SlideShare une entreprise Scribd logo

Risk Factory: Security Lessons From the Online Adult Entertainment Industry

Risk Crew
Risk Crew

The online adult entertainment industry understands cyber security better than most due to the "war zone" nature of their business online. They embrace new technologies, rigorously follow security best practices, and implement strict security policies to protect sensitive customer data and their systems from constant attacks. Other industries can learn important cyber security lessons around processes, people and technologies from how the online adult industry approaches security.

Technologie
1  sur  40
Security Lessons from the Online Adult Entertainment
A simple, easy to use, online, B2B procurement portal for purchasing products and services to identify, minimise and manage the security threat to business data. www.riskfactory.com
Legal Disclaimer The information contained in this presentation is for general guidance on matters of interest only. The application and impact of laws can vary widely based on the specific facts involved. Given the changing nature of laws, rules and regulations, and the inherent hazards of electronic communication, there may be delays, omissions or inaccuracies in information contained in this presentation. Accordingly, the information on this presentation is provided with the understanding that the audience is not herein engaged in rendering law enforcement, legal, accounting, tax, or other professional advice and services. Before making any decision or taking any action, you should consult a professional. While we have made every attempt to ensure that the information contained in this presentation has been obtained from reliable sources, Orthus is not responsible for any errors or omissions, or for the results obtained from the use of this information. All information in this presentation is provided "as is", with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability and fitness for a particular purpose. In no event will Orthus its related partnerships or corporations, or the partners, agents or employees thereof be liable to you or anyone else for any decision made or action taken in reliance on the information in this presentation or for any consequential, special or similar damages, even if advised of the possibility of such damages. Certain links in this presentation connect to other presentations maintained by third parties over whom Orthus has no control. Orthus makes no representations as to the accuracy or any other aspect of information contained in the speaker's words. This statement explains how we may collect and use information about you through our presentation. If you have any questions about our privacy policies, want to exercise your right to see a copy of the information that we hold about you, or think that information we hold about you may need to be corrected, please click here to send an email to our solicitor As you would expect, we monitor visits to our presentation, principally so that we can make sure that it is easy to navigate, identify the areas that are of particular interest to visitors and generally improve the presentation and our services. The information that we collect in this process will not identify you as an individual, however - we do not seek to identify individual visitors unless they volunteer their contact details through one of the forms on the presentation. In some circumstances our records will identify organisations visiting our presentation and we may use that information in managing our relationship with those organisations - for example, in considering how to develop the services that we offer them. In common with most presentations, our presentation uses cookies - small data files which are downloaded to your computer so that we can recognise that your computer has presentation the presentation before. We do not use cookies to identify you, just to improve your experience of the presentation - for example, by allowing the presentation to remember your bookmarks and language preference. You can if you wish set your Internet browser so that it will not automatically download cookies - this will not prevent you from using our presentation. The exact steps necessary to block cookies vary from browser to browser. They are generally explained in the "Help" section of the browser. Various forms on our presentation invite you to submit your contact details and other information about yourself or your organisation, or to send us emails which will, of course, also identify you. In each case, the purpose for which you are invited to give us information is clear and we also indicate which of the requested information is essential for the relevant purpose and which is optional - fields for essential information are marked with an asterisk. If we propose to use your details to send you information from Orthus about events or legal developments which we believe may be of interest to you (other than information that you have specifically requested), we give you an opportunity to tell us that you do not wish to receive such information by ticking a box. We will not use your information for purposes that are not clear when you provide your details, and will not disclose it outside Orthus, except in very limited circumstances - for example, with your agreement or where we are legally obliged to do so. Orthus operates as a single firm, but it works through various local legal entities. These entities, which are all ultimately controlled by the same group of partners, are identified in the Locations section of our presentation. When you provide information through the presentation you will be providing it to Orthus as a whole, and should be aware that it may be accessed from countries whose laws provide various levels of protection for personal data, not always equivalent to the level of protection that may be provided in your own country. The information materials and opinions contained on this presentation are for general information purposes only, are not intended to constitute legal or other professional advice, and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances. Neither Orthus not any other Orthus entity accepts any responsibility for any loss which may arise from reliance on information or materials published on this presentation. If you wish to find out more about the information in the materials published, please contact a Orthus partner. Certain parts of this presentation link to external internet presentations, and other external internet presentations may link to this presentation. Orthus is not responsible for the content of any external internet presentations. The materials contained on this web presentation are provided for general information purposes only and do not constitute legal or other professional advice. Neither Orthus nor any other Orthus entity accepts any responsibility for any loss which may arise from reliance on information published on this presentation. The materials published on this presentation are unless otherwise stated the copyright works of Orthus. You may make copies of materials published which are of interest to you for your own personal use and you may also provide occasional copies to others for information purposes only provided that you do so free of charge and the copies do not comprise substantial parts of the presentation. When you do make copies for yourself or others, the content of the published material and the copyright notices must remain intact, your communication of the content must not be misleading or inaccurate and a copy of this notice must accompany any copies of the materials which you provide to others. No other use of the materials published on this presentation is permitted without the express prior written consent of Orthus."
