishioka
.jpg){kind=avatar}
hiro_torii
tasukuonizawa
sansan33
yamanoku
ishikawa_satoru
chriscoyier
hannesfritz
csswizardry
stephenakadiri
techseoconnect
shpigford
bethany
marketingsoph
popppiees
aleyda
cromwellryan
orderedlist
