SlideShare a Scribd company logo

The 10 Principles of Security First

Georgian
Georgian

Privacy and security have become issues that are making or breaking businesses. A steady stream of data breaches over the past few years has shown that organisations must now take a proactive approach to security across their entire business. Yevgeniy Vahlis, Director of Security First at Georgian Partners introduces principles to help both reduce your exposure as well as start to make security a competitive differentiator for your organization.

Technology
1 of 55
Download to read offline
The 10 Principles Security First 1 How to Differentiate Your Business By Making Security a Priority The 10 Principles of Security First
The 10 Principles Security First 2The 10 Principles Security First 2 It’s thinking about your company’s security holistically from the ground up. Security first is a mindset.
The 10 Principles Security First 3 That means looking beyond technical considerations to see where security fits into your… Business model Software development People and hiring practices Pricing Approach to partnerships Marketing Research and innovation ✔ ✔ ✔ ✔ ✔ ✔ ✔
The 10 Principles Security First 4The 10 Principles Security First 4 That’s important because by putting security first you’ll not only keep your business safe...
The 10 Principles Security First 5 You’ll also be able to differentiate yourself from your competitors by creating better experiences for your customers.
The 10 Principles Security First 6The 10 Principles Security First 6 To help you better understand security first, we’ve put together 10 principles to orient your thinking.
The 10 Principles Security First 7The 10 Principles Security First 7 Start now. 1
The 10 Principles Security First 8 Introducing privacy and security too late can come at a high cost...
The 10 Principles Security First 9 Being forced to undo every decision you’ve ever made that’s had a security implication.
The 10 Principles Security First 10The 10 Principles Security First 10 Don’t make that mistake. Start introducing a security first mindset into your business today.
The 10 Principles Security First 11The 10 Principles Security First 11 Make security everyone’s responsibility. 2
The 10 Principles Security First 12 Although it must start at the top, no one should be exempt from being responsible for security.
The 10 Principles Security First 13The 10 Principles Security First 13 Plus, it has to be communicated clearly and regularly.
The 10 Principles Security First 14 That’s because security needs to be embedded in all aspects of the business, including culture, hiring, business strategy, technology and promotion.
The 10 Principles Security First 15The 10 Principles Security First 15 Create new value through security and privacy. 3
The 10 Principles Security First 16The 10 Principles Security First 16 Make your commitment to security and privacy a competitive differentiator.
The 10 Principles Security First 17 If you get it right, you can win against your competitors.
The 10 Principles Security First 18 Plus, your users will be willing to give you more data and more rights to extract value from that data.
The 10 Principles Security First 19 To achieve this, you need to show your users that there are mechanisms in place to protect them, and that you will meet the security and privacy expectations that you set.
The 10 Principles Security First 20The 10 Principles Security First 20 Seek out synergies between security and function. 4
The 10 Principles Security First 21 Security has historically been viewed as a cost. To get it, you had to trade off functionality.
The 10 Principles Security First 22The 10 Principles Security First 22 But it doesn’t have to be that way.
The 10 Principles Security First 23 If you start with security early, you can build unique functionality on top to come up with a stronger offering.
The 10 Principles Security First 24 Look for opportunities to improve security, reduce user friction and increase product functionality.
The 10 Principles Security First 25 One example is touch ID on a mobile phone for password-less authentication and a smoother user experience.
The 10 Principles Security First 26 Another is moving to a major cloud provider such as Amazon Web Services that combines functionality with much much more robust security.
The 10 Principles Security First 27The 10 Principles Security First 27 Avoid partners that weaken your security. 5
The 10 Principles Security First 28 Your business partners and third-party integrations are part of your attack surface.
The 10 Principles Security First 29 Ask them about their security and privacy stance, and work with partners who have a good approach.
The 10 Principles Security First 30 In the process, help your partners take a security first stance as a way to protect yourself.
The 10 Principles Security First 31The 10 Principles Security First 31 Always be (threat) modeling. 6
The 10 Principles Security First 32The 10 Principles Security First 32 Adversarial behavior can take many forms, shapes and sizes. Malware Credential Attacks Phishing AI model and data poisoning attacks Denial of Service Rogue Software Network Attacks Application Attacks ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
The 10 Principles Security First 33 Be creative in understanding your assets, stakeholders and the current state of all your systems, including both digital and human processes.
The 10 Principles Security First 34 Plan ahead for new attack surfaces and advances in attacker capabilities.
The 10 Principles Security First 35The 10 Principles Security First 35 involves going over every process, role, product and piece of infrastructure in your business, and identifying the threats they’re exposed to. Threat modeling
The 10 Principles Security First 36The 10 Principles Security First 36 Give customers control and oversight over their data. 7
The 10 Principles Security First 37 Software companies have traditionally assumed broad data rights through their privacy policies.
The 10 Principles Security First 38 But this approach to managing privacy is no longer compatible with legislation such as the European General Data Protection Regulation (GDPR).
The 10 Principles Security First 39 Practically speaking, you need to consider such regulations in your product and sales strategies.
The 10 Principles Security First 40The 10 Principles Security First 40 Be transparent. Give users visibility into the personal data you’re capturing and storing, and some level of control over that data.
The 10 Principles Security First 41The 10 Principles Security First 41 Design systems to reduce the impact of an attack. 8
The 10 Principles Security First 42 Breaches will happen, so ensure that your systems are designed to compartmentalize damage from attackers.
The 10 Principles Security First 43The 10 Principles Security First 43 Three approaches that have been shown to minimize the impact of a compromise are: The principle of least authority Decentralization Redundancy ✔ ✔ ✔
The 10 Principles Security First 44The 10 Principles Security First 44 Assume that reality is always worse than it appears. 9
The 10 Principles Security First 45The 10 Principles Security First 45 Complacency can be your downfall, so always approach monitoring and system assessment with a healthy dose of paranoia.
The 10 Principles Security First 46 Don’t consider any security alert or incident resolved until it has been fully investigated.
The 10 Principles Security First 47 And, to help uncover the root cause of a situation, make it part of your company culture to always ask why.
The 10 Principles Security First 48The 10 Principles Security First 48 Have a rapid remediation plan and practice using it. 10
The 10 Principles Security First 49 When a security or privacy compromise is discovered, use your well-practiced incident response plan and notify any affected customers immediately.
The 10 Principles Security First 50 Providing timely remediation is essential to protect your brand and retain customer trust.
The 10 Principles Security First 51The 10 Principles Security First 51 Effective plans will cover both the common scenarios and outliers.
The 10 Principles Security First 52 They will include a communication strategy and will evolve and adapt over time as new threats are understood and best practices for response improve.
The 10 Principles Security First 53 By putting security first, your company will not only protect your own interests, but also those of your clients.
The 10 Principles Security First 54The 10 Principles Security First 54 Start now. Make security everyone’s responsibility. Create new value through security and privacy. Seek out synergies between security and function. Avoid partners that weaken your security. That creates a big opportunity. 4 5 6 10 7 8 9 1 2 3 Always be (threat) modeling. Give customers control and oversight over their data. Design systems to reduce the impact of an attack. Assume that reality is always worse than it appears. Have a rapid remediation plan and practice using it. To take advantage of it, remember these 10 principles:
The 10 Principles Security First 55The 10 Principles Security First 55 Want to learn more about security first? Download our white paper on the “10 Principles of Security First.”

