SlideShare a Scribd company logo
1 of 32
Download to read offline
Mosaic Theory of Information
Security
For Technical Writers
1
Margaret Fero
For SF Bay Chapter of the STC, November 2020
FIRST: Disclaimers
SF Bay Chapter of the STC, November 20202
I’m not a lawyer, a financial advisor, the SEC, or in any way entitled to make expert
judgements on what is or is not legal or insider trading. This whole talk is provided
without warranty or guarantee. This is not legal advice. This is not financial advice.
I’m going to talk about how legal and financial concepts work in a general sense based on
a layperson’s understanding so we can all have a shared basis from which to discuss their
applicability to information security. Do not make financial or legal decisions based on any
information in this talk. Talk to actual experts if you feel inspired to make financial or legal
decisions after watching this talk, do not rely on my information here.
I am not an Expert on insider trading regulations, but I have enough of a general idea to
use them as an allegory for a security problem.
"Cat on a wall" by digitaltemi is licensed under CC BY 2.03
4
About Me
● Currently a Software
Engineer with a focus on
Security at a small startup
● Previously a Principal
Technical Writer at
Degreed, and overall a
technical writer for over a
decade, the last 6 years of
it full-time
● Hold security certifications
including the GSEC,
GCIH, and GCIA
About Mosaic Theory
Agenda
1
2
5
3
Some Examples, General and Specific to TechComm
What To Watch Out For
4 Conclusion
5 Questions
About Mosaic Theory
6
Why mosaic
theory?
7
Money Stuff by Matt
Levine
https://www.bloomberg.com/opinion/articles/2018-03-18/equifax-exec-sold-stock-after-hack-was-it-insider-
trading
What’s Insider Trading?
8
https://www.investor.gov/additional-resources/general-resources/glossary/insider-trading
What’s Insider Trading?
9
https://www.investor.gov/additional-resources/general-resources/glossary/insider-trading
Every day, professional investors and
research analysts work the phones to
ferret out information about companies that
can’t be found by simply reading news
releases.
10
Andrew Ross Sorkin
New York Times Dealbook Column
November 29, 2010
https://dealbook.nytimes.com/2010/11/29/just-tidbits-or-material-
facts-for-insider-trading/ ;
"Puzzling" by byzantiumbooks is licensed under CC BY 2.0
● “Material” information
direct from a reputable
source
● Information comes
packaged together
● Information is useful alone
What counts as insider trading?
11
● “Immaterial” information
from multiple sources
● You combine information
to create useful packages
● Individual pieces of
information are not as
useful as the whole
Insider Trading
(Bad)
Skilled
Financial
Analysis (Good)
Some Examples
12
Insider Trading
This is bad.
13 https://www.sec.gov/news/press-release/2020-27
Another Example of Alleged Insider Trading
This one still hasn’t gone to trial, so it may be okay, but it also sounds bad.
14 https://www.sec.gov/news/press-release/2020-228
Skilled Financial Analysis
This is good!
15
To Review
Insider
Trading
Bad.
16
Skilled
Financial
Analysis
Good, actually!
17 "Frank, September 4, 2011 - keyboard" by pat00139 is licensed under CC BY 2.0
Why should I care as a
technical writer?
You also have information.
18
Material non-
public
information
● Details of unreleased
features
● Internal approvals or QA
processes
● Product roadmaps
● Usage data
● Company costs
Immaterial or
public
information
● Press release archives
● Job ads
● Your company’s website
● Your colleague’s lunch
preferences
● Published documentation
Material
Information
19
This is bad to release.
https://www.darkreading.com/cloud/hotelscom-and-expedia-provider-exposes-millions-of-guests-data/d/d-id/1339407
Immaterial
Information
20
● Travel opportunities
● Employee
sabbaticals
● Employee travel
● Onsite/Offsite timing
● Food preferences
● Release schedule
This is good to release!
...right?
What should I watch for?
21
22
High-Risk Categories
Job Posts &
Resignations
Employee
Sentiment
Feature
Details
Tooling Compliance
Changes
"Sharpest tool in the shed" by Lachlan is licensed under CC BY 2.0; "Slides Box Paperwork" by cdsessums is licensed
under CC BY-SA 2.0; "Job Listings" by flazingo_photos is licensed under CC BY-SA 2.0; "Thumbs Up" by Learn4Life is
licensed under CC BY-SA 2.0; "Project Management Plan" by perhapstoopink is licensed under CC BY 2.0
Disclaimer
(again):
23
The tools I’m about to
mention are risky
because they’re useful!
Banning these tools is
not a good mitigation
strategy.
"Lego bricks" by EEPaul is licensed under CC BY 2.0
● Job post contents
● Employees’ role descriptions on LinkedIn or networking sites
● Meetup membership or attendance
● Vendor forum membership
● Event or networking conversations
Tooling
24
25
Compliance Changes
● LinkedIn posts
● Conference attendance or course completion
● Forum posts
● Meetup membership or attendance
● Job postings
● Joining professional organizations or networks
26
Job Posts & Resignations
● Your career site
● Your ATS or company LinkedIn page
● Recent alumni’s LinkedIn or social media accounts
● Your company or product blog, or individuals’ blogs
● Networking conversations
27
Employee Sentiment
● Social media
● Press mentions
● Glassdoor reviews
● Networking Slacks and Discords
● Conversations on public transit (someday...)
● Conversations near your office (someday...)
28
Feature Details
● “Coming Soon” listings or sections
● Company blog
● Descriptions of what individual employees are working on
● Documented defaults
● Documented settings
● Documented procedures, processes, and overrides
29
Other Information You Have
● Instagram posts
● Vacation responders
● Individual Preferences
What Now?
30
Don’t despair, just
be aware!"Full Rainbow at Sunrise at Columbia River in Washington" by Landscapes in The West is licensed under CC PDM 1.0
Thank you!
Questions?
@maggiefero
Linkedin.com/in/margaretfero
Degreed.com/maggiefero
32

