SlideShare a Scribd company logo

Mosaic Theory of Information Security — As presented at Abstractions II

Download as PPTX, PDF
M
Margaret Fero

In finance, a concept called mosaic theory says that non-material information in sufficient quantities can be combined to constitute useful information. Investment analysts using this principle combine non-material information to develop significant insights into companies’ upcoming results without verging into insider trading. In other words, a lot of insignificant details, like you might post to social media, can be combined to deduce significant aspects of your or your organization’s private data. In non-financial information security, a similar principle applies. Small divergences from usual patterns can, when combined together, give a competitor or potential attacker hints about your organization’s strategy, upcoming product launches, or your private personal information. In this talk, we discuss types of information you want to avoid posting about yourself or watch out for in your organization’s social media postings to avoid unintentional disclosures.

Software
1 of 25
Mosaic Theory of Information Security Margaret Fero Technical Writer | Degreed Maggie@degreed.com Abstractions II - 20191
FIRST: Disclaimers 2 I’m not a lawyer, a financial advisor, the SEC, or in any way entitled to make expert judgements on what is or is not legal or insider trading. This whole talk is provided without warranty or guarantee. This is not legal advice. This is not financial advice. I’m going to talk about how legal and financial concepts work in a general sense based on a layperson’s understanding so we can all have a shared basis from which to discuss their applicability to information security. Do not make financial or legal decisions based on any information in this talk. Talk to actual experts if you feel inspired to make financial or legal decisions after watching this talk, do not rely on my information here. I am not an Expert on insider trading regulations, but I have enough of a general idea to use them as an allegory for a security problem.
Agenda Agenda Slide "Pomposa Abbey" by Verity Cridland is licensed under CC BY 2.04 About Mosaic Theory Some Examples What To Watch Out For Conclusion
Why mosaic theory? Money Stuff by Matt Levine https://www.bloomberg.com/opinion/articles/2018-03-18/equifax-exec-sold-stock-after-hack-was-it-insider-trading5
Every day, professional investors and research analysts work the phones to ferret out information about companies that can’t be found by simply reading news releases. Andrew Ross Sorkin New York Times Dealbook Column November 29, 2010 https://dealbook.nytimes.com/2010/11/29/just-tidbits-or-material-facts-for-insider-trading/ ; "Puzzling" by byzantiumbooks is licensed under CC BY 2.0 6
What counts as insider trading? Insider Trading (Bad) • “Material” information direct from a reputable source • Information comes packaged together • Information is useful alone Skilled Financial Analysis (Good) • “Immaterial” information from multiple sources • You combine information to create useful packages • Individual pieces of information are not as useful as the whole 7
Insider Trading This is bad. https://www.sec.gov/news/press-release/2014-2218
Financial Analysis This is good! 9
To review: Insider Trading (Bad) Skilled Financial Analysis (Good) 10
Why should I care as a technologist? "Frank, September 4, 2011 - keyboard" by pat00139 is licensed under CC BY 2.0
You also have information. Material non-public information • Usernames and passwords • Users’ PII • Details of unreleased features Immaterial or public information • Press releases • Job ads • Group pictures from an onsite 12
Material Information This is bad to release. https://www.darkreading.com/cloud/moviepass-leaves-credit-card-numbers-personal-data-exposed-online/d/d-id/133559413
Immaterial Information This is good to release! …Right? 14 • Travel opportunities • Employee sabbaticals • Employee travel (blog breaks, etc) • Onsite timing
What should I watch for?
Trends. Expressed interest in M&A "attention" is licensed under CC0 1.0 ; "Penknife_Swiss-Army-Knife__51220" by Public Domain Photos is licensed under CC BY 2.0 ; Lever Logo is owned by Lever; ":)" by gfairchild is licensed under CC BY 2.0 16 Mentions of Tooling Job Posts & Resignations Employee Sentiment
Disclaimer (again): The tools I’m about to mention are risky because they’re useful! Banning these tools is not a good mitigation strategy. "Lego bricks" by EEPaul is licensed under CC BY 2.017
Expressed Interest in M&A 18 • LinkedIn posts • Conference attendance or course completion • Forum posts • Meetup membership or attendance • Job postings
Mentions of Tooling 19 • Job post contents • Employees’ role descriptions on LinkedIn or networking sites • Meetup membership or attendance • Vendor forum membership
Job Posts & Resignations 20 • Your career site • Your ATS or LinkedIn • Recent alumni’s LinkedIn or social media • Your blog
Employee Sentiment 21 • Social media • Press mentions • Conversations on public transit • Conversations near your office
Other Information To Watch 22 • Instagram posts • LinkedIn group membership • Meetup and conference attendance • Vacation responders
What Now?
Don’t despair, just be aware! "Full Rainbow at Sunrise at Columbia River in Washington" by Landscapes in The West is licensed under CC PDM 1.0
Thank you! @maggiefero You can ask questions in the hallway now, or on Twitter later! Maggie@degreed.com Degreed.com/maggiefero Linkedin.com/in/margaretfero 25

