SlideShare uma empresa Scribd logo

Information Security for startups

Stijn Vande Casteele
Stijn Vande Casteele

Information Security for startups was presented on 11 September 2010 at the Barcamp meeting in Antwerp, Belgium. It presents issues, tips and interesting information security pointers for startup businesses in the world of e-commerce.

Tecnologia
1 de 8
Baixar para ler offline
Information Security for startups Stijn Vande Casteele @securityworld trusted@gmail.com
Overview ➲Introduction ➲Your world ➲My world ➲Tips ➲Pointers
Introduction ➲ Information Security Architect ● MSc in InfoSec, CISSP, GCFA ● Ubizen(VzB), Telindus/Belgacom > Deloitte. ➲ Startup experience ● Scanit, ArcSight, Indio
Your world ➲ Online ➲ Social media ➲ IT, Technology ➲ Time is money ➲ Grow (pains) ➲ Partners (offshore) (cheap/uptime/perf) ➲ The cloud
My world ➲ Risk analysis & management ➲ People, Process, Technology ➲ Confidentiality ➲ Integrity ➲ Availability
Tips ➲ Can you trust your partners? SLA? Reports? ➲ Are secure coding techniques used? ➲ Who has access to your backend? Cloud? ➲ Protect your most critical information ➲ Work out a backup/restore method (DRP) ➲ Know what to do in case of a security incident ➲ Logs?! ➲ Look for expert ➲ Keep an eye on the darkside
Pointers ➲ http://isc.sans.edu ➲ http://www.h-online.com/ ➲ http://www.owasp.org ➲ https://www.ecops.be ➲ https://www.cert.be ➲ http://www.rootsecure.net/
Questions?

Recomendados

How Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differentlyHow Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differently
Scott Cressman
 
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
NetworkCollaborators
 
Intelligent Cybersecurity for the Real World
Intelligent Cybersecurity for the Real WorldIntelligent Cybersecurity for the Real World
Intelligent Cybersecurity for the Real World
NetCraftsmen
 
Angel at my Table 2014: Riscoveri
Angel at my Table 2014: RiscoveriAngel at my Table 2014: Riscoveri
Angel at my Table 2014: Riscoveri
nzsoftware
 
3 Things to Know When Securing Mixed, Multi-Cloud Environments
3 Things to Know When Securing Mixed, Multi-Cloud Environments3 Things to Know When Securing Mixed, Multi-Cloud Environments
3 Things to Know When Securing Mixed, Multi-Cloud Environments
ProtectWise
 
CSA - Nsc42 - London chapter keynote - cloud transformation security challenges
CSA - Nsc42 - London chapter keynote - cloud transformation security challenges CSA - Nsc42 - London chapter keynote - cloud transformation security challenges
CSA - Nsc42 - London chapter keynote - cloud transformation security challenges
NSC42 Ltd
 
Forcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůForcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelů
MarketingArrowECS_CZ
 
Cyber Defense in 2016
Cyber Defense in 2016Cyber Defense in 2016
Cyber Defense in 2016
Nixu Corporation
 

Recomendados

How Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differentlyHow Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differently
Scott Cressman
 
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
NetworkCollaborators
 
Intelligent Cybersecurity for the Real World
Intelligent Cybersecurity for the Real WorldIntelligent Cybersecurity for the Real World
Intelligent Cybersecurity for the Real World
NetCraftsmen
 
Angel at my Table 2014: Riscoveri
Angel at my Table 2014: RiscoveriAngel at my Table 2014: Riscoveri
Angel at my Table 2014: Riscoveri
nzsoftware
 
3 Things to Know When Securing Mixed, Multi-Cloud Environments
3 Things to Know When Securing Mixed, Multi-Cloud Environments3 Things to Know When Securing Mixed, Multi-Cloud Environments
3 Things to Know When Securing Mixed, Multi-Cloud Environments
ProtectWise
 
CSA - Nsc42 - London chapter keynote - cloud transformation security challenges
CSA - Nsc42 - London chapter keynote - cloud transformation security challenges CSA - Nsc42 - London chapter keynote - cloud transformation security challenges
CSA - Nsc42 - London chapter keynote - cloud transformation security challenges
NSC42 Ltd
 
Forcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůForcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelů
MarketingArrowECS_CZ
 
Cyber Defense in 2016
Cyber Defense in 2016Cyber Defense in 2016
Cyber Defense in 2016
Nixu Corporation
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019
Saumil Shah
 
Diploma management 2007 (2)
Diploma management 2007 (2)Diploma management 2007 (2)
Diploma management 2007 (2)
Nir David
 
Secure Infrastructure for the Mobile Legion
Secure Infrastructure for the Mobile LegionSecure Infrastructure for the Mobile Legion
Secure Infrastructure for the Mobile Legion
Raphael Reitzig
 
Design highly available and secure system
Design highly available and secure systemDesign highly available and secure system
Design highly available and secure system
Andi Pangeran
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Eric Vanderburg
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM Solutions
SolarWinds
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall Logs
Joshua Berman
 
Microservices docker-security
Microservices docker-securityMicroservices docker-security
Microservices docker-security
Sergio Loureiro
 
Security Kung Fu: Active Directory Changes
Security Kung Fu: Active Directory ChangesSecurity Kung Fu: Active Directory Changes
Security Kung Fu: Active Directory Changes
Joshua Berman
 
The New Economics of Cloud Security
The New Economics of Cloud SecurityThe New Economics of Cloud Security
The New Economics of Cloud Security
Alert Logic
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Dhani Ahmad
 
Major global information security trends - a summary
Major global information security trends - a summaryMajor global information security trends - a summary
Major global information security trends - a summary
SensePost
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
Shreedevi Tharanidharan
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Kumawat Dharmpal
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
Nicholas Davis
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Gareth Davies
 