Agenda "On the internet, you're either our client - or our enemy." CIO - U.K. 2nd Largest On-Line Adult Entertainment Provider
Sex Sells The global on-line adult entertainment industry revenue in 2009 was estimated at over: 97 billion dollars US
Really Sells Last year alone more than 80,000 major adult web sites each generated profits more than 1 billon.
Got the Time Sailor? Every second: £3,975.24 is being spent on pornography Every second: 79,258 Internet users are viewing pornography Every second: 872 Internet users are typing adult search terms into search engines Every 39 minutes: A new pornographic video is created in the United States
Looking for Love The number one search term used in search engine sites =
Open All Night 52% internet users view porn 35% of all downloads are pornographic Last count there were 4.2 million websites offering adult content (472 million pages of content) An estimated 2.8 billion emails are sent daily (Averaging 4.5 per user per day)
Men Love It 69% visitors to adult sites are men 20% of men admit to accessing porn at work 20% of men admit they may be addicted to porn
Women Love It 31% visitors to adult sites are women 13% of women admit to accessing porn at work 17% of women admit they may be addicted to porn 70% of women keep their cyber activities secret
"A" Levels 63% of University students admitted to having sex in front of live web cams and using live chat rooms 87% of University students admitted to routinely accessing adult content sites
Skin in the Game Recognised as the first industry to understand how to generate and sustain revenue from the internet The on-line adult entertainment industry has grew twenty fold since 1999
The Good Direct: Broadband Streaming media Fee based services Geo location software Segmented content 3G mobile apps Indirect: VHS Video Players Camcorders DVDs Pay per View Satellite TV Interactive TV
Agenda Porn drives each new "convenient" visual technology Each high-tech advance takes porn closer to solving their big marketing problem: The Shame Factor Porn: Demand high Technology: Driven but doesn't travel by demand well
The Bad SPAM Viruses Trojans Botnets Spyware Key loggers Adware Worms Pop-up adverts Redirects JavaScript catchers
The Ugly Pornography Paedophilia Incest Bestiality Necrophilia Frotteurism Coprophilia Urophilia
The Price of Popularity “As an industry, adult entertainment websites are the most prominent and lucrative targets for freelance hackers today and attract the largest number of organised vigilante cyber groups on line”. Associated Press 2010
Their Enemies
Enemies of the State
Indecent Exposure California State Senate Bill 1386 mandated public disclosure of the loss of personal data as of April 20, 2005 (name, sex, DOB, address etc…) Subsequently adopted more than 40 States
PrivacyRights.org
Victoria's Secret
So... What do they know that we don’t?
1st Lesson It’s a war out there! • The Internet is a battle field • No rules of war • You must adapt the mind set of a soldier • Training is key to understand how you will act under fire • All fire is “live” fire • Don't show up to a gun fight with a knife • Assume your adversary is a professional • Prepare accordingly • Only the strong survive
Lesson 2 Embrace technology • Mind set of technology pioneers • Not afraid to try/use new technology • New technology = harder target • New technology = security asset • If they don’t see it in the market, they build it • Dual technology security devices / defences • Security starts at the application • Testing freaks!
Lesson 3 They're called "fundamentals" for a reason • Rigidly apply best practices, 0 tolerance • Process over product • Load balance, fail over, DR sites • Button downed, routinely tested architectures • First adopters of 24/7/365 VA scanning • SDLC zealots • Change management a security responsibility • Patch management mission critical
Lesson 4 Protect the crown jewels • Client data = crown jewels • Data discovery 24/7 • Real time network mapping • One server - one function • Practice network separation and segmentation • Implement honey pot architectures • Triple DMZ architectures • Encrypted databases at rest – prohibit mobility • Real time IPS’ • First adopters of attacking the attackers
Lesson 5 Good fences make good neighbours • No remote connections • No third party connections • No remote PC • No peer to peer connections • No file sharing • No remote system maintenance • No VPN connections to back office systems • No wireless subnets… • All 3rd party agreements levy corporate security policies/procedures
Lesson 6 Trust no one • Openly acknowledged • Flat lined security program: One size fits all • No one holds universal privileges • Three man rule for admin or policy changes • Employee pre-screening and post checks (credit / criminal checks) • Active & intense employee monitoring • Post employment confidentiality agreements
Lesson 7 Top down security • Lead by example • Entire Board rated on security • Corporate culture realised • Security is an “asset” rather than a liability • All policies tied to people • People tied to policies and product (site) • Strong and consistent security awareness programs • One strike and you’re out
Lesson 8 Pay your people well • Employees “extremely” well paid • Developers and Administrators well above • At least 25% above market rate • Pay for training • Pay for certifications • Bonuses for identifying potential problems • Bonuses for identifying solutions • Bonuses for zero losses • Performance bonuses
Lesson 9 Do not write a policy you can’t enforce • If you talk the talk you have to walk the walk • Security program transparent • Stripped down polices focus the mind • Compliance required by employment contract • Monitor ALL employees • Remove violators • Practice the “walk of shame” • Prosecute violators
Lesson 10 If it ain’t broke, don’t fix it! • Take time to quantify a security issue • What are we trying to protect? Why? Can we protect it? What happens if we fail? • Not worried about “nuisances” • Don't look to the market to tell you the threats to your business • Don’t rush out to by point products • All security spend is benchmarked against quantifiable ROI to the business mission • If you can’t measure it, it doesn’t exist
Homework 1. It’s a war zone 2. Embrace technology 3. Fundamentals for a reason 4. Protect the crown jewels 5. Fences make good neighbours 6. Trust no one 7. Top down security 8. Pay your people well 9. Don’t write a policy you can’t enforce 10. If it ain't broke, don't fix it.
Behind the Green Door?
Agenda
26 Dover Street London United Kingdom W1S 4LY +44 (0)20 3586 1025 +44 (0)20 7763 7101(fax)