Recommended

Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overviewEnterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overviewWinton Winton
 
Learn Togaf 9.1 in 100 slides!
Learn Togaf 9.1 in 100 slides!Learn Togaf 9.1 in 100 slides!
Learn Togaf 9.1 in 100 slides!Sam Mandebvu
 
What is Differential Privacy?
What is Differential Privacy?What is Differential Privacy?
What is Differential Privacy?Georgian
 
Conversational Business - Trends
Conversational Business - TrendsConversational Business - Trends
Conversational Business - TrendsGeorgian
 
Security First: What it is and What it Means for Your Business
Security First: What it is and What it Means for Your BusinessSecurity First: What it is and What it Means for Your Business
Security First: What it is and What it Means for Your BusinessGeorgian
 
11 Principles of Applied Analytics
11 Principles of Applied Analytics11 Principles of Applied Analytics
11 Principles of Applied AnalyticsGeorgian
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

Recommended

Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overviewEnterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overviewWinton Winton
 
Learn Togaf 9.1 in 100 slides!
Learn Togaf 9.1 in 100 slides!Learn Togaf 9.1 in 100 slides!
Learn Togaf 9.1 in 100 slides!Sam Mandebvu
 
What is Differential Privacy?
What is Differential Privacy?What is Differential Privacy?
What is Differential Privacy?Georgian
 
Conversational Business - Trends
Conversational Business - TrendsConversational Business - Trends
Conversational Business - TrendsGeorgian
 
Security First: What it is and What it Means for Your Business
Security First: What it is and What it Means for Your BusinessSecurity First: What it is and What it Means for Your Business
Security First: What it is and What it Means for Your BusinessGeorgian
 
11 Principles of Applied Analytics
11 Principles of Applied Analytics11 Principles of Applied Analytics
11 Principles of Applied AnalyticsGeorgian
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 

More Related Content

Recently uploaded

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Recently uploaded (20)

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Featured

Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 

Featured (20)

Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 

The 10 Principles of Security First

  • 1. The 10 Principles Security First 1 How to Differentiate Your Business By Making Security a Priority The 10 Principles of Security First
  • 2. The 10 Principles Security First 2The 10 Principles Security First 2 It’s thinking about your company’s security holistically from the ground up. Security first is a mindset.
  • 3. The 10 Principles Security First 3 That means looking beyond technical considerations to see where security fits into your… Business model Software development People and hiring practices Pricing Approach to partnerships Marketing Research and innovation ✔ ✔ ✔ ✔ ✔ ✔ ✔
  • 4. The 10 Principles Security First 4The 10 Principles Security First 4 That’s important because by putting security first you’ll not only keep your business safe...
  • 5. The 10 Principles Security First 5 You’ll also be able to differentiate yourself from your competitors by creating better experiences for your customers.
  • 6. The 10 Principles Security First 6The 10 Principles Security First 6 To help you better understand security first, we’ve put together 10 principles to orient your thinking.
  • 7. The 10 Principles Security First 7The 10 Principles Security First 7 Start now. 1
  • 8. The 10 Principles Security First 8 Introducing privacy and security too late can come at a high cost...
  • 9. The 10 Principles Security First 9 Being forced to undo every decision you’ve ever made that’s had a security implication.
  • 10. The 10 Principles Security First 10The 10 Principles Security First 10 Don’t make that mistake. Start introducing a security first mindset into your business today.
  • 11. The 10 Principles Security First 11The 10 Principles Security First 11 Make security everyone’s responsibility. 2
  • 12. The 10 Principles Security First 12 Although it must start at the top, no one should be exempt from being responsible for security.
  • 13. The 10 Principles Security First 13The 10 Principles Security First 13 Plus, it has to be communicated clearly and regularly.
  • 14. The 10 Principles Security First 14 That’s because security needs to be embedded in all aspects of the business, including culture, hiring, business strategy, technology and promotion.
  • 15. The 10 Principles Security First 15The 10 Principles Security First 15 Create new value through security and privacy. 3
  • 16. The 10 Principles Security First 16The 10 Principles Security First 16 Make your commitment to security and privacy a competitive differentiator.
  • 17. The 10 Principles Security First 17 If you get it right, you can win against your competitors.
  • 18. The 10 Principles Security First 18 Plus, your users will be willing to give you more data and more rights to extract value from that data.
  • 19. The 10 Principles Security First 19 To achieve this, you need to show your users that there are mechanisms in place to protect them, and that you will meet the security and privacy expectations that you set.
  • 20. The 10 Principles Security First 20The 10 Principles Security First 20 Seek out synergies between security and function. 4
  • 21. The 10 Principles Security First 21 Security has historically been viewed as a cost. To get it, you had to trade off functionality.
  • 22. The 10 Principles Security First 22The 10 Principles Security First 22 But it doesn’t have to be that way.
  • 23. The 10 Principles Security First 23 If you start with security early, you can build unique functionality on top to come up with a stronger offering.
  • 24. The 10 Principles Security First 24 Look for opportunities to improve security, reduce user friction and increase product functionality.
  • 25. The 10 Principles Security First 25 One example is touch ID on a mobile phone for password-less authentication and a smoother user experience.
  • 26. The 10 Principles Security First 26 Another is moving to a major cloud provider such as Amazon Web Services that combines functionality with much much more robust security.
  • 27. The 10 Principles Security First 27The 10 Principles Security First 27 Avoid partners that weaken your security. 5
  • 28. The 10 Principles Security First 28 Your business partners and third-party integrations are part of your attack surface.
  • 29. The 10 Principles Security First 29 Ask them about their security and privacy stance, and work with partners who have a good approach.
  • 30. The 10 Principles Security First 30 In the process, help your partners take a security first stance as a way to protect yourself.
