Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
The 10 Principles Security First 1
How to Differentiate Your Business
By Making Security a Priority
The 10 Principles
of S...
The 10 Principles Security First 2The 10 Principles Security First 2
It’s thinking about your
company’s security holistica...
The 10 Principles Security First 3
That means looking beyond technical
considerations to see where
security fits into your...
The 10 Principles Security First 4The 10 Principles Security First 4
That’s
important
because by putting security
first yo...
The 10 Principles Security First 5
You’ll also be able to
differentiate yourself
from your competitors
by creating better
...
The 10 Principles Security First 6The 10 Principles Security First 6
To help you better understand
security first, we’ve p...
The 10 Principles Security First 7The 10 Principles Security First 7
Start now.
1
The 10 Principles Security First 8
Introducing privacy and
security too late can
come at a high cost...
The 10 Principles Security First 9
Being forced to undo every
decision you’ve ever made
that’s had a security implication.
The 10 Principles Security First 10The 10 Principles Security First 10
Don’t make
that mistake.
Start introducing a securi...
The 10 Principles Security First 11The 10 Principles Security First 11
Make security
everyone’s
responsibility.
2
The 10 Principles Security First 12
Although it must start at
the top, no one should be
exempt from being
responsible for ...
The 10 Principles Security First 13The 10 Principles Security First 13
Plus, it has to be
communicated
clearly and
regular...
The 10 Principles Security First 14
That’s because security needs to be
embedded in all aspects of the business,
including...
The 10 Principles Security First 15The 10 Principles Security First 15
Create new
value through
security and
privacy.
3
The 10 Principles Security First 16The 10 Principles Security First 16
Make your commitment
to security and privacy
a comp...
The 10 Principles Security First 17
If you get it right,
you can win against
your competitors.
The 10 Principles Security First 18
Plus, your users will be willing to give
you more data and more rights to
extract valu...
The 10 Principles Security First 19
To achieve this, you need
to show your users that there
are mechanisms in place to
pro...
The 10 Principles Security First 20The 10 Principles Security First 20
Seek out synergies
between security
and function.
4
The 10 Principles Security First 21
Security has
historically been
viewed as a cost.
To get it, you had to
trade off funct...
The 10 Principles Security First 22The 10 Principles Security First 22
But it doesn’t have
to be that way.
The 10 Principles Security First 23
If you start with
security early, you
can build unique
functionality on top
to come up...
The 10 Principles Security First 24
Look for opportunities
to improve security,
reduce user friction
and increase product
...
The 10 Principles Security First 25
One example is touch ID on a
mobile phone for password-less
authentication and a smoot...
The 10 Principles Security First 26
Another is moving to a major cloud
provider such as Amazon Web Services
that combines ...
The 10 Principles Security First 27The 10 Principles Security First 27
Avoid
partners that
weaken your
security.
5
The 10 Principles Security First 28
Your business partners and
third-party integrations are
part of your attack surface.
The 10 Principles Security First 29
Ask them about their
security and privacy stance,
and work with partners who
have a go...
The 10 Principles Security First 30
In the process, help your partners
take a security first stance as a
way to protect yo...
The 10 Principles Security First 31The 10 Principles Security First 31
Always be
(threat) modeling.
6
The 10 Principles Security First 32The 10 Principles Security First 32
Adversarial behavior can
take many forms, shapes
an...
The 10 Principles Security First 33
Be creative in understanding your
assets, stakeholders and the current
state of all yo...
The 10 Principles Security First 34
Plan ahead for new attack
surfaces and advances in
attacker capabilities.
The 10 Principles Security First 35The 10 Principles Security First 35
involves going over every process,
role, product an...
The 10 Principles Security First 36The 10 Principles Security First 36
Give customers
control and
oversight over
their dat...
The 10 Principles Security First 37
Software companies have
traditionally assumed broad data
rights through their privacy ...
The 10 Principles Security First 38
But this approach to managing privacy is no longer
compatible with legislation such as...
The 10 Principles Security First 39
Practically speaking, you need
to consider such regulations in
your product and sales ...
The 10 Principles Security First 40The 10 Principles Security First 40
Be transparent.
Give users visibility into the
pers...
The 10 Principles Security First 41The 10 Principles Security First 41
Design systems
to reduce the
impact of an
attack.
8
The 10 Principles Security First 42
Breaches will happen, so ensure
that your systems are designed
to compartmentalize dam...
The 10 Principles Security First 43The 10 Principles Security First 43
Three approaches that have
been shown to minimize t...
The 10 Principles Security First 44The 10 Principles Security First 44
Assume that
reality is always
worse than it
appears...
The 10 Principles Security First 45The 10 Principles Security First 45
Complacency can
be your downfall,
so always approac...
The 10 Principles Security First 46
Don’t consider
any security alert
or incident resolved
until it has been fully
investi...
The 10 Principles Security First 47
And, to help uncover the root cause
of a situation, make it part of your
company cultu...
The 10 Principles Security First 48The 10 Principles Security First 48
Have a rapid
remediation plan
and practice
using it...
The 10 Principles Security First 49
When a security or privacy compromise
is discovered, use your well-practiced
incident ...
The 10 Principles Security First 50
Providing timely remediation
is essential to protect
your brand and retain
customer tr...
The 10 Principles Security First 51The 10 Principles Security First 51
Effective plans
will cover both the common
scenario...
The 10 Principles Security First 52
They will include a
communication strategy
and will evolve and adapt
over time as new ...
The 10 Principles Security First 53
By putting security first,
your company will not
only protect your own
interests, but ...
The 10 Principles Security First 54The 10 Principles Security First 54
Start now.
Make security everyone’s
responsibility....
The 10 Principles Security First 55The 10 Principles Security First 55
Want to learn
more about
security first?
Download o...
Upcoming SlideShare
Loading in …5
×