More Related Content

Similar to Mosaic Theory of Information Security: For Technical Writers

10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdf10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdfCIO Look Magazine
 
Fortinet: The New CISO – From Technology to Business Focused Leadership
Fortinet: The New CISO – From Technology to Business Focused LeadershipFortinet: The New CISO – From Technology to Business Focused Leadership
Fortinet: The New CISO – From Technology to Business Focused LeadershipMighty Guides, Inc.
 
Towards a Trustmark for IoT (May 2018)
Towards a Trustmark for IoT (May 2018)Towards a Trustmark for IoT (May 2018)
Towards a Trustmark for IoT (May 2018)Peter Bihr
 
Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)Peter Bihr
 
Bitclave - investment attractiveness report (Digital Rating Agency)
Bitclave -  investment attractiveness report (Digital Rating Agency)Bitclave -  investment attractiveness report (Digital Rating Agency)
Bitclave - investment attractiveness report (Digital Rating Agency)digitalrating
 
Everything Blockchain Presentation - June 2021
 Everything Blockchain Presentation - June 2021 Everything Blockchain Presentation - June 2021
Everything Blockchain Presentation - June 2021RedChip Companies, Inc.
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity  (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity  (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Berezha Security Group
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version   ...Four mistakes to avoid when hiring your next security chief (print version   ...
Four mistakes to avoid when hiring your next security chief (print version ...Niren Thanky
 
Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)Peter Bihr
 
Dimensions Network – investment attractiveness report (Digital Rating Agency)
Dimensions Network – investment attractiveness report (Digital Rating Agency)Dimensions Network – investment attractiveness report (Digital Rating Agency)
Dimensions Network – investment attractiveness report (Digital Rating Agency)digitalrating
 
Jincor - investment attractiveness report (Digital Rating Agency)
Jincor - investment attractiveness report (Digital Rating Agency)Jincor - investment attractiveness report (Digital Rating Agency)
Jincor - investment attractiveness report (Digital Rating Agency)digitalrating
 
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Mighty Guides, Inc.
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...Resourceful Nonprofit
 
Cointelligence - ICO Rating Report Q2-Q3 2018
Cointelligence - ICO Rating Report Q2-Q3 2018Cointelligence - ICO Rating Report Q2-Q3 2018
Cointelligence - ICO Rating Report Q2-Q3 2018Cointelligence
 