Recommandé

The FTC’s Revised COPPA Rules (Stanford Presentation)
The FTC’s Revised COPPA Rules (Stanford Presentation)The FTC’s Revised COPPA Rules (Stanford Presentation)
The FTC’s Revised COPPA Rules (Stanford Presentation)
WilmerHale
 
COPPA
COPPACOPPA
COPPA
culturewins
 
Fundraising On The Internet
Fundraising On The InternetFundraising On The Internet
Fundraising On The Internet
Messrs G Owen & Co
 
COPPA Compliance
COPPA ComplianceCOPPA Compliance
COPPA Compliance
Kegan Blumenthal
 
COPPA for Newbies
COPPA for NewbiesCOPPA for Newbies
COPPA for Newbies
Kegan Blumenthal
 
Social media & data protection policy v1.0 141112
Social media & data protection policy v1.0 141112 Social media & data protection policy v1.0 141112
Social media & data protection policy v1.0 141112
Dave Shannon
 
Legal Issues re: Electronically Stored Information
Legal Issues re: Electronically Stored InformationLegal Issues re: Electronically Stored Information
Legal Issues re: Electronically Stored Information
austinlegal
 
Tos
TosTos
Tos
Erdenejargal Narantuya
 

Recommandé

The FTC’s Revised COPPA Rules (Stanford Presentation)
The FTC’s Revised COPPA Rules (Stanford Presentation)The FTC’s Revised COPPA Rules (Stanford Presentation)
The FTC’s Revised COPPA Rules (Stanford Presentation)
WilmerHale
 
COPPA
COPPACOPPA
COPPA
culturewins
 
Fundraising On The Internet
Fundraising On The InternetFundraising On The Internet
Fundraising On The Internet
Messrs G Owen & Co
 
COPPA Compliance
COPPA ComplianceCOPPA Compliance
COPPA Compliance
Kegan Blumenthal
 
COPPA for Newbies
COPPA for NewbiesCOPPA for Newbies
COPPA for Newbies
Kegan Blumenthal
 
Social media & data protection policy v1.0 141112
Social media & data protection policy v1.0 141112 Social media & data protection policy v1.0 141112
Social media & data protection policy v1.0 141112
Dave Shannon
 
Legal Issues re: Electronically Stored Information
Legal Issues re: Electronically Stored InformationLegal Issues re: Electronically Stored Information
Legal Issues re: Electronically Stored Information
austinlegal
 
Tos
TosTos
Tos
Erdenejargal Narantuya
 
Content for website
Content for websiteContent for website
Content for website
KrishnendhuKS1
 
USLFG Corporate & Securities Presentation
USLFG Corporate & Securities PresentationUSLFG Corporate & Securities Presentation
USLFG Corporate & Securities Presentation
Armstrong Teasdale
 
Lathrop & Gage Legal Pitfalls Presentation
Lathrop & Gage Legal Pitfalls PresentationLathrop & Gage Legal Pitfalls Presentation
Lathrop & Gage Legal Pitfalls Presentation
Social Media Club of Kansas City
 
Coppa overview
Coppa overviewCoppa overview
Coppa overview
chstokes
 
Social Networking and E-discovery
Social Networking and E-discoverySocial Networking and E-discovery
Social Networking and E-discovery
Mary-Ellen Wyatt King
 
Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...
Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...
Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...
- Mark - Fullbright
 
Business COPPA 6 Steps
Business COPPA 6 StepsBusiness COPPA 6 Steps
Business COPPA 6 Steps
- Mark - Fullbright
 
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Shawn Tuma
 
Social Media Law: The Legal Do's and Don'ts of Social Media
Social Media Law: The Legal Do's and Don'ts of Social MediaSocial Media Law: The Legal Do's and Don'ts of Social Media
Social Media Law: The Legal Do's and Don'ts of Social Media
Shawn Tuma
 
Canada CASL Anti-Spam Presentation - Wishart Law Firm LLP
Canada CASL Anti-Spam Presentation - Wishart Law Firm LLPCanada CASL Anti-Spam Presentation - Wishart Law Firm LLP
Canada CASL Anti-Spam Presentation - Wishart Law Firm LLP
Miles Williams
 
Anti-Spam Presentation
Anti-Spam Presentation Anti-Spam Presentation
Anti-Spam Presentation
Miles Williams
 
Wishart Law Firm LLP - CASL/Anti-Spam Seminar
Wishart Law Firm LLP - CASL/Anti-Spam SeminarWishart Law Firm LLP - CASL/Anti-Spam Seminar
Wishart Law Firm LLP - CASL/Anti-Spam Seminar
Miles Williams
 
Wishart Law Firm Anti-Spam Presentation
Wishart Law Firm Anti-Spam PresentationWishart Law Firm Anti-Spam Presentation
Wishart Law Firm Anti-Spam Presentation
Miles Williams
 
SCL Marsden Introduction to Internet Law
SCL Marsden Introduction to Internet LawSCL Marsden Introduction to Internet Law
SCL Marsden Introduction to Internet Law
Chris Marsden
 
