SlideShare a Scribd company logo

Real Life Information Security

Download as PPT, PDF
Pawel Krawczyk
Pawel Krawczyk

What is the limit for reasonable expenses for information security?

Education
1 of 29
Real Life Information Security Embedding security in economic reality [email_address]
Hewitt Associates ,[object Object],[object Object],[object Object]
H ewitt’s Market ,[object Object],[object Object],[object Object],[object Object],[object Object]
Security - Shepherds or policemen? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Learn f rom the past ,[object Object]
Learn f rom market analytics ,[object Object],[object Object],[object Object],[object Object],Source: Ponemon Institute, „2008 Annual Study: Cost of Data Breach”
Learn f rom others’ mistakes Source: FSA, 22 July 2009
Learn f rom Your r isk a nalysis ,[object Object],[object Object]
When Risk Management makes sense? ,[object Object],Source: Flickr (edou а rd)
What makes Control cost? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Source: Flickr (d а veme)
Risk Analysis -> Potential loss -> Control -> Real loss  Wrong but common scenario...
Case studies
Qualified Certificate in ZUS* ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Source: Money.pl, ZUS * ZUS = Polish public pensions provider
Invoicing ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Sources: EU MEMO/00/85
E-Invoicing in Europe ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Sources: EEI 2007, ITST, OECD; GUS 2008
Risk Management in e-banking Source: Bankier.pl report, October 2009 (selected data only) ↓ Repudiation ↓ Low security, ↑ Low cost 7 TAN ↑ Non-repudiation ↓ Not usable, ↓ Big cost 2 Smart - card ↓ Repudiation ↓ Big cost 11 Token ↓ Repudiation ↑ Usable, ↓ Big cost 15 SMS High non-repudiation needs Millions of clients Auth method Corporate Individual Number
Laffer’s curve in security Source: Wikipedia
Mayfield’s Paradox Source: ISACA, „ Mathematical Proofs of Mayfield's Paradox ”, 2001
How to?
Avoid „ o ne-size fits all” approach
Control questions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Is security a cost? ,[object Object],[object Object],[object Object],[object Object]
How FDE * saves money ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],* FDE = Full-Disk Encryption
Source: Willem Duiff, GE (SASMA 2009)
Building a consistent security policy #1 ,[object Object],[object Object],[object Object],[object Object],[object Object],Source: Flickr ( а resnick)
Building a consistent security policy #2 ,[object Object],[object Object],[object Object],[object Object],[object Object],Source: Wikipedia
Building a consistent security policy #3 ,[object Object],[object Object],[object Object],[object Object],[object Object]
Things we learned when talking to business ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object]

Recommended

Project Finance
Project FinanceProject Finance
Project FinanceJosé Luis CUBERO-SOMED
 
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"Pawel Krawczyk
 
Maximizing your coaxial (cable tv) v2
Maximizing your coaxial (cable tv) v2Maximizing your coaxial (cable tv) v2
Maximizing your coaxial (cable tv) v2Broto Santoso
 
Securing Your .NET Application
Securing Your .NET ApplicationSecuring Your .NET Application
Securing Your .NET ApplicationIron Speed
 
RootedCON 2015 - Deep inside the Java framework Apache Struts
RootedCON 2015 - Deep inside the Java framework Apache StrutsRootedCON 2015 - Deep inside the Java framework Apache Struts
RootedCON 2015 - Deep inside the Java framework Apache Strutstestpurposes
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue TeamersGo Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamersjasonjfrank
 
.Net Hijacking to Defend PowerShell BSidesSF2017
.Net Hijacking to Defend PowerShell BSidesSF2017 .Net Hijacking to Defend PowerShell BSidesSF2017
.Net Hijacking to Defend PowerShell BSidesSF2017 Amanda Rousseau
 

Recommended

Project Finance
Project FinanceProject Finance
Project FinanceJosé Luis CUBERO-SOMED
 
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"Pawel Krawczyk
 
Maximizing your coaxial (cable tv) v2
Maximizing your coaxial (cable tv) v2Maximizing your coaxial (cable tv) v2
Maximizing your coaxial (cable tv) v2Broto Santoso
 
Securing Your .NET Application
Securing Your .NET ApplicationSecuring Your .NET Application
Securing Your .NET ApplicationIron Speed
 