Designing business models with blockchain
Designing business models with blockchainDesigning business models with blockchain
Designing business models with blockchainMarco Bar Goria
 
The Top 5 Mistakes in Blockchain Projects Implementation | Bockchain Adoption...
The Top 5 Mistakes in Blockchain Projects Implementation | Bockchain Adoption...The Top 5 Mistakes in Blockchain Projects Implementation | Bockchain Adoption...
The Top 5 Mistakes in Blockchain Projects Implementation | Bockchain Adoption...Fluence.sh
 

Similar to Mosaic Theory of Information Security: For Technical Writers (20)

10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdf10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdf
 
(Webinar Slides) How to Ethically Use Technology in Your Practice
(Webinar Slides) How to Ethically Use Technology in Your Practice(Webinar Slides) How to Ethically Use Technology in Your Practice
(Webinar Slides) How to Ethically Use Technology in Your Practice
 
Fortinet: The New CISO – From Technology to Business Focused Leadership
Fortinet: The New CISO – From Technology to Business Focused LeadershipFortinet: The New CISO – From Technology to Business Focused Leadership
Fortinet: The New CISO – From Technology to Business Focused Leadership
 
Towards a Trustmark for IoT (May 2018)
Towards a Trustmark for IoT (May 2018)Towards a Trustmark for IoT (May 2018)
Towards a Trustmark for IoT (May 2018)
 
Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)
 
Bitclave - investment attractiveness report (Digital Rating Agency)
Bitclave -  investment attractiveness report (Digital Rating Agency)Bitclave -  investment attractiveness report (Digital Rating Agency)
Bitclave - investment attractiveness report (Digital Rating Agency)
 
Everything Blockchain Presentation - June 2021
 Everything Blockchain Presentation - June 2021 Everything Blockchain Presentation - June 2021
Everything Blockchain Presentation - June 2021
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity  (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity  (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version   ...Four mistakes to avoid when hiring your next security chief (print version   ...
Four mistakes to avoid when hiring your next security chief (print version ...
 
Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)
 
Dimensions Network – investment attractiveness report (Digital Rating Agency)
Dimensions Network – investment attractiveness report (Digital Rating Agency)Dimensions Network – investment attractiveness report (Digital Rating Agency)
Dimensions Network – investment attractiveness report (Digital Rating Agency)
 
Jincor - investment attractiveness report (Digital Rating Agency)
Jincor - investment attractiveness report (Digital Rating Agency)Jincor - investment attractiveness report (Digital Rating Agency)
Jincor - investment attractiveness report (Digital Rating Agency)
 
What is token
What is tokenWhat is token
What is token
 
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...
 
Cointelligence - ICO Rating Report Q2-Q3 2018
Cointelligence - ICO Rating Report Q2-Q3 2018Cointelligence - ICO Rating Report Q2-Q3 2018
Cointelligence - ICO Rating Report Q2-Q3 2018
 
Designing business models with blockchain
Designing business models with blockchainDesigning business models with blockchain
Designing business models with blockchain
 
The Top 5 Mistakes in Blockchain Projects Implementation | Bockchain Adoption...
The Top 5 Mistakes in Blockchain Projects Implementation | Bockchain Adoption...The Top 5 Mistakes in Blockchain Projects Implementation | Bockchain Adoption...
The Top 5 Mistakes in Blockchain Projects Implementation | Bockchain Adoption...
 

Recently uploaded

MC Heights construction company in Jhang
MC Heights construction company in JhangMC Heights construction company in Jhang
MC Heights construction company in Jhangmcgroupjeya
 
Fabric RFID Wristbands in Ireland for Events and Festivals
Fabric RFID Wristbands in Ireland for Events and FestivalsFabric RFID Wristbands in Ireland for Events and Festivals
Fabric RFID Wristbands in Ireland for Events and FestivalsWristbands Ireland
 
NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023Steve Rader
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 
Data skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsData skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsyasinnathani
 
Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Winbusinessin
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxWorkforce Group
 
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfTalent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfCharles Cotter, PhD
 
Lecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toLecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toumarfarooquejamali32
 
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...IMARC Group
 
Entrepreneurship & organisations: influences and organizations
Entrepreneurship & organisations: influences and organizationsEntrepreneurship & organisations: influences and organizations
Entrepreneurship & organisations: influences and organizationsP&CO
 
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...Khaled Al Awadi
 
Tata Kelola Bisnis perushaan yang bergerak
Tata Kelola Bisnis perushaan yang bergerakTata Kelola Bisnis perushaan yang bergerak
Tata Kelola Bisnis perushaan yang bergerakEditores1
 
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHelene Heckrotte
 
Plano de marketing- inglês em formato ppt
Plano de marketing- inglês  em formato pptPlano de marketing- inglês  em formato ppt
Plano de marketing- inglês em formato pptElizangelaSoaresdaCo
 
Introduction to The overview of GAAP LO 1-5.pptx
Introduction to The overview of GAAP LO 1-5.pptxIntroduction to The overview of GAAP LO 1-5.pptx
Introduction to The overview of GAAP LO 1-5.pptxJemalSeid25
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access
 
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...AustraliaChapterIIBA
 
Live-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarLive-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarNathanielSchmuck
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examplesamberjiles31
 

Recently uploaded (20)

MC Heights construction company in Jhang
MC Heights construction company in JhangMC Heights construction company in Jhang
MC Heights construction company in Jhang
 
Fabric RFID Wristbands in Ireland for Events and Festivals
Fabric RFID Wristbands in Ireland for Events and FestivalsFabric RFID Wristbands in Ireland for Events and Festivals
Fabric RFID Wristbands in Ireland for Events and Festivals
 
NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 
Data skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsData skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story points
 
Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
 
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfTalent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
 
Lecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toLecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb to
 
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
 
Entrepreneurship & organisations: influences and organizations
Entrepreneurship & organisations: influences and organizationsEntrepreneurship & organisations: influences and organizations
Entrepreneurship & organisations: influences and organizations
 
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
 
Tata Kelola Bisnis perushaan yang bergerak
Tata Kelola Bisnis perushaan yang bergerakTata Kelola Bisnis perushaan yang bergerak
Tata Kelola Bisnis perushaan yang bergerak
 
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
 
Plano de marketing- inglês em formato ppt
Plano de marketing- inglês  em formato pptPlano de marketing- inglês  em formato ppt
Plano de marketing- inglês em formato ppt
 
Introduction to The overview of GAAP LO 1-5.pptx
Introduction to The overview of GAAP LO 1-5.pptxIntroduction to The overview of GAAP LO 1-5.pptx
Introduction to The overview of GAAP LO 1-5.pptx
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024
 
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
 
Live-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarLive-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry Webinar
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examples
 

