• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Risk Factory: Security Lessons From the Online Adult Entertainment Industry
 

Risk Factory: Security Lessons From the Online Adult Entertainment Industry

on

  • 873 views

In security, it doesn't get any sexier than this.

In security, it doesn't get any sexier than this.

Statistics

Views

Total Views
873
Views on SlideShare
872
Embed Views
1

Actions

Likes
1
Downloads
0
Comments
0

1 Embed 1

https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards
  • Give out cards

Risk Factory: Security Lessons From the Online Adult Entertainment Industry Risk Factory: Security Lessons From the Online Adult Entertainment Industry Presentation Transcript

  • Security Lessons from theOnline Adult Entertainment
  • A simple, easy to use, online, B2B procurement portal for purchasing products and services to identify, minimise and manage the security threat to business data. www.riskfactory.com
  • Legal DisclaimerThe information contained in this presentation is for general guidance on matters of interest only. The application and impact of laws can vary widely based on the specific facts involved. Given thechanging nature of laws, rules and regulations, and the inherent hazards of electronic communication, there may be delays, omissions or inaccuracies in information contained in this presentation. Accordingly, the information on this presentation is provided with the understanding that the audience is not herein engaged in rendering law enforcement, legal, accounting, tax, or other professional advice and services. Before making any decision or taking any action, you should consult a professional.While we have made every attempt to ensure that the information contained in this presentation has been obtained from reliable sources, Orthus is not responsible for any errors or omissions, or for the results obtained from the use of this information. All information in this presentation is provided "as is", with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability and fitness for a particular purpose. In no event will Orthus its related partnerships or corporations, or the partners, agents or employees thereof be liable to you or anyone else for any decision made or action taken in reliance on the information in this presentation or for any consequential, special or similar damages, even if advised of the possibility of such damages. Certain links in this presentation connect to other presentations maintained by third parties over whom Orthus has no control. Orthus makes no representations as to the accuracy or any other aspect of information contained in the speakers words.This statement explains how we may collect and use information about you through our presentation. If you have any questions about our privacy policies, want to exercise your right to see a copy of the information that we hold about you, or think that information we hold about you may need to be corrected, please click here to send an email to our solicitor As you would expect, we monitor visits to our presentation, principally so that we can make sure that it is easy to navigate, identify the areas that are of particular interest to visitors and generally improve the presentation and our services. The information that we collect in this process will not identify you as an individual, however - we do not seek to identify individual visitors unless theyvolunteer their contact details through one of the forms on the presentation. In some circumstances our records will identify organisations visiting our presentation and we may use that information in managing our relationship with those organisations - for example, in considering how to develop the services that we offer them. In common with most presentations, our presentation usescookies - small data files which are downloaded to your computer so that we can recognise that your computer has presentation the presentation before. We do not use cookies to identify you, justto improve your experience of the presentation - for example, by allowing the presentation to remember your bookmarks and language preference. You can if you wish set your Internet browser so that it will not automatically download cookies - this will not prevent you from using our presentation. The exact steps necessary to block cookies vary from browser to browser. They are generally explained in the "Help" section of the browser. Various forms on our presentation invite you to submit your contact details and other information about yourself or your organisation, or to send usemails which will, of course, also identify you. In each case, the purpose for which you are invited to give us information is clear and we also indicate which of the requested information is essential for the relevant purpose and which is optional - fields for essential information are marked with an asterisk. If we propose to use your details to send you information from Orthus about events or legal developments which we believe may be of interest to you (other than information that you have specifically requested), we give you an opportunity to tell us that you do not wish to receive such information by ticking a box. We will not use your information for purposes that are not clear when you provide your details, and will not disclose it outside Orthus, except in very limited circumstances - for example, with your agreement or where we are legally obliged to do so. Orthus operates as a single firm, but it works through various local legal entities. These entities, which are all ultimately controlled by the same group of partners, are identified in the Locationssection of our presentation. When you provide information through the presentation you will be providing it to Orthus as a whole, and should be aware that it may be accessed from countries whose laws provide various levels of protection for personal data, not always equivalent to the level of protection that may be provided in your own country. The information materials and opinions contained on this presentation are for general information purposes only, are not intended to constitute legal or other professional advice, and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances. Neither Orthus not any other Orthus entity accepts any responsibility for any loss which may arise from reliance on information or materials published on this presentation. If you wish to find out more about the information in the materials published, please contact a Orthus partner. Certain parts of this presentation link to external internet presentations, and other external internet presentations may link to this presentation. Orthus is not responsible for the content of anyexternal internet presentations. The materials contained on this web presentation are provided for general information purposes only and do not constitute legal or other professional advice. Neither Orthus nor any other Orthus entity accepts any responsibility for any loss which may arise from reliance on information published on this presentation. The materials published on this presentation are unless otherwise stated the copyright works of Orthus. You may make copies of materials published which are of interest to you for your own personal use and you may also provide occasional copies to others for information purposes only provided that you do so free of charge and the copies do not comprise substantial parts of the presentation. When you do make copies for yourself or others, the content of the published material and the copyright notices must remain intact, your communication of the content must not bemisleading or inaccurate and a copy of this notice must accompany any copies of the materials which you provide to others. No other use of the materials published on this presentation is permitted without the express prior written consent of Orthus."