Take This Job And Tweet It Social Media Policy
Take This Job And Tweet It Social Media PolicyTake This Job And Tweet It Social Media Policy
Take This Job And Tweet It Social Media Policy
MRDC1230
 
Social Media: Implications for Intellectual Property Law
Social Media: Implications for Intellectual Property LawSocial Media: Implications for Intellectual Property Law
Social Media: Implications for Intellectual Property Law
blaine_5
 
Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010
mleyden
 
top fiddy Wags
top fiddy Wagstop fiddy Wags
top fiddy Wags
guest39766a
 
Juveniles being sentenced as adults
Juveniles being sentenced as adultsJuveniles being sentenced as adults
Juveniles being sentenced as adults
amynm11
 
¿ El tamaño importa ?- Una introducción a las métricas online
¿ El tamaño importa ?- Una introducción a las métricas online¿ El tamaño importa ?- Una introducción a las métricas online
¿ El tamaño importa ?- Una introducción a las métricas online
Edwin Arley Bernal Holguin
 
Beyonce love on top textual analysis
Beyonce love on top textual analysisBeyonce love on top textual analysis
Beyonce love on top textual analysis
shannoncammish
 
Love Tap Stanford 2015
Love Tap Stanford 2015Love Tap Stanford 2015
Love Tap Stanford 2015
Stanford University
 

Contenu connexe

Tendances

USLFG Corporate & Securities Presentation
USLFG Corporate & Securities PresentationUSLFG Corporate & Securities Presentation
USLFG Corporate & Securities Presentation
Armstrong Teasdale
 
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Shawn Tuma
 
Anti-Spam Presentation
Anti-Spam Presentation Anti-Spam Presentation
Anti-Spam Presentation
Miles Williams
 
Wishart Law Firm LLP - CASL/Anti-Spam Seminar
Wishart Law Firm LLP - CASL/Anti-Spam SeminarWishart Law Firm LLP - CASL/Anti-Spam Seminar
Wishart Law Firm LLP - CASL/Anti-Spam Seminar
Miles Williams
 
Wishart Law Firm Anti-Spam Presentation
Wishart Law Firm Anti-Spam PresentationWishart Law Firm Anti-Spam Presentation
Wishart Law Firm Anti-Spam Presentation
Miles Williams
 

Tendances (17)

Content for website
Content for websiteContent for website
Content for website
 
USLFG Corporate & Securities Presentation
USLFG Corporate & Securities PresentationUSLFG Corporate & Securities Presentation
USLFG Corporate & Securities Presentation
 
Lathrop & Gage Legal Pitfalls Presentation
Lathrop & Gage Legal Pitfalls PresentationLathrop & Gage Legal Pitfalls Presentation
Lathrop & Gage Legal Pitfalls Presentation
 
Coppa overview
Coppa overviewCoppa overview
Coppa overview
 
Social Networking and E-discovery
Social Networking and E-discoverySocial Networking and E-discovery
Social Networking and E-discovery
 
Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...
Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...
Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...
 
Business COPPA 6 Steps
Business COPPA 6 StepsBusiness COPPA 6 Steps
Business COPPA 6 Steps
 
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
 
Social Media Law: The Legal Do's and Don'ts of Social Media
Social Media Law: The Legal Do's and Don'ts of Social MediaSocial Media Law: The Legal Do's and Don'ts of Social Media
Social Media Law: The Legal Do's and Don'ts of Social Media
 
Canada CASL Anti-Spam Presentation - Wishart Law Firm LLP
Canada CASL Anti-Spam Presentation - Wishart Law Firm LLPCanada CASL Anti-Spam Presentation - Wishart Law Firm LLP
Canada CASL Anti-Spam Presentation - Wishart Law Firm LLP
 
Anti-Spam Presentation
Anti-Spam Presentation Anti-Spam Presentation
Anti-Spam Presentation
 
Wishart Law Firm LLP - CASL/Anti-Spam Seminar
Wishart Law Firm LLP - CASL/Anti-Spam SeminarWishart Law Firm LLP - CASL/Anti-Spam Seminar
Wishart Law Firm LLP - CASL/Anti-Spam Seminar
 
Wishart Law Firm Anti-Spam Presentation
Wishart Law Firm Anti-Spam PresentationWishart Law Firm Anti-Spam Presentation
Wishart Law Firm Anti-Spam Presentation
 
SCL Marsden Introduction to Internet Law
SCL Marsden Introduction to Internet LawSCL Marsden Introduction to Internet Law
SCL Marsden Introduction to Internet Law
 
Take This Job And Tweet It Social Media Policy
Take This Job And Tweet It Social Media PolicyTake This Job And Tweet It Social Media Policy
Take This Job And Tweet It Social Media Policy
 
Social Media: Implications for Intellectual Property Law
Social Media: Implications for Intellectual Property LawSocial Media: Implications for Intellectual Property Law
Social Media: Implications for Intellectual Property Law
 
Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010
 

En vedette

Juveniles being sentenced as adults
Juveniles being sentenced as adultsJuveniles being sentenced as adults
Juveniles being sentenced as adults
amynm11
 
Beyonce love on top textual analysis
Beyonce love on top textual analysisBeyonce love on top textual analysis
Beyonce love on top textual analysis
shannoncammish
 