  • 31. The 10 Principles Security First 31The 10 Principles Security First 31 Always be (threat) modeling. 6
  • 32. The 10 Principles Security First 32The 10 Principles Security First 32 Adversarial behavior can take many forms, shapes and sizes. Malware Credential Attacks Phishing AI model and data poisoning attacks Denial of Service Rogue Software Network Attacks Application Attacks ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
  • 33. The 10 Principles Security First 33 Be creative in understanding your assets, stakeholders and the current state of all your systems, including both digital and human processes.
  • 34. The 10 Principles Security First 34 Plan ahead for new attack surfaces and advances in attacker capabilities.
  • 35. The 10 Principles Security First 35The 10 Principles Security First 35 involves going over every process, role, product and piece of infrastructure in your business, and identifying the threats they’re exposed to. Threat modeling
  • 36. The 10 Principles Security First 36The 10 Principles Security First 36 Give customers control and oversight over their data. 7
  • 37. The 10 Principles Security First 37 Software companies have traditionally assumed broad data rights through their privacy policies.
  • 38. The 10 Principles Security First 38 But this approach to managing privacy is no longer compatible with legislation such as the European General Data Protection Regulation (GDPR).
  • 39. The 10 Principles Security First 39 Practically speaking, you need to consider such regulations in your product and sales strategies.
  • 40. The 10 Principles Security First 40The 10 Principles Security First 40 Be transparent. Give users visibility into the personal data you’re capturing and storing, and some level of control over that data.
  • 41. The 10 Principles Security First 41The 10 Principles Security First 41 Design systems to reduce the impact of an attack. 8
  • 42. The 10 Principles Security First 42 Breaches will happen, so ensure that your systems are designed to compartmentalize damage from attackers.
  • 43. The 10 Principles Security First 43The 10 Principles Security First 43 Three approaches that have been shown to minimize the impact of a compromise are: The principle of least authority Decentralization Redundancy ✔ ✔ ✔
  • 44. The 10 Principles Security First 44The 10 Principles Security First 44 Assume that reality is always worse than it appears. 9
  • 45. The 10 Principles Security First 45The 10 Principles Security First 45 Complacency can be your downfall, so always approach monitoring and system assessment with a healthy dose of paranoia.
  • 46. The 10 Principles Security First 46 Don’t consider any security alert or incident resolved until it has been fully investigated.
  • 47. The 10 Principles Security First 47 And, to help uncover the root cause of a situation, make it part of your company culture to always ask why.
  • 48. The 10 Principles Security First 48The 10 Principles Security First 48 Have a rapid remediation plan and practice using it. 10
  • 49. The 10 Principles Security First 49 When a security or privacy compromise is discovered, use your well-practiced incident response plan and notify any affected customers immediately.
  • 50. The 10 Principles Security First 50 Providing timely remediation is essential to protect your brand and retain customer trust.
  • 51. The 10 Principles Security First 51The 10 Principles Security First 51 Effective plans will cover both the common scenarios and outliers.
  • 52. The 10 Principles Security First 52 They will include a communication strategy and will evolve and adapt over time as new threats are understood and best practices for response improve.
  • 53. The 10 Principles Security First 53 By putting security first, your company will not only protect your own interests, but also those of your clients.
  • 54. The 10 Principles Security First 54The 10 Principles Security First 54 Start now. Make security everyone’s responsibility. Create new value through security and privacy. Seek out synergies between security and function. Avoid partners that weaken your security. That creates a big opportunity. 4 5 6 10 7 8 9 1 2 3 Always be (threat) modeling. Give customers control and oversight over their data. Design systems to reduce the impact of an attack. Assume that reality is always worse than it appears. Have a rapid remediation plan and practice using it. To take advantage of it, remember these 10 principles:
  • 55. The 10 Principles Security First 55The 10 Principles Security First 55 Want to learn more about security first? Download our white paper on the “10 Principles of Security First.”