Recommended

Piecing Together Your Personal Privacy Profile (CPV 2021)
Piecing Together Your Personal Privacy Profile (CPV 2021)Piecing Together Your Personal Privacy Profile (CPV 2021)
Piecing Together Your Personal Privacy Profile (CPV 2021)Margaret Fero
 
Technical Writing Overview: WTD Nigeria
Technical Writing Overview: WTD NigeriaTechnical Writing Overview: WTD Nigeria
Technical Writing Overview: WTD NigeriaMargaret Fero
 
Mosaic Theory of Information Security: For Technical Writers
Mosaic Theory of Information Security: For Technical WritersMosaic Theory of Information Security: For Technical Writers
Mosaic Theory of Information Security: For Technical WritersMargaret Fero
 
We Didn’t Know Until We Knew: A Journey Through End Times — As presented at A...
We Didn’t Know Until We Knew: A Journey Through End Times — As presented at A...We Didn’t Know Until We Knew: A Journey Through End Times — As presented at A...
We Didn’t Know Until We Knew: A Journey Through End Times — As presented at A...Margaret Fero
 
Cross-Functional Code Reviews - As presented at O'Reilly OSCON 2019
Cross-Functional Code Reviews - As presented at O'Reilly OSCON 2019Cross-Functional Code Reviews - As presented at O'Reilly OSCON 2019
Cross-Functional Code Reviews - As presented at O'Reilly OSCON 2019Margaret Fero
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 

Recommended

Piecing Together Your Personal Privacy Profile (CPV 2021)
Piecing Together Your Personal Privacy Profile (CPV 2021)Piecing Together Your Personal Privacy Profile (CPV 2021)
Piecing Together Your Personal Privacy Profile (CPV 2021)Margaret Fero
 
Technical Writing Overview: WTD Nigeria
Technical Writing Overview: WTD NigeriaTechnical Writing Overview: WTD Nigeria
Technical Writing Overview: WTD NigeriaMargaret Fero
 
Mosaic Theory of Information Security: For Technical Writers
Mosaic Theory of Information Security: For Technical WritersMosaic Theory of Information Security: For Technical Writers
Mosaic Theory of Information Security: For Technical WritersMargaret Fero
 
We Didn’t Know Until We Knew: A Journey Through End Times — As presented at A...
We Didn’t Know Until We Knew: A Journey Through End Times — As presented at A...We Didn’t Know Until We Knew: A Journey Through End Times — As presented at A...
We Didn’t Know Until We Knew: A Journey Through End Times — As presented at A...Margaret Fero
 
Cross-Functional Code Reviews - As presented at O'Reilly OSCON 2019
Cross-Functional Code Reviews - As presented at O'Reilly OSCON 2019Cross-Functional Code Reviews - As presented at O'Reilly OSCON 2019
Cross-Functional Code Reviews - As presented at O'Reilly OSCON 2019Margaret Fero
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 

More Related Content

Recently uploaded

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 

Recently uploaded (20)

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 

Featured

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 

Featured (20)