RootedCON 2015 - Deep inside the Java framework Apache Struts
RootedCON 2015 - Deep inside the Java framework Apache StrutsRootedCON 2015 - Deep inside the Java framework Apache Struts
RootedCON 2015 - Deep inside the Java framework Apache Strutstestpurposes
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue TeamersGo Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamersjasonjfrank
 
.Net Hijacking to Defend PowerShell BSidesSF2017
.Net Hijacking to Defend PowerShell BSidesSF2017 .Net Hijacking to Defend PowerShell BSidesSF2017
.Net Hijacking to Defend PowerShell BSidesSF2017 Amanda Rousseau
 
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor NetworksQueue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor NetworksCSCJournals
 
SETTING METHOD IN CONSIDERATION OF THE PCI/DSS
SETTING METHOD IN CONSIDERATION OF THE PCI/DSSSETTING METHOD IN CONSIDERATION OF THE PCI/DSS
SETTING METHOD IN CONSIDERATION OF THE PCI/DSShogehuga
 
Passive infrastructure of FTTH networks: an overview
Passive infrastructure of FTTH networks: an overviewPassive infrastructure of FTTH networks: an overview
Passive infrastructure of FTTH networks: an overviewLuc De Heyn
 
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
A very quick introduction to HFC, DOCSIS 3.0 and 3.1A very quick introduction to HFC, DOCSIS 3.0 and 3.1
A very quick introduction to HFC, DOCSIS 3.0 and 3.1Erik Vloothuis
 
ColdFusion for Penetration Testers
ColdFusion for Penetration TestersColdFusion for Penetration Testers
ColdFusion for Penetration TestersChris Gates
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsChris Gates
 
Prof m02 v2
Prof m02 v2Prof m02 v2
Prof m02 v2SelectedPresentations
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk ManagementResolver Inc.
 
Ecommerce(2)
Ecommerce(2)Ecommerce(2)
Ecommerce(2)ecommerce
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Financial Crisis And IT Security
Financial Crisis And IT SecurityFinancial Crisis And IT Security
Financial Crisis And IT SecurityGeorge Fares
 
Ht t17
Ht t17Ht t17
Ht t17SelectedPresentations
 
R af d
R af dR af d
R af dWilliam L. McGill
 
Risk Analysis for Dummies
Risk Analysis for DummiesRisk Analysis for Dummies
Risk Analysis for DummiesWilliam L. McGill
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls PresentationBill Lisse
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
Some experiences from early-stage Australian startups
Some experiences from early-stage Australian startupsSome experiences from early-stage Australian startups
Some experiences from early-stage Australian startupsDavid Jones
 
Don't risk it presentation
Don't risk it presentationDon't risk it presentation
Don't risk it presentationVincent Kwon
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
Auditing and fraud detection using Picalo
Auditing and fraud detection using PicaloAuditing and fraud detection using Picalo
Auditing and fraud detection using PicaloSii Quist
 
Audit,fraud detection Using Picalo
Audit,fraud detection Using PicaloAudit,fraud detection Using Picalo
Audit,fraud detection Using Picaloguest4ea866f
 
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Patrick Florer
 

More Related Content

Viewers also liked

Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor NetworksQueue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor NetworksCSCJournals
 
SETTING METHOD IN CONSIDERATION OF THE PCI/DSS
SETTING METHOD IN CONSIDERATION OF THE PCI/DSSSETTING METHOD IN CONSIDERATION OF THE PCI/DSS
SETTING METHOD IN CONSIDERATION OF THE PCI/DSShogehuga
 
Passive infrastructure of FTTH networks: an overview
Passive infrastructure of FTTH networks: an overviewPassive infrastructure of FTTH networks: an overview
Passive infrastructure of FTTH networks: an overviewLuc De Heyn
 
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
A very quick introduction to HFC, DOCSIS 3.0 and 3.1A very quick introduction to HFC, DOCSIS 3.0 and 3.1
A very quick introduction to HFC, DOCSIS 3.0 and 3.1Erik Vloothuis
 
ColdFusion for Penetration Testers
ColdFusion for Penetration TestersColdFusion for Penetration Testers
ColdFusion for Penetration TestersChris Gates
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsChris Gates
 

Viewers also liked (6)

Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor NetworksQueue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
 
SETTING METHOD IN CONSIDERATION OF THE PCI/DSS
SETTING METHOD IN CONSIDERATION OF THE PCI/DSSSETTING METHOD IN CONSIDERATION OF THE PCI/DSS
SETTING METHOD IN CONSIDERATION OF THE PCI/DSS
 