Fisiologia del acto sexual femenino (1)
Fisiologia del acto sexual femenino (1)Fisiologia del acto sexual femenino (1)
Fisiologia del acto sexual femenino (1)
Bryan Ortiz Peygahud
 
Las25tecnicasyconsejos
Las25tecnicasyconsejosLas25tecnicasyconsejos
Las25tecnicasyconsejos
Josse Sumari
 

En vedette (11)

top fiddy Wags
top fiddy Wagstop fiddy Wags
top fiddy Wags
 
Juveniles being sentenced as adults
Juveniles being sentenced as adultsJuveniles being sentenced as adults
Juveniles being sentenced as adults
 
¿ El tamaño importa ?- Una introducción a las métricas online
¿ El tamaño importa ?- Una introducción a las métricas online¿ El tamaño importa ?- Una introducción a las métricas online
¿ El tamaño importa ?- Una introducción a las métricas online
 
Beyonce love on top textual analysis
Beyonce love on top textual analysisBeyonce love on top textual analysis
Beyonce love on top textual analysis
 
Love Tap Stanford 2015
Love Tap Stanford 2015Love Tap Stanford 2015
Love Tap Stanford 2015
 
Fisiologia del acto sexual femenino (1)
Fisiologia del acto sexual femenino (1)Fisiologia del acto sexual femenino (1)
Fisiologia del acto sexual femenino (1)
 
Las25tecnicasyconsejos
Las25tecnicasyconsejosLas25tecnicasyconsejos
Las25tecnicasyconsejos
 
Punto G
Punto GPunto G
Punto G
 
Orgasmo Femenino
Orgasmo FemeninoOrgasmo Femenino
Orgasmo Femenino
 
Fisiología del Acto Sexual
Fisiología del Acto SexualFisiología del Acto Sexual
Fisiología del Acto Sexual
 
Adult Entertainment Regulations
Adult Entertainment RegulationsAdult Entertainment Regulations
Adult Entertainment Regulations
 

Similaire à Risk Factory: Security Lessons From the Online Adult Entertainment Industry

Juliette van balen; sociale netwerken, juridische aspecten
Juliette van balen; sociale netwerken, juridische aspectenJuliette van balen; sociale netwerken, juridische aspecten
Juliette van balen; sociale netwerken, juridische aspecten
Hans Hoornstra
 
Privacy Policy
Privacy PolicyPrivacy Policy
Privacy Policy
wedsupply1
 
Privacy Policy
Privacy PolicyPrivacy Policy
Privacy Policy
wedsupply1
 
Slicing Up the Mobile Services Revenue Pie
Slicing Up the Mobile Services Revenue PieSlicing Up the Mobile Services Revenue Pie
Slicing Up the Mobile Services Revenue Pie
Sam Gellar
 

Similaire à Risk Factory: Security Lessons From the Online Adult Entertainment Industry (20)

Noggin - World's first marketplace for Personal Data
Noggin - World's first marketplace for Personal DataNoggin - World's first marketplace for Personal Data
Noggin - World's first marketplace for Personal Data
 
General Privacy policy for scorewiki
General Privacy policy for scorewikiGeneral Privacy policy for scorewiki
General Privacy policy for scorewiki
 
Plunet Summit 2018: Plunet’s approach to the new data regulation of the EU (G...
Plunet Summit 2018: Plunet’s approach to the new data regulation of the EU (G...Plunet Summit 2018: Plunet’s approach to the new data regulation of the EU (G...
Plunet Summit 2018: Plunet’s approach to the new data regulation of the EU (G...
 
Social Media Policy
Social Media PolicySocial Media Policy
Social Media Policy
 
The Start-Up’s Guide to Privacy - MaRS Best Practices
The Start-Up’s Guide to Privacy - MaRS Best PracticesThe Start-Up’s Guide to Privacy - MaRS Best Practices
The Start-Up’s Guide to Privacy - MaRS Best Practices
 
Developing a Social Media Policy for Your Law Firm
Developing a Social Media Policy for Your Law FirmDeveloping a Social Media Policy for Your Law Firm
Developing a Social Media Policy for Your Law Firm
 
Business communication (zayani)
Business communication (zayani)Business communication (zayani)
Business communication (zayani)
 
Linkedin policy primer
Linkedin policy primerLinkedin policy primer
Linkedin policy primer
 
Juliette van balen; sociale netwerken, juridische aspecten
Juliette van balen; sociale netwerken, juridische aspectenJuliette van balen; sociale netwerken, juridische aspecten
Juliette van balen; sociale netwerken, juridische aspecten
 
Best Practices For Advertisers and Affiliates
Best Practices For Advertisers and AffiliatesBest Practices For Advertisers and Affiliates
Best Practices For Advertisers and Affiliates
 
Privacy Policy_page.pdf
Privacy Policy_page.pdfPrivacy Policy_page.pdf
Privacy Policy_page.pdf
 
Golden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyGolden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacy
 
Privacy Policy
Privacy PolicyPrivacy Policy
Privacy Policy
 
Privacy Policy
Privacy PolicyPrivacy Policy
Privacy Policy
 
Fun Writing Paper
Fun Writing PaperFun Writing Paper
Fun Writing Paper
 
Fun Writing Paper
Fun Writing PaperFun Writing Paper
Fun Writing Paper
 
Fun Writing Paper. Online assignment writing service.
Fun Writing Paper. Online assignment writing service.Fun Writing Paper. Online assignment writing service.
Fun Writing Paper. Online assignment writing service.
 