The 10 Principles of Security First

4,071 views

Published on

Privacy and security have become issues that are making or breaking businesses. A steady stream of data breaches over the past few years has shown that organisations must now take a proactive approach to security across their entire business. Yevgeniy Vahlis, Director of Security First at Georgian Partners introduces principles to help both reduce your exposure as well as start to make security a competitive differentiator for your organization.

Published in: Technology

The 10 Principles of Security First

  1. 1. The 10 Principles Security First 1 How to Differentiate Your Business By Making Security a Priority The 10 Principles of Security First
  2. 2. The 10 Principles Security First 2The 10 Principles Security First 2 It’s thinking about your company’s security holistically from the ground up. Security first is a mindset.
  3. 3. The 10 Principles Security First 3 That means looking beyond technical considerations to see where security fits into your… Business model Software development People and hiring practices Pricing Approach to partnerships Marketing Research and innovation ✔ ✔ ✔ ✔ ✔ ✔ ✔
  4. 4. The 10 Principles Security First 4The 10 Principles Security First 4 That’s important because by putting security first you’ll not only keep your business safe...
  5. 5. The 10 Principles Security First 5 You’ll also be able to differentiate yourself from your competitors by creating better experiences for your customers.
  6. 6. The 10 Principles Security First 6The 10 Principles Security First 6 To help you better understand security first, we’ve put together 10 principles to orient your thinking.
  7. 7. The 10 Principles Security First 7The 10 Principles Security First 7 Start now. 1
  8. 8. The 10 Principles Security First 8 Introducing privacy and security too late can come at a high cost...
  9. 9. The 10 Principles Security First 9 Being forced to undo every decision you’ve ever made that’s had a security implication.
  10. 10. The 10 Principles Security First 10The 10 Principles Security First 10 Don’t make that mistake. Start introducing a security first mindset into your business today.
  11. 11. The 10 Principles Security First 11The 10 Principles Security First 11 Make security everyone’s responsibility. 2
  12. 12. The 10 Principles Security First 12 Although it must start at the top, no one should be exempt from being responsible for security.
  13. 13. The 10 Principles Security First 13The 10 Principles Security First 13 Plus, it has to be communicated clearly and regularly.
  14. 14. The 10 Principles Security First 14 That’s because security needs to be embedded in all aspects of the business, including culture, hiring, business strategy, technology and promotion.
  15. 15. The 10 Principles Security First 15The 10 Principles Security First 15 Create new value through security and privacy. 3
  16. 16. The 10 Principles Security First 16The 10 Principles Security First 16 Make your commitment to security and privacy a competitive differentiator.
  17. 17. The 10 Principles Security First 17 If you get it right, you can win against your competitors.
  18. 18. The 10 Principles Security First 18 Plus, your users will be willing to give you more data and more rights to extract value from that data.
  19. 19. The 10 Principles Security First 19 To achieve this, you need to show your users that there are mechanisms in place to protect them, and that you will meet the security and privacy expectations that you set.
  20. 20. The 10 Principles Security First 20The 10 Principles Security First 20 Seek out synergies between security and function. 4
  21. 21. The 10 Principles Security First 21 Security has historically been viewed as a cost. To get it, you had to trade off functionality.
  22. 22. The 10 Principles Security First 22The 10 Principles Security First 22 But it doesn’t have to be that way.
  23. 23. The 10 Principles Security First 23 If you start with security early, you can build unique functionality on top to come up with a stronger offering.
  24. 24. The 10 Principles Security First 24 Look for opportunities to improve security, reduce user friction and increase product functionality.
  25. 25. The 10 Principles Security First 25 One example is touch ID on a mobile phone for password-less authentication and a smoother user experience.
  26. 26. The 10 Principles Security First 26 Another is moving to a major cloud provider such as Amazon Web Services that combines functionality with much much more robust security.
  27. 27. The 10 Principles Security First 27The 10 Principles Security First 27 Avoid partners that weaken your security. 5
  28. 28. The 10 Principles Security First 28 Your business partners and third-party integrations are part of your attack surface.
  29. 29. The 10 Principles Security First 29 Ask them about their security and privacy stance, and work with partners who have a good approach.