Mosaic Theory of Information Security: For Technical Writers

  • 1. Mosaic Theory of Information Security For Technical Writers 1 Margaret Fero For SF Bay Chapter of the STC, November 2020
  • 2. FIRST: Disclaimers SF Bay Chapter of the STC, November 20202 I’m not a lawyer, a financial advisor, the SEC, or in any way entitled to make expert judgements on what is or is not legal or insider trading. This whole talk is provided without warranty or guarantee. This is not legal advice. This is not financial advice. I’m going to talk about how legal and financial concepts work in a general sense based on a layperson’s understanding so we can all have a shared basis from which to discuss their applicability to information security. Do not make financial or legal decisions based on any information in this talk. Talk to actual experts if you feel inspired to make financial or legal decisions after watching this talk, do not rely on my information here. I am not an Expert on insider trading regulations, but I have enough of a general idea to use them as an allegory for a security problem.
  • 3. "Cat on a wall" by digitaltemi is licensed under CC BY 2.03
  • 4. 4 About Me ● Currently a Software Engineer with a focus on Security at a small startup ● Previously a Principal Technical Writer at Degreed, and overall a technical writer for over a decade, the last 6 years of it full-time ● Hold security certifications including the GSEC, GCIH, and GCIA
  • 5. About Mosaic Theory Agenda 1 2 5 3 Some Examples, General and Specific to TechComm What To Watch Out For 4 Conclusion 5 Questions
  • 7. Why mosaic theory? 7 Money Stuff by Matt Levine https://www.bloomberg.com/opinion/articles/2018-03-18/equifax-exec-sold-stock-after-hack-was-it-insider- trading
  • 10. Every day, professional investors and research analysts work the phones to ferret out information about companies that can’t be found by simply reading news releases. 10 Andrew Ross Sorkin New York Times Dealbook Column November 29, 2010 https://dealbook.nytimes.com/2010/11/29/just-tidbits-or-material- facts-for-insider-trading/ ; "Puzzling" by byzantiumbooks is licensed under CC BY 2.0
  • 11. ● “Material” information direct from a reputable source ● Information comes packaged together ● Information is useful alone What counts as insider trading? 11 ● “Immaterial” information from multiple sources ● You combine information to create useful packages ● Individual pieces of information are not as useful as the whole Insider Trading (Bad) Skilled Financial Analysis (Good)
  • 13. Insider Trading This is bad. 13 https://www.sec.gov/news/press-release/2020-27
  • 14. Another Example of Alleged Insider Trading This one still hasn’t gone to trial, so it may be okay, but it also sounds bad. 14 https://www.sec.gov/news/press-release/2020-228
  • 17. 17 "Frank, September 4, 2011 - keyboard" by pat00139 is licensed under CC BY 2.0 Why should I care as a technical writer?
  • 18. You also have information. 18 Material non- public information ● Details of unreleased features ● Internal approvals or QA processes ● Product roadmaps ● Usage data ● Company costs Immaterial or public information ● Press release archives ● Job ads ● Your company’s website ● Your colleague’s lunch preferences ● Published documentation
  • 19. Material Information 19 This is bad to release. https://www.darkreading.com/cloud/hotelscom-and-expedia-provider-exposes-millions-of-guests-data/d/d-id/1339407
  • 20. Immaterial Information 20 ● Travel opportunities ● Employee sabbaticals ● Employee travel ● Onsite/Offsite timing ● Food preferences ● Release schedule This is good to release! ...right?
  • 21. What should I watch for? 21
  • 22. 22 High-Risk Categories Job Posts & Resignations Employee Sentiment Feature Details Tooling Compliance Changes "Sharpest tool in the shed" by Lachlan is licensed under CC BY 2.0; "Slides Box Paperwork" by cdsessums is licensed under CC BY-SA 2.0; "Job Listings" by flazingo_photos is licensed under CC BY-SA 2.0; "Thumbs Up" by Learn4Life is licensed under CC BY-SA 2.0; "Project Management Plan" by perhapstoopink is licensed under CC BY 2.0
  • 23. Disclaimer (again): 23 The tools I’m about to mention are risky because they’re useful! Banning these tools is not a good mitigation strategy. "Lego bricks" by EEPaul is licensed under CC BY 2.0
  • 24. ● Job post contents ● Employees’ role descriptions on LinkedIn or networking sites ● Meetup membership or attendance ● Vendor forum membership ● Event or networking conversations Tooling 24
  • 25. 25 Compliance Changes ● LinkedIn posts ● Conference attendance or course completion ● Forum posts ● Meetup membership or attendance ● Job postings ● Joining professional organizations or networks
  • 26. 26 Job Posts & Resignations ● Your career site ● Your ATS or company LinkedIn page ● Recent alumni’s LinkedIn or social media accounts ● Your company or product blog, or individuals’ blogs ● Networking conversations
  • 27. 27 Employee Sentiment ● Social media ● Press mentions ● Glassdoor reviews ● Networking Slacks and Discords ● Conversations on public transit (someday...) ● Conversations near your office (someday...)
  • 28. 28 Feature Details ● “Coming Soon” listings or sections ● Company blog ● Descriptions of what individual employees are working on ● Documented defaults ● Documented settings ● Documented procedures, processes, and overrides
  • 29. 29 Other Information You Have ● Instagram posts ● Vacation responders ● Individual Preferences
  • 31. Don’t despair, just be aware!"Full Rainbow at Sunrise at Columbia River in Washington" by Landscapes in The West is licensed under CC PDM 1.0