Submit Search
Upload
Real Life Information Security
•
Download as PPT, PDF
•
0 likes
•
534 views
Pawel Krawczyk
Follow
What is the limit for reasonable expenses for information security?
Read less
Read more
Education
Report
Share
Report
Share
1 of 29
Download now
Recommended
Project Finance
Project Finance
José Luis CUBERO-SOMED
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Pawel Krawczyk
Maximizing your coaxial (cable tv) v2
Maximizing your coaxial (cable tv) v2
Broto Santoso
Securing Your .NET Application
Securing Your .NET Application
Iron Speed
RootedCON 2015 - Deep inside the Java framework Apache Struts
RootedCON 2015 - Deep inside the Java framework Apache Struts
testpurposes
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
jasonjfrank
.Net Hijacking to Defend PowerShell BSidesSF2017
.Net Hijacking to Defend PowerShell BSidesSF2017
Amanda Rousseau
Recommended
Project Finance
Project Finance
José Luis CUBERO-SOMED
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Pawel Krawczyk
Maximizing your coaxial (cable tv) v2
Maximizing your coaxial (cable tv) v2
Broto Santoso
Securing Your .NET Application
Securing Your .NET Application
Iron Speed
RootedCON 2015 - Deep inside the Java framework Apache Struts
RootedCON 2015 - Deep inside the Java framework Apache Struts
testpurposes
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
jasonjfrank
.Net Hijacking to Defend PowerShell BSidesSF2017
.Net Hijacking to Defend PowerShell BSidesSF2017
Amanda Rousseau
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
CSCJournals
SETTING METHOD IN CONSIDERATION OF THE PCI/DSS
SETTING METHOD IN CONSIDERATION OF THE PCI/DSS
hogehuga
Passive infrastructure of FTTH networks: an overview
Passive infrastructure of FTTH networks: an overview
Luc De Heyn
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
Erik Vloothuis
ColdFusion for Penetration Testers
ColdFusion for Penetration Testers
Chris Gates
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
Chris Gates
Prof m02 v2
Prof m02 v2
SelectedPresentations
Data Driven Risk Management
Data Driven Risk Management
Resolver Inc.
Ecommerce(2)
Ecommerce(2)
ecommerce
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
Matthew Pascucci
Financial Crisis And IT Security
Financial Crisis And IT Security
George Fares
Ht t17
Ht t17
SelectedPresentations
R af d
R af d
William L. McGill
Risk Analysis for Dummies
Risk Analysis for Dummies
William L. McGill
IT Controls Presentation
IT Controls Presentation
Bill Lisse
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
Joel Cardella
Some experiences from early-stage Australian startups
Some experiences from early-stage Australian startups
David Jones
Don't risk it presentation
Don't risk it presentation
Vincent Kwon
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
EC-Council
Auditing and fraud detection using Picalo
Auditing and fraud detection using Picalo
Sii Quist
Audit,fraud detection Using Picalo
Audit,fraud detection Using Picalo
guest4ea866f
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12
Patrick Florer
More Related Content
Viewers also liked
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
CSCJournals
SETTING METHOD IN CONSIDERATION OF THE PCI/DSS
SETTING METHOD IN CONSIDERATION OF THE PCI/DSS
hogehuga
Passive infrastructure of FTTH networks: an overview
Passive infrastructure of FTTH networks: an overview
Luc De Heyn
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
Erik Vloothuis
ColdFusion for Penetration Testers
ColdFusion for Penetration Testers
Chris Gates
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
Chris Gates
Viewers also liked
(6)
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
SETTING METHOD IN CONSIDERATION OF THE PCI/DSS
SETTING METHOD IN CONSIDERATION OF THE PCI/DSS
Passive infrastructure of FTTH networks: an overview
Passive infrastructure of FTTH networks: an overview
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
ColdFusion for Penetration Testers
ColdFusion for Penetration Testers
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
Similar to Real Life Information Security
Prof m02 v2
Prof m02 v2
SelectedPresentations
Data Driven Risk Management
Data Driven Risk Management
Resolver Inc.
