Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security stories in online payment company
Search
Raden Ardiansyah Natakusumah
December 13, 2018
Technology
0
20
Security stories in online payment company
Raden Ardiansyah Natakusumah
December 13, 2018
Tweet
Share
More Decks by Raden Ardiansyah Natakusumah
See All by Raden Ardiansyah Natakusumah
Bug Bounty: Do and Don’t
rully
0
54
Protect your business with PCI DSS
rully
0
36
Intrusion Prevention System based on Machine Learning
rully
0
160
PCI DSS Security Awareness
rully
0
150
Other Decks in Technology
See All in Technology
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
2.1k
AOAI をきっかけに 社内の Azure 管理を見直した話
recruitengineers
PRO
1
430
The AI Revolution Will Not Be Monopolized: Behind the scenes
inesmontani
PRO
1
150
Azure Container Apps + Bicep 〜 こんな感じで運用しています
kaz29
3
610
Python と Snowflake はズッ友だょ!~ Snowflake の Python 関連機能をふりかえる ~
__allllllllez__
2
140
一生覚えておきたい「システム開発=コミュニケーション」〜初めての実務案件振り返りLT〜
maimyyym
2
250
R3のコードから見る実践LINQ実装最適化・コンカレントプログラミング実例
neuecc
3
1.9k
Além do else! Categorizando Pokemóns com Pattern Matching no JavaScript
wmsbill
0
700
EM完全に理解した と思ったけど、 やっぱり何も分からなかった話 / EM Night Fukuoka #1
hirutas
0
270
コードファーストの考え方。 Amplify Gen2から学ぶAWS次世代のWeb開発体験
yoshiitaka
1
270
【SORACOM UG 東海】あらゆるモノがつながる社会へ、IoT と SORACOM
soracom
PRO
1
130
データベース02: データベースの概念
trycycle
0
180
Featured
See All Featured
Clear Off the Table
cherdarchuk
85
310k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
358
22k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
A Philosophy of Restraint
colly
197
16k
Optimizing for Happiness
mojombo
370
69k
Agile that works and the tools we love
rasmusluckow
325
20k
Building Effective Engineering Teams - LeadDev
addyosmani
31
1.9k
Designing on Purpose - Digital PM Summit 2013
jponch
111
6.5k
Faster Mobile Websites
deanohume
300
30k
Atom: Resistance is Futile
akmur
260
25k
Rails Girls Zürich Keynote
gr2m
91
13k
Code Review Best Practice
trishagee
56
15k
Transcript
13 December 2018 • Raden Ardiansyah Natakusumah • FintechNite •
UnionSPACE, Jakarta Security stories in online payment company
https://about.me/r_u_l_l_y
Newbie
14.5 years
None
None
None
None
None
Registered Penetration Tester
Practitioner Security Analyst
None
None
The Story ….
Online Payment Company
Potential Employees
Minimize the Risk
Human Resource Department
Background Checks
Criminal Record
Reference Checks
Credit History
1st Day!
Onboarding Process
Security Awareness Training
All New Hires
Information Security Policy
And Other Policies
Developer
Secure Coding Training
Incident Response Team
From various departments
Incident Response Training
See You Next Year!
Time to work!
Don’t forget …
Use Badge
Infra Team
Review the Network Diagram
Review the configuration
Review the rules
Update patches
Support Team
Anti Malware, Personal Firewall
Change default credential, default configuration
Asset inventory
Dev Team
Develop Secure Applications
Secure Coding Guidelines
OWASP, SANS CWE Top 25
Security Team
Security Code Review
Vulnerability Assessment
Penetration Testing
Examine documents changes
Business Justification? Tested? Approved?
Monitoring
Logs, Security Events
At a time ….
Incident occurred
Incident Response Plan
Roles, responsibilities, and communication
Follow the procedure
Post-incident investigation
Business Team
Business Needs
External Entity
Regulator
Need compliance!
None
ISO 27001
PCI DSS
Not that hard
Why?
Focus
Security
Not Compliance
Security
ALL responsibility
Security
Business as Usual
Questions?
Lawrence Lessig method - 2005
84 LET’S GO.