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 

Mosaic Theory of Information Security — As presented at Abstractions II

  • 1. Mosaic Theory of Information Security Margaret Fero Technical Writer | Degreed Maggie@degreed.com Abstractions II - 20191
  • 2. FIRST: Disclaimers 2 I’m not a lawyer, a financial advisor, the SEC, or in any way entitled to make expert judgements on what is or is not legal or insider trading. This whole talk is provided without warranty or guarantee. This is not legal advice. This is not financial advice. I’m going to talk about how legal and financial concepts work in a general sense based on a layperson’s understanding so we can all have a shared basis from which to discuss their applicability to information security. Do not make financial or legal decisions based on any information in this talk. Talk to actual experts if you feel inspired to make financial or legal decisions after watching this talk, do not rely on my information here. I am not an Expert on insider trading regulations, but I have enough of a general idea to use them as an allegory for a security problem.
  • 3.
  • 4. Agenda Agenda Slide "Pomposa Abbey" by Verity Cridland is licensed under CC BY 2.04 About Mosaic Theory Some Examples What To Watch Out For Conclusion
  • 5. Why mosaic theory? Money Stuff by Matt Levine https://www.bloomberg.com/opinion/articles/2018-03-18/equifax-exec-sold-stock-after-hack-was-it-insider-trading5
  • 6. Every day, professional investors and research analysts work the phones to ferret out information about companies that can’t be found by simply reading news releases. Andrew Ross Sorkin New York Times Dealbook Column November 29, 2010 https://dealbook.nytimes.com/2010/11/29/just-tidbits-or-material-facts-for-insider-trading/ ; "Puzzling" by byzantiumbooks is licensed under CC BY 2.0 6
  • 7. What counts as insider trading? Insider Trading (Bad) • “Material” information direct from a reputable source • Information comes packaged together • Information is useful alone Skilled Financial Analysis (Good) • “Immaterial” information from multiple sources • You combine information to create useful packages • Individual pieces of information are not as useful as the whole 7
  • 8. Insider Trading This is bad. https://www.sec.gov/news/press-release/2014-2218
  • 11. Why should I care as a technologist? "Frank, September 4, 2011 - keyboard" by pat00139 is licensed under CC BY 2.0
  • 12. You also have information. Material non-public information • Usernames and passwords • Users’ PII • Details of unreleased features Immaterial or public information • Press releases • Job ads • Group pictures from an onsite 12
  • 13. Material Information This is bad to release. https://www.darkreading.com/cloud/moviepass-leaves-credit-card-numbers-personal-data-exposed-online/d/d-id/133559413
  • 14. Immaterial Information This is good to release! …Right? 14 • Travel opportunities • Employee sabbaticals • Employee travel (blog breaks, etc) • Onsite timing
  • 15. What should I watch for?
  • 16. Trends. Expressed interest in M&A "attention" is licensed under CC0 1.0 ; "Penknife_Swiss-Army-Knife__51220" by Public Domain Photos is licensed under CC BY 2.0 ; Lever Logo is owned by Lever; ":)" by gfairchild is licensed under CC BY 2.0 16 Mentions of Tooling Job Posts & Resignations Employee Sentiment
  • 17. Disclaimer (again): The tools I’m about to mention are risky because they’re useful! Banning these tools is not a good mitigation strategy. "Lego bricks" by EEPaul is licensed under CC BY 2.017
  • 18. Expressed Interest in M&A 18 • LinkedIn posts • Conference attendance or course completion • Forum posts • Meetup membership or attendance • Job postings
  • 19. Mentions of Tooling 19 • Job post contents • Employees’ role descriptions on LinkedIn or networking sites • Meetup membership or attendance • Vendor forum membership
  • 20. Job Posts & Resignations 20 • Your career site • Your ATS or LinkedIn • Recent alumni’s LinkedIn or social media • Your blog
  • 21. Employee Sentiment 21 • Social media • Press mentions • Conversations on public transit • Conversations near your office
  • 22. Other Information To Watch 22 • Instagram posts • LinkedIn group membership • Meetup and conference attendance • Vacation responders
  • 24. Don’t despair, just be aware! "Full Rainbow at Sunrise at Columbia River in Washington" by Landscapes in The West is licensed under CC PDM 1.0
  • 25. Thank you! @maggiefero You can ask questions in the hallway now, or on Twitter later! Maggie@degreed.com Degreed.com/maggiefero Linkedin.com/in/margaretfero 25

Editor's Notes

  1. Specifically, Matt Levine’s March 2018 column “Deductive Reasoning or Insider Trading? It's a Tough Call”, which referenced the mosaic theory. That was the first time I’d encountered the term, but I dove down a learning rabbit hole from there.
  2. A research analyst told a trader he was going to change the ratings for certain stocks. This was material, because it was a single piece of information that would by itself cause the market to move, and it was provided by a known insider to a direct contact (removing the risk of guesses based on agglomerated immaterial information).
  3. This held that immaterial information was tipped to analysts, who were able to combine it with public financial disclosures and other materials to form a basis for trading. This case also did involve some insider trading resulting from a subsequent leak, but it was not all insider trading.
  4. “After working with Hussein to review sample datasets, TechCrunch reports exposed records contain sufficient information to commit credit card fraud. In a sample of 1,000 records, more than half had a MoviePass member card number, balance, and expiration. The server also contained records of failed login attempts. None of the data on the server was encrypted.”
  5. I love an analogy from Sarah Harvey, a security/privacy engineer at Square, who compares data to lego bricks. You can put them together to build cool things with them, but if you don’t clean them up they hurt A LOT to step on. It’s easier to avoid stepping on one if you have an idea of where they all are, and I’m hoping everyone takes away an idea that these might be places your organization has piles of stray lego.