  • Agenda"On the internet, youre either our client - or our enemy." CIO - U.K. 2nd Largest On-Line Adult Entertainment Provider
  • Sex Sells The global on-line adult entertainment industry revenue in 2009 was estimated at over: 97 billion dollars US
  • Really Sells Last year alone more than 80,000 major adult web sites each generated profits more than 1 billon.
  • Got the Time Sailor?Every second: £3,975.24 is being spent on pornographyEvery second: 79,258 Internet users are viewingpornographyEvery second: 872 Internet users are typing adultsearch terms into search enginesEvery 39 minutes: A new pornographic video is createdin the United States
  • Looking for Love The number one search term used in search engine sites =
  • Open All Night52% internet users viewporn35% of all downloads arepornographicLast count there were 4.2million websites offeringadult content (472 millionpages of content)An estimated 2.8 billion emails are sent daily(Averaging 4.5 per user per day)
  • Men Love It69% visitors to adult sites are men20% of men admit to accessing porn at work20% of men admit they may be addicted toporn
  • Women Love It31% visitors to adultsites are women13% of women admit toaccessing porn at work17% of women admitthey may be addictedto porn70% of women keeptheir cyber activitiessecret
  • "A" Levels 63% of University students admitted to having sex in front of live web cams and using live chat rooms 87% of University students admitted to routinely accessing adult content sites
  • Skin in the GameRecognised as the first industry to understandhow to generate and sustain revenue from the internet The on-line adult entertainment industry has grew twenty fold since 1999
  • The Good Direct: Broadband Streaming media Fee based services Geo location software Segmented content 3G mobile apps Indirect: VHS Video Players Camcorders DVDs Pay per View Satellite TV Interactive TV
  • Agenda Porn drives each new "convenient" visual technology Each high-tech advance takes porn closer to solving their big marketing problem: The Shame FactorPorn: Demand high Technology: Drivenbut doesnt travel by demandwell
  • The Bad SPAM Viruses Trojans Botnets Spyware Key loggers Adware Worms Pop-up adverts Redirects JavaScript catchers
  • The UglyPornographyPaedophiliaIncestBestialityNecrophiliaFrotteurismCoprophiliaUrophilia
  • The Price of Popularity “As an industry, adult entertainment websites are the most prominent and lucrative targets for freelance hackers today and attract the largest number of organised vigilante cyber groups on line”. Associated Press 2010
  • Their Enemies
  • Enemies of the State
  • Indecent ExposureCalifornia State Senate Bill 1386mandated public disclosure of theloss of personal data as of April 20,2005 (name, sex, DOB, addressetc…)Subsequently adopted more than 40 States
  • PrivacyRights.org
  • Victorias Secret
  • So... What do they know that we don’t?
  • 1st LessonIt’s a war out there! • The Internet is a battle field • No rules of war • You must adapt the mind set of a soldier • Training is key to understand how you will act under fire • All fire is “live” fire • Dont show up to a gun fight with a knife • Assume your adversary is a professional • Prepare accordingly • Only the strong survive
  • Lesson 2Embrace technology • Mind set of technology pioneers • Not afraid to try/use new technology • New technology = harder target • New technology = security asset • If they don’t see it in the market, they build it • Dual technology security devices / defences • Security starts at the application • Testing freaks!
  • Lesson 3Theyre called "fundamentals" for a reason • Rigidly apply best practices, 0 tolerance • Process over product • Load balance, fail over, DR sites • Button downed, routinely tested architectures • First adopters of 24/7/365 VA scanning • SDLC zealots • Change management a security responsibility • Patch management mission critical
  • Lesson 4Protect the crown jewels • Client data = crown jewels • Data discovery 24/7 • Real time network mapping • One server - one function • Practice network separation and segmentation • Implement honey pot architectures • Triple DMZ architectures • Encrypted databases at rest – prohibit mobility • Real time IPS’ • First adopters of attacking the attackers
  • Lesson 5Good fences make good neighbours • No remote connections • No third party connections • No remote PC • No peer to peer connections • No file sharing • No remote system maintenance • No VPN connections to back office systems • No wireless subnets… • All 3rd party agreements levy corporate security policies/procedures
  • Lesson 6Trust no one • Openly acknowledged • Flat lined security program: One size fits all • No one holds universal privileges • Three man rule for admin or policy changes • Employee pre-screening and post checks (credit / criminal checks) • Active & intense employee monitoring • Post employment confidentiality agreements
  • Lesson 7Top down security • Lead by example • Entire Board rated on security • Corporate culture realised • Security is an “asset” rather than a liability • All policies tied to people • People tied to policies and product (site) • Strong and consistent security awareness programs • One strike and you’re out
  • Lesson 8Pay your people well • Employees “extremely” well paid • Developers and Administrators well above • At least 25% above market rate • Pay for training • Pay for certifications • Bonuses for identifying potential problems • Bonuses for identifying solutions • Bonuses for zero losses • Performance bonuses
  • Lesson 9Do not write a policy you can’t enforce • If you talk the talk you have to walk the walk • Security program transparent • Stripped down polices focus the mind • Compliance required by employment contract • Monitor ALL employees • Remove violators • Practice the “walk of shame” • Prosecute violators
  • Lesson 10If it ain’t broke, don’t fix it! • Take time to quantify a security issue • What are we trying to protect? Why? Can we protect it? What happens if we fail? • Not worried about “nuisances” • Dont look to the market to tell you the threats to your business • Don’t rush out to by point products • All security spend is benchmarked against quantifiable ROI to the business mission • If you can’t measure it, it doesn’t exist
  • Homework 1. It’s a war zone 2. Embrace technology 3. Fundamentals for a reason 4. Protect the crown jewels 5. Fences make good neighbours 6. Trust no one 7. Top down security 8. Pay your people well 9. Don’t write a policy you can’t enforce 10. If it aint broke, dont fix it.
  • Behind the Green Door?
  • Agenda
  • 26 Dover Street London United Kingdom W1S 4LY +44 (0)20 3586 1025+44 (0)20 7763 7101(fax)