Ecommerce(2)
Ecommerce(2)
ecommerce
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
Matthew Pascucci
Financial Crisis And IT Security
Financial Crisis And IT Security
George Fares
Ht t17
Ht t17
SelectedPresentations
R af d
R af d
William L. McGill
Risk Analysis for Dummies
Risk Analysis for Dummies
William L. McGill
IT Controls Presentation
IT Controls Presentation
Bill Lisse
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
Joel Cardella
Some experiences from early-stage Australian startups
Some experiences from early-stage Australian startups
David Jones
Don't risk it presentation
Don't risk it presentation
Vincent Kwon
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
EC-Council
Auditing and fraud detection using Picalo
Auditing and fraud detection using Picalo
Sii Quist
Audit,fraud detection Using Picalo
Audit,fraud detection Using Picalo
guest4ea866f
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12
Patrick Florer
Data Security for Nonprofits
Data Security for Nonprofits
NPowerCR
Common sense security by Fortium Partners
Common sense security by Fortium Partners
DAVID BERGH
L123
L123
Btyy121
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Rishi Singh
Similar to Real Life Information Security
(20)
Prof m02 v2
Prof m02 v2
Data Driven Risk Management
Data Driven Risk Management
Ecommerce(2)
Ecommerce(2)
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
Financial Crisis And IT Security
Financial Crisis And IT Security
Ht t17
Ht t17
R af d
R af d
Risk Analysis for Dummies
Risk Analysis for Dummies
IT Controls Presentation
IT Controls Presentation
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
Some experiences from early-stage Australian startups
Some experiences from early-stage Australian startups
Don't risk it presentation
Don't risk it presentation
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Auditing and fraud detection using Picalo
Auditing and fraud detection using Picalo
Audit,fraud detection Using Picalo
Audit,fraud detection Using Picalo
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12
Data Security for Nonprofits
Data Security for Nonprofits
Common sense security by Fortium Partners
Common sense security by Fortium Partners
L123
L123
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
More from Pawel Krawczyk
Top DevOps Security Failures
Top DevOps Security Failures
Pawel Krawczyk
Authenticity and usability
Authenticity and usability
Pawel Krawczyk
Reading Geek Night 2019
Reading Geek Night 2019
Pawel Krawczyk
Effective DevSecOps
Effective DevSecOps
Pawel Krawczyk
Unicode the hero or villain
Unicode the hero or villain
Pawel Krawczyk
Get rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protection
Pawel Krawczyk
Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015
Pawel Krawczyk
Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"
Pawel Krawczyk
Paweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwa
Pawel Krawczyk
Are electronic signature assumptions realistic
Are electronic signature assumptions realistic
Pawel Krawczyk
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Pawel Krawczyk
Filtrowanie sieci - Panoptykon
Filtrowanie sieci - Panoptykon
Pawel Krawczyk
Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93
Pawel Krawczyk
Why care about application security
Why care about application security
Pawel Krawczyk
Source Code Scanners
Source Code Scanners
Pawel Krawczyk
Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2
Pawel Krawczyk
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
Pawel Krawczyk
Kryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwa
Pawel Krawczyk
Zaufanie W Systemach Informatycznych
Zaufanie W Systemach Informatycznych
Pawel Krawczyk
Europejskie Ramy Interoperacyjności 2.0
Europejskie Ramy Interoperacyjności 2.0
Pawel Krawczyk
More from Pawel Krawczyk
(20)
Top DevOps Security Failures
Top DevOps Security Failures
Authenticity and usability
Authenticity and usability
Reading Geek Night 2019
Reading Geek Night 2019
Effective DevSecOps
Effective DevSecOps
Unicode the hero or villain
Unicode the hero or villain
Get rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protection
Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015
Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"
Paweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwa
Are electronic signature assumptions realistic
Are electronic signature assumptions realistic
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Filtrowanie sieci - Panoptykon
Filtrowanie sieci - Panoptykon
Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93
Why care about application security
Why care about application security
Source Code Scanners
Source Code Scanners
Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwa
Zaufanie W Systemach Informatycznych
Zaufanie W Systemach Informatycznych
Europejskie Ramy Interoperacyjności 2.0
Europejskie Ramy Interoperacyjności 2.0
Recently uploaded
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
VishalSingh1417
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
EduSkills OECD
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
MateoGardella
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
National Information Standards Organization (NISO)
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
agholdier
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
Jayanti Pande
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
National Information Standards Organization (NISO)
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
TeacherCyreneCayanan
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
KokoStevan
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
GeoBlogs
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Shubhangi Sonawane
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Celine George
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University of Engineering & Technology, Jamshoro
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
AreebaZafar22
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
VishalSingh1417
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
VishalSingh1417
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
Maestría en Comunicación Digital Interactiva - UNR
Recently uploaded
(20)
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
Real Life Information Security
1.
Real Life Information
Security Embedding security in economic reality [email_address]
2.
3.
4.
5.
6.
7.
Learn f rom
others’ mistakes Source: FSA, 22 July 2009
8.
9.
10.
11.
Risk Analysis ->
Potential loss -> Control -> Real loss Wrong but common scenario...
12.
Case studies
13.
14.
15.
16.
Risk Management in
e-banking Source: Bankier.pl report, October 2009 (selected data only) ↓ Repudiation ↓ Low security, ↑ Low cost 7 TAN ↑ Non-repudiation ↓ Not usable, ↓ Big cost 2 Smart - card ↓ Repudiation ↓ Big cost 11 Token ↓ Repudiation ↑ Usable, ↓ Big cost 15 SMS High non-repudiation needs Millions of clients Auth method Corporate Individual Number
17.
Laffer’s curve in
security Source: Wikipedia
18.
Mayfield’s Paradox Source:
ISACA, „ Mathematical Proofs of Mayfield's Paradox ”, 2001
19.
How to?
20.
Avoid „ o
ne-size fits all” approach
21.
22.
23.
24.
Source: Willem Duiff,
GE (SASMA 2009)
25.
26.
27.
28.
29.
Download now