  30. 30. The 10 Principles Security First 30 In the process, help your partners take a security first stance as a way to protect yourself.
  31. 31. The 10 Principles Security First 31The 10 Principles Security First 31 Always be (threat) modeling. 6
  32. 32. The 10 Principles Security First 32The 10 Principles Security First 32 Adversarial behavior can take many forms, shapes and sizes. Malware Credential Attacks Phishing AI model and data poisoning attacks Denial of Service Rogue Software Network Attacks Application Attacks ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
  33. 33. The 10 Principles Security First 33 Be creative in understanding your assets, stakeholders and the current state of all your systems, including both digital and human processes.
  34. 34. The 10 Principles Security First 34 Plan ahead for new attack surfaces and advances in attacker capabilities.
  35. 35. The 10 Principles Security First 35The 10 Principles Security First 35 involves going over every process, role, product and piece of infrastructure in your business, and identifying the threats they’re exposed to. Threat modeling
  36. 36. The 10 Principles Security First 36The 10 Principles Security First 36 Give customers control and oversight over their data. 7
  37. 37. The 10 Principles Security First 37 Software companies have traditionally assumed broad data rights through their privacy policies.
  38. 38. The 10 Principles Security First 38 But this approach to managing privacy is no longer compatible with legislation such as the European General Data Protection Regulation (GDPR).
  39. 39. The 10 Principles Security First 39 Practically speaking, you need to consider such regulations in your product and sales strategies.
  40. 40. The 10 Principles Security First 40The 10 Principles Security First 40 Be transparent. Give users visibility into the personal data you’re capturing and storing, and some level of control over that data.
  41. 41. The 10 Principles Security First 41The 10 Principles Security First 41 Design systems to reduce the impact of an attack. 8
  42. 42. The 10 Principles Security First 42 Breaches will happen, so ensure that your systems are designed to compartmentalize damage from attackers.
  43. 43. The 10 Principles Security First 43The 10 Principles Security First 43 Three approaches that have been shown to minimize the impact of a compromise are: The principle of least authority Decentralization Redundancy ✔ ✔ ✔
  44. 44. The 10 Principles Security First 44The 10 Principles Security First 44 Assume that reality is always worse than it appears. 9
  45. 45. The 10 Principles Security First 45The 10 Principles Security First 45 Complacency can be your downfall, so always approach monitoring and system assessment with a healthy dose of paranoia.
  46. 46. The 10 Principles Security First 46 Don’t consider any security alert or incident resolved until it has been fully investigated.
  47. 47. The 10 Principles Security First 47 And, to help uncover the root cause of a situation, make it part of your company culture to always ask why.
  48. 48. The 10 Principles Security First 48The 10 Principles Security First 48 Have a rapid remediation plan and practice using it. 10
  49. 49. The 10 Principles Security First 49 When a security or privacy compromise is discovered, use your well-practiced incident response plan and notify any affected customers immediately.
  50. 50. The 10 Principles Security First 50 Providing timely remediation is essential to protect your brand and retain customer trust.
  51. 51. The 10 Principles Security First 51The 10 Principles Security First 51 Effective plans will cover both the common scenarios and outliers.
  52. 52. The 10 Principles Security First 52 They will include a communication strategy and will evolve and adapt over time as new threats are understood and best practices for response improve.
  53. 53. The 10 Principles Security First 53 By putting security first, your company will not only protect your own interests, but also those of your clients.
  54. 54. The 10 Principles Security First 54The 10 Principles Security First 54 Start now. Make security everyone’s responsibility. Create new value through security and privacy. Seek out synergies between security and function. Avoid partners that weaken your security. That creates a big opportunity. 4 5 6 10 7 8 9 1 2 3 Always be (threat) modeling. Give customers control and oversight over their data. Design systems to reduce the impact of an attack. Assume that reality is always worse than it appears. Have a rapid remediation plan and practice using it. To take advantage of it, remember these 10 principles:
  55. 55. The 10 Principles Security First 55The 10 Principles Security First 55 Want to learn more about security first? Download our white paper on the “10 Principles of Security First.”

×