News update 21 11-19
News update 21 11-19News update 21 11-19
News update 21 11-19
 
Slicing Up the Mobile Services Revenue Pie
Slicing Up the Mobile Services Revenue PieSlicing Up the Mobile Services Revenue Pie
Slicing Up the Mobile Services Revenue Pie
 
Trade setup 20 9-19
Trade setup 20 9-19Trade setup 20 9-19
Trade setup 20 9-19
 

Plus de Risk Crew

Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
Risk Crew
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891
Risk Crew
 
Risk Factory: Top 10 Risks 2013
Risk Factory: Top 10 Risks 2013Risk Factory: Top 10 Risks 2013
Risk Factory: Top 10 Risks 2013
Risk Crew
 
Risk Factory: Getting a Grip on Mobile Devices
Risk Factory: Getting a Grip on Mobile DevicesRisk Factory: Getting a Grip on Mobile Devices
Risk Factory: Getting a Grip on Mobile Devices
Risk Crew
 
Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The Essentials
Risk Crew
 
Risk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response Programme
Risk Crew
 
Risk Factory: Beyond Data Leakage
Risk Factory: Beyond Data LeakageRisk Factory: Beyond Data Leakage
Risk Factory: Beyond Data Leakage
Risk Crew
 

Plus de Risk Crew (20)

Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891
 
Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891
 
Risk Factory: Inside the Mind of a Hacker
Risk Factory: Inside the Mind of a HackerRisk Factory: Inside the Mind of a Hacker
Risk Factory: Inside the Mind of a Hacker
 
Risk Factory The 2014 Numbers
Risk Factory The 2014 NumbersRisk Factory The 2014 Numbers
Risk Factory The 2014 Numbers
 
Risk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best PracticeRisk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best Practice
 
Risk Factory Big Daddy Digs Big Data
Risk Factory Big Daddy Digs Big DataRisk Factory Big Daddy Digs Big Data
Risk Factory Big Daddy Digs Big Data
 
Risk Factory: Top 10 Risks 2013
Risk Factory: Top 10 Risks 2013Risk Factory: Top 10 Risks 2013
Risk Factory: Top 10 Risks 2013
 
Risk Factory: Getting a Grip on Mobile Devices
Risk Factory: Getting a Grip on Mobile DevicesRisk Factory: Getting a Grip on Mobile Devices
Risk Factory: Getting a Grip on Mobile Devices
 
Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The Essentials
 
Risk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response Programme
 
Risk Factory: Beyond Data Leakage
Risk Factory: Beyond Data LeakageRisk Factory: Beyond Data Leakage
Risk Factory: Beyond Data Leakage
 
Risk Factory: Let's Get Physical
Risk Factory: Let's Get PhysicalRisk Factory: Let's Get Physical
Risk Factory: Let's Get Physical
 
Risk Factory: PCI Shrink to Fit
Risk Factory: PCI Shrink to FitRisk Factory: PCI Shrink to Fit
Risk Factory: PCI Shrink to Fit
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
Risk Factory: Database Security: Oxymoron?
Risk Factory: Database Security: Oxymoron? Risk Factory: Database Security: Oxymoron?
Risk Factory: Database Security: Oxymoron?
 
Risk Factory: Modems the Forgotten Back Door
Risk Factory: Modems the Forgotten Back DoorRisk Factory: Modems the Forgotten Back Door
Risk Factory: Modems the Forgotten Back Door
 
Risk Factory How to Steal an Identity
Risk Factory How to Steal an IdentityRisk Factory How to Steal an Identity
Risk Factory How to Steal an Identity
 
Risk Factory: The State of Electronic Eavesdropping
Risk Factory: The State of Electronic EavesdroppingRisk Factory: The State of Electronic Eavesdropping
Risk Factory: The State of Electronic Eavesdropping
 
Risk Factory Geo-location Security Issues & Best Practices
Risk Factory Geo-location Security Issues & Best PracticesRisk Factory Geo-location Security Issues & Best Practices
Risk Factory Geo-location Security Issues & Best Practices
 

Dernier

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 

Dernier (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Risk Factory: Security Lessons From the Online Adult Entertainment Industry