Passive infrastructure of FTTH networks: an overview
Passive infrastructure of FTTH networks: an overviewPassive infrastructure of FTTH networks: an overview
Passive infrastructure of FTTH networks: an overview
 
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
A very quick introduction to HFC, DOCSIS 3.0 and 3.1A very quick introduction to HFC, DOCSIS 3.0 and 3.1
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
 
ColdFusion for Penetration Testers
ColdFusion for Penetration TestersColdFusion for Penetration Testers
ColdFusion for Penetration Testers
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
 

Similar to Real Life Information Security

Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk ManagementResolver Inc.
 
Ecommerce(2)
Ecommerce(2)Ecommerce(2)
Ecommerce(2)ecommerce
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Financial Crisis And IT Security
Financial Crisis And IT SecurityFinancial Crisis And IT Security
Financial Crisis And IT SecurityGeorge Fares
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls PresentationBill Lisse
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
Some experiences from early-stage Australian startups
Some experiences from early-stage Australian startupsSome experiences from early-stage Australian startups
Some experiences from early-stage Australian startupsDavid Jones
 
Don't risk it presentation
Don't risk it presentationDon't risk it presentation
Don't risk it presentationVincent Kwon
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
Auditing and fraud detection using Picalo
Auditing and fraud detection using PicaloAuditing and fraud detection using Picalo
Auditing and fraud detection using PicaloSii Quist
 
Audit,fraud detection Using Picalo
Audit,fraud detection Using PicaloAudit,fraud detection Using Picalo
Audit,fraud detection Using Picaloguest4ea866f
 
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Patrick Florer
 
Data Security for Nonprofits
Data Security for NonprofitsData Security for Nonprofits
Data Security for NonprofitsNPowerCR
 
Common sense security by Fortium Partners
Common sense security by Fortium PartnersCommon sense security by Fortium Partners
Common sense security by Fortium PartnersDAVID BERGH
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 

Similar to Real Life Information Security (20)

Prof m02 v2
Prof m02 v2Prof m02 v2
Prof m02 v2
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk Management
 
Ecommerce(2)
Ecommerce(2)Ecommerce(2)
Ecommerce(2)
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
Financial Crisis And IT Security
Financial Crisis And IT SecurityFinancial Crisis And IT Security
Financial Crisis And IT Security
 
Ht t17
Ht t17Ht t17
Ht t17
 
R af d
R af dR af d
R af d
 
Risk Analysis for Dummies
Risk Analysis for DummiesRisk Analysis for Dummies
Risk Analysis for Dummies
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls Presentation
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
 
Some experiences from early-stage Australian startups
Some experiences from early-stage Australian startupsSome experiences from early-stage Australian startups
Some experiences from early-stage Australian startups
 
Don't risk it presentation
Don't risk it presentationDon't risk it presentation
Don't risk it presentation
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
 
Auditing and fraud detection using Picalo
Auditing and fraud detection using PicaloAuditing and fraud detection using Picalo
Auditing and fraud detection using Picalo
 
Audit,fraud detection Using Picalo
Audit,fraud detection Using PicaloAudit,fraud detection Using Picalo
Audit,fraud detection Using Picalo
 
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12
 
Data Security for Nonprofits
Data Security for NonprofitsData Security for Nonprofits
Data Security for Nonprofits
 
Common sense security by Fortium Partners
Common sense security by Fortium PartnersCommon sense security by Fortium Partners
Common sense security by Fortium Partners
 
L123
L123L123
L123
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 

More from Pawel Krawczyk

Top DevOps Security Failures
Top DevOps Security FailuresTop DevOps Security Failures
Top DevOps Security FailuresPawel Krawczyk
 
Authenticity and usability
Authenticity and usabilityAuthenticity and usability
Authenticity and usabilityPawel Krawczyk
 
Reading Geek Night 2019
Reading Geek Night 2019Reading Geek Night 2019
Reading Geek Night 2019Pawel Krawczyk
 
Unicode the hero or villain
Unicode the hero or villain Unicode the hero or villain
Unicode the hero or villain Pawel Krawczyk
 
Get rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protectionGet rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protectionPawel Krawczyk
 
Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015 Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015 Pawel Krawczyk
 
Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"Pawel Krawczyk
 
Paweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwaPaweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwaPawel Krawczyk
 
Are electronic signature assumptions realistic
Are electronic signature assumptions realisticAre electronic signature assumptions realistic
Are electronic signature assumptions realisticPawel Krawczyk
 
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)Pawel Krawczyk
 
Filtrowanie sieci - Panoptykon
Filtrowanie sieci - PanoptykonFiltrowanie sieci - Panoptykon
Filtrowanie sieci - PanoptykonPawel Krawczyk
 
Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93Pawel Krawczyk
 
Why care about application security
Why care about application securityWhy care about application security
Why care about application securityPawel Krawczyk
 
Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2Pawel Krawczyk
 
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie BezpieczenstwaAudyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie BezpieczenstwaPawel Krawczyk
 
Kryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwaKryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwaPawel Krawczyk
 
Zaufanie W Systemach Informatycznych
Zaufanie W Systemach InformatycznychZaufanie W Systemach Informatycznych
Zaufanie W Systemach InformatycznychPawel Krawczyk
 
Europejskie Ramy Interoperacyjności 2.0
Europejskie Ramy Interoperacyjności 2.0Europejskie Ramy Interoperacyjności 2.0
Europejskie Ramy Interoperacyjności 2.0Pawel Krawczyk
 

More from Pawel Krawczyk (20)

Top DevOps Security Failures
Top DevOps Security FailuresTop DevOps Security Failures
Top DevOps Security Failures
 
Authenticity and usability
Authenticity and usabilityAuthenticity and usability
Authenticity and usability
 
Reading Geek Night 2019
Reading Geek Night 2019Reading Geek Night 2019
Reading Geek Night 2019
 
Effective DevSecOps
Effective DevSecOpsEffective DevSecOps
Effective DevSecOps
 
Unicode the hero or villain
Unicode the hero or villain Unicode the hero or villain
Unicode the hero or villain
 
Get rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protectionGet rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protection
 
Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015 Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015
 
Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"
 
Paweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwaPaweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwa
 
Are electronic signature assumptions realistic
Are electronic signature assumptions realisticAre electronic signature assumptions realistic
Are electronic signature assumptions realistic
 
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
 
Filtrowanie sieci - Panoptykon
Filtrowanie sieci - PanoptykonFiltrowanie sieci - Panoptykon
Filtrowanie sieci - Panoptykon
 
Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93
 
Why care about application security
Why care about application securityWhy care about application security
Why care about application security
 
Source Code Scanners
Source Code ScannersSource Code Scanners
Source Code Scanners
 
Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2
 
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie BezpieczenstwaAudyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
 
Kryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwaKryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwa
 
Zaufanie W Systemach Informatycznych
Zaufanie W Systemach InformatycznychZaufanie W Systemach Informatycznych
Zaufanie W Systemach Informatycznych
 
Europejskie Ramy Interoperacyjności 2.0
Europejskie Ramy Interoperacyjności 2.0Europejskie Ramy Interoperacyjności 2.0
Europejskie Ramy Interoperacyjności 2.0
 

Recently uploaded

Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterMateoGardella
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...KokoStevan
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfChris Hunter
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 

Recently uploaded (20)

Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 

Real Life Information Security

  • 1. Real Life Information Security Embedding security in economic reality [email_address]
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7. Learn f rom others’ mistakes Source: FSA, 22 July 2009
  • 8.
  • 9.
  • 10.
  • 11. Risk Analysis -> Potential loss -> Control -> Real loss  Wrong but common scenario...
  • 13.
  • 14.
  • 15.
  • 16. Risk Management in e-banking Source: Bankier.pl report, October 2009 (selected data only) ↓ Repudiation ↓ Low security, ↑ Low cost 7 TAN ↑ Non-repudiation ↓ Not usable, ↓ Big cost 2 Smart - card ↓ Repudiation ↓ Big cost 11 Token ↓ Repudiation ↑ Usable, ↓ Big cost 15 SMS High non-repudiation needs Millions of clients Auth method Corporate Individual Number
  • 17. Laffer’s curve in security Source: Wikipedia
  • 18. Mayfield’s Paradox Source: ISACA, „ Mathematical Proofs of Mayfield's Paradox ”, 2001
  • 20. Avoid „ o ne-size fits all” approach
  • 21.
  • 22.
  • 23.
  • 24. Source: Willem Duiff, GE (SASMA 2009)
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.