Information System Security introduction
Information System Security introductionInformation System Security introduction
Information System Security introduction
Shu Shin
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
Ahmed Habib
 
Information security
Information securityInformation security
Information security
LJ PROJECTS
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dr. Loganathan R
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 

Mais conteúdo relacionado

Mais procurados

Diploma management 2007 (2)
Diploma management 2007 (2)Diploma management 2007 (2)
Diploma management 2007 (2)
Nir David
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall Logs
Joshua Berman
 
Security Kung Fu: Active Directory Changes
Security Kung Fu: Active Directory ChangesSecurity Kung Fu: Active Directory Changes
Security Kung Fu: Active Directory Changes
Joshua Berman
 

Mais procurados (10)

The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019
 
Diploma management 2007 (2)
Diploma management 2007 (2)Diploma management 2007 (2)
Diploma management 2007 (2)
 
Secure Infrastructure for the Mobile Legion
Secure Infrastructure for the Mobile LegionSecure Infrastructure for the Mobile Legion
Secure Infrastructure for the Mobile Legion
 
Design highly available and secure system
Design highly available and secure systemDesign highly available and secure system
Design highly available and secure system
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM Solutions
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall Logs
 
Microservices docker-security
Microservices docker-securityMicroservices docker-security
Microservices docker-security
 
Security Kung Fu: Active Directory Changes
Security Kung Fu: Active Directory ChangesSecurity Kung Fu: Active Directory Changes
Security Kung Fu: Active Directory Changes
 
The New Economics of Cloud Security
The New Economics of Cloud SecurityThe New Economics of Cloud Security
The New Economics of Cloud Security
 

Destaque

Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
Nicholas Davis
 
Information System Security introduction
Information System Security introductionInformation System Security introduction
Information System Security introduction
Shu Shin
 

Destaque (13)

Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Major global information security trends - a summary
Major global information security trends - a summaryMajor global information security trends - a summary
Major global information security trends - a summary
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Information System Security introduction
Information System Security introductionInformation System Security introduction
Information System Security introduction
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
 
Information security
Information securityInformation security
Information security
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 

Semelhante a Information Security for startups

(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
Amazon Web Services
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slides
Wallarm
 
A journey through an INFOSEC labyrinth
A journey through an INFOSEC labyrinthA journey through an INFOSEC labyrinth
A journey through an INFOSEC labyrinth
Avădănei Andrei
 
SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?
Anton Chuvakin
 
The Future of DevSecOps
The Future of DevSecOpsThe Future of DevSecOps
The Future of DevSecOps
Stefan Streichsbier
 

Semelhante a Information Security for startups (20)

S360 2015 dev_secops_program
S360 2015 dev_secops_programS360 2015 dev_secops_program
S360 2015 dev_secops_program
 
Threat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the CloudThreat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the Cloud
 
Practical security in a DevOps World
Practical security in a DevOps WorldPractical security in a DevOps World
Practical security in a DevOps World
 
How to choose cybersecurity academy in Kerala
How to choose cybersecurity academy in KeralaHow to choose cybersecurity academy in Kerala
How to choose cybersecurity academy in Kerala
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slides
 
Google Cloud Study Jam Cohort 2 Session 1
Google Cloud Study Jam Cohort 2 Session 1Google Cloud Study Jam Cohort 2 Session 1
Google Cloud Study Jam Cohort 2 Session 1
 
Low Code Neuro-Symbolic Agents.pdf
Low Code Neuro-Symbolic Agents.pdfLow Code Neuro-Symbolic Agents.pdf
Low Code Neuro-Symbolic Agents.pdf
 
SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC
 
Eskwela Openstandard V1.1
Eskwela Openstandard V1.1Eskwela Openstandard V1.1
Eskwela Openstandard V1.1
 
IDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthIDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in Depth
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
 
A journey through an INFOSEC labyrinth
A journey through an INFOSEC labyrinthA journey through an INFOSEC labyrinth
A journey through an INFOSEC labyrinth
 
SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?
 
Privacy for tech startups
Privacy for tech startups Privacy for tech startups
Privacy for tech startups
 
The Future of DevSecOps
The Future of DevSecOpsThe Future of DevSecOps
The Future of DevSecOps
 
App Security and Securing App
App Security and Securing AppApp Security and Securing App
App Security and Securing App
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 

Último

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Último (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Information Security for startups

  • 1. Information Security for startups Stijn Vande Casteele @securityworld trusted@gmail.com
  • 3. Introduction ➲ Information Security Architect ● MSc in InfoSec, CISSP, GCFA ● Ubizen(VzB), Telindus/Belgacom > Deloitte. ➲ Startup experience ● Scanit, ArcSight, Indio
  • 4. Your world ➲ Online ➲ Social media ➲ IT, Technology ➲ Time is money ➲ Grow (pains) ➲ Partners (offshore) (cheap/uptime/perf) ➲ The cloud
  • 5. My world ➲ Risk analysis & management ➲ People, Process, Technology ➲ Confidentiality ➲ Integrity ➲ Availability
  • 6. Tips ➲ Can you trust your partners? SLA? Reports? ➲ Are secure coding techniques used? ➲ Who has access to your backend? Cloud? ➲ Protect your most critical information ➲ Work out a backup/restore method (DRP) ➲ Know what to do in case of a security incident ➲ Logs?! ➲ Look for expert ➲ Keep an eye on the darkside
  • 7. Pointers ➲ http://isc.sans.edu ➲ http://www.h-online.com/ ➲ http://www.owasp.org ➲ https://www.ecops.be ➲ https://www.cert.be ➲ http://www.rootsecure.net/