  • 1. Security Lessons from the Online Adult Entertainment
  • 2. A simple, easy to use, online, B2B procurement portal for purchasing products and services to identify, minimise and manage the security threat to business data. www.riskfactory.com
  • 3. Legal Disclaimer The information contained in this presentation is for general guidance on matters of interest only. The application and impact of laws can vary widely based on the specific facts involved. Given the changing nature of laws, rules and regulations, and the inherent hazards of electronic communication, there may be delays, omissions or inaccuracies in information contained in this presentation. Accordingly, the information on this presentation is provided with the understanding that the audience is not herein engaged in rendering law enforcement, legal, accounting, tax, or other professional advice and services. Before making any decision or taking any action, you should consult a professional. While we have made every attempt to ensure that the information contained in this presentation has been obtained from reliable sources, Orthus is not responsible for any errors or omissions, or for the results obtained from the use of this information. All information in this presentation is provided "as is", with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability and fitness for a particular purpose. In no event will Orthus its related partnerships or corporations, or the partners, agents or employees thereof be liable to you or anyone else for any decision made or action taken in reliance on the information in this presentation or for any consequential, special or similar damages, even if advised of the possibility of such damages. Certain links in this presentation connect to other presentations maintained by third parties over whom Orthus has no control. Orthus makes no representations as to the accuracy or any other aspect of information contained in the speaker's words. This statement explains how we may collect and use information about you through our presentation. If you have any questions about our privacy policies, want to exercise your right to see a copy of the information that we hold about you, or think that information we hold about you may need to be corrected, please click here to send an email to our solicitor As you would expect, we monitor visits to our presentation, principally so that we can make sure that it is easy to navigate, identify the areas that are of particular interest to visitors and generally improve the presentation and our services. The information that we collect in this process will not identify you as an individual, however - we do not seek to identify individual visitors unless they volunteer their contact details through one of the forms on the presentation. In some circumstances our records will identify organisations visiting our presentation and we may use that information in managing our relationship with those organisations - for example, in considering how to develop the services that we offer them. In common with most presentations, our presentation uses cookies - small data files which are downloaded to your computer so that we can recognise that your computer has presentation the presentation before. We do not use cookies to identify you, just to improve your experience of the presentation - for example, by allowing the presentation to remember your bookmarks and language preference. You can if you wish set your Internet browser so that it will not automatically download cookies - this will not prevent you from using our presentation. The exact steps necessary to block cookies vary from browser to browser. They are generally explained in the "Help" section of the browser. Various forms on our presentation invite you to submit your contact details and other information about yourself or your organisation, or to send us emails which will, of course, also identify you. In each case, the purpose for which you are invited to give us information is clear and we also indicate which of the requested information is essential for the relevant purpose and which is optional - fields for essential information are marked with an asterisk. If we propose to use your details to send you information from Orthus about events or legal developments which we believe may be of interest to you (other than information that you have specifically requested), we give you an opportunity to tell us that you do not wish to receive such information by ticking a box. We will not use your information for purposes that are not clear when you provide your details, and will not disclose it outside Orthus, except in very limited circumstances - for example, with your agreement or where we are legally obliged to do so. Orthus operates as a single firm, but it works through various local legal entities. These entities, which are all ultimately controlled by the same group of partners, are identified in the Locations section of our presentation. When you provide information through the presentation you will be providing it to Orthus as a whole, and should be aware that it may be accessed from countries whose laws provide various levels of protection for personal data, not always equivalent to the level of protection that may be provided in your own country. The information materials and opinions contained on this presentation are for general information purposes only, are not intended to constitute legal or other professional advice, and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances. Neither Orthus not any other Orthus entity accepts any responsibility for any loss which may arise from reliance on information or materials published on this presentation. If you wish to find out more about the information in the materials published, please contact a Orthus partner. Certain parts of this presentation link to external internet presentations, and other external internet presentations may link to this presentation. Orthus is not responsible for the content of any external internet presentations. The materials contained on this web presentation are provided for general information purposes only and do not constitute legal or other professional advice. Neither Orthus nor any other Orthus entity accepts any responsibility for any loss which may arise from reliance on information published on this presentation. The materials published on this presentation are unless otherwise stated the copyright works of Orthus. You may make copies of materials published which are of interest to you for your own personal use and you may also provide occasional copies to others for information purposes only provided that you do so free of charge and the copies do not comprise substantial parts of the presentation. When you do make copies for yourself or others, the content of the published material and the copyright notices must remain intact, your communication of the content must not be misleading or inaccurate and a copy of this notice must accompany any copies of the materials which you provide to others. No other use of the materials published on this presentation is permitted without the express prior written consent of Orthus."
  • 4. Agenda "On the internet, you're either our client - or our enemy." CIO - U.K. 2nd Largest On-Line Adult Entertainment Provider
  • 5. Sex Sells The global on-line adult entertainment industry revenue in 2009 was estimated at over: 97 billion dollars US
  • 6. Really Sells Last year alone more than 80,000 major adult web sites each generated profits more than 1 billon.
  • 7. Got the Time Sailor? Every second: £3,975.24 is being spent on pornography Every second: 79,258 Internet users are viewing pornography Every second: 872 Internet users are typing adult search terms into search engines Every 39 minutes: A new pornographic video is created in the United States
  • 8. Looking for Love The number one search term used in search engine sites =
  • 9. Open All Night 52% internet users view porn 35% of all downloads are pornographic Last count there were 4.2 million websites offering adult content (472 million pages of content) An estimated 2.8 billion emails are sent daily (Averaging 4.5 per user per day)
  • 10. Men Love It 69% visitors to adult sites are men 20% of men admit to accessing porn at work 20% of men admit they may be addicted to porn
  • 11. Women Love It 31% visitors to adult sites are women 13% of women admit to accessing porn at work 17% of women admit they may be addicted to porn 70% of women keep their cyber activities secret
  • 12. "A" Levels 63% of University students admitted to having sex in front of live web cams and using live chat rooms 87% of University students admitted to routinely accessing adult content sites
  • 13. Skin in the Game Recognised as the first industry to understand how to generate and sustain revenue from the internet The on-line adult entertainment industry has grew twenty fold since 1999
  • 14. The Good Direct: Broadband Streaming media Fee based services Geo location software Segmented content 3G mobile apps Indirect: VHS Video Players Camcorders DVDs Pay per View Satellite TV Interactive TV
  • 15. Agenda Porn drives each new "convenient" visual technology Each high-tech advance takes porn closer to solving their big marketing problem: The Shame Factor Porn: Demand high Technology: Driven but doesn't travel by demand well
  • 16. The Bad SPAM Viruses Trojans Botnets Spyware Key loggers Adware Worms Pop-up adverts Redirects JavaScript catchers
  • 18. The Price of Popularity “As an industry, adult entertainment websites are the most prominent and lucrative targets for freelance hackers today and attract the largest number of organised vigilante cyber groups on line”. Associated Press 2010
  • 20.
  • 21.
  • 22. Enemies of the State
  • 23. Indecent Exposure California State Senate Bill 1386 mandated public disclosure of the loss of personal data as of April 20, 2005 (name, sex, DOB, address etc…) Subsequently adopted more than 40 States
  • 26. So... What do they know that we don’t?
  • 27. 1st Lesson It’s a war out there! • The Internet is a battle field • No rules of war • You must adapt the mind set of a soldier • Training is key to understand how you will act under fire • All fire is “live” fire • Don't show up to a gun fight with a knife • Assume your adversary is a professional • Prepare accordingly • Only the strong survive
  • 28. Lesson 2 Embrace technology • Mind set of technology pioneers • Not afraid to try/use new technology • New technology = harder target • New technology = security asset • If they don’t see it in the market, they build it • Dual technology security devices / defences • Security starts at the application • Testing freaks!
  • 29. Lesson 3 They're called "fundamentals" for a reason • Rigidly apply best practices, 0 tolerance • Process over product • Load balance, fail over, DR sites • Button downed, routinely tested architectures • First adopters of 24/7/365 VA scanning • SDLC zealots • Change management a security responsibility • Patch management mission critical
  • 30. Lesson 4 Protect the crown jewels • Client data = crown jewels • Data discovery 24/7 • Real time network mapping • One server - one function • Practice network separation and segmentation • Implement honey pot architectures • Triple DMZ architectures • Encrypted databases at rest – prohibit mobility • Real time IPS’ • First adopters of attacking the attackers
  • 31. Lesson 5 Good fences make good neighbours • No remote connections • No third party connections • No remote PC • No peer to peer connections • No file sharing • No remote system maintenance • No VPN connections to back office systems • No wireless subnets… • All 3rd party agreements levy corporate security policies/procedures
  • 32. Lesson 6 Trust no one • Openly acknowledged • Flat lined security program: One size fits all • No one holds universal privileges • Three man rule for admin or policy changes • Employee pre-screening and post checks (credit / criminal checks) • Active & intense employee monitoring • Post employment confidentiality agreements
  • 33. Lesson 7 Top down security • Lead by example • Entire Board rated on security • Corporate culture realised • Security is an “asset” rather than a liability • All policies tied to people • People tied to policies and product (site) • Strong and consistent security awareness programs • One strike and you’re out
  • 34. Lesson 8 Pay your people well • Employees “extremely” well paid • Developers and Administrators well above • At least 25% above market rate • Pay for training • Pay for certifications • Bonuses for identifying potential problems • Bonuses for identifying solutions • Bonuses for zero losses • Performance bonuses
  • 35. Lesson 9 Do not write a policy you can’t enforce • If you talk the talk you have to walk the walk • Security program transparent • Stripped down polices focus the mind • Compliance required by employment contract • Monitor ALL employees • Remove violators • Practice the “walk of shame” • Prosecute violators
  • 36. Lesson 10 If it ain’t broke, don’t fix it! • Take time to quantify a security issue • What are we trying to protect? Why? Can we protect it? What happens if we fail? • Not worried about “nuisances” • Don't look to the market to tell you the threats to your business • Don’t rush out to by point products • All security spend is benchmarked against quantifiable ROI to the business mission • If you can’t measure it, it doesn’t exist
  • 37. Homework 1. It’s a war zone 2. Embrace technology 3. Fundamentals for a reason 4. Protect the crown jewels 5. Fences make good neighbours 6. Trust no one 7. Top down security 8. Pay your people well 9. Don’t write a policy you can’t enforce 10. If it ain't broke, don't fix it.
  • 40. 26 Dover Street London United Kingdom W1S 4LY +44 (0)20 3586 1025 +44 (0)20 7763 7101(fax)

Notes de l'éditeur

  1. Give out cards
  2. Give out cards
  3. Give out cards
  4. Give out cards
  5. Give out cards
  6. Give out cards
  7. Give out cards
  8. Give out cards
  9. Give out cards
  10. Give out cards
  11. Give out cards
  12. Give out cards
  13. Give out cards
  14. Give out cards
  15. Give out cards
  16. Give out cards
  17. Give out cards
  18. Give out cards
  19. Give out cards
  20. Give out cards
  21. Give out cards
  22. Give out cards
  23. Give out cards
  24. Give out cards
  25. Give out cards
  26. Give out cards
  27. Give out cards
  28. Give out cards
  29. Give out cards
  30. Give out cards
  31. Give out cards
  32. Give out cards
  33. Give out cards
  34. Give out cards
  35. Give out cards
  36. Give out cards
  37. Give out cards