Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
SECURITY IS AN
ENABLER.
NOT SECURING
IS AN INHIBITOR.
NISO TRANSFORMING CONTENT THROUGH
TRANSFORMED SYSTEMS CONFERENCE
THU...
Why is it important
for people to invest
in their systems?
Confidentiality
Integrity Availability
Security in the
News
https://www.cisa.gov/coronavirus
https://www.ic3.gov/Media/News/2021/210316.pdf
https://www.bloomberg.com/news/articles/2021-05-20/cna-financial-paid-40-million-in-ransom-after-march-cyberattack
https:/...
https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password
Back to Basics
Passwords and multifactor authentication
Use your institution's single sign-on (SSO)
Have an inventory of the systems you ...
Maintain Security Proactively
(Not Just When Crisis Strikes)
Bake security into your other development and operations plan...
Considerations on Data
Data collection does not necessarily equal a
privacy violation
Just because you can doesn't mean yo...
TWITTER
@buddhake
LINKEDIN
/in/danielaayala
EMAIL
daniel@secratic.com
Contact Information
Upcoming SlideShare
Loading in …5
×
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

0

Share

Download to read offline

Security Is an Enabler, Not Securing Is an Inhibitor

Download to read offline

Presentation on the need for security as part of a NISO/NFAIS conference on why it is important for people to invest in their systems.

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Security Is an Enabler, Not Securing Is an Inhibitor

  1. 1. SECURITY IS AN ENABLER. NOT SECURING IS AN INHIBITOR. NISO TRANSFORMING CONTENT THROUGH TRANSFORMED SYSTEMS CONFERENCE THURSDAY, 17 JUNE 2021 Daniel Ayala (@buddhake) CISO/CPO, Managing Partner
  2. 2. Why is it important for people to invest in their systems?
  3. 3. Confidentiality Integrity Availability
  4. 4. Security in the News https://www.cisa.gov/coronavirus https://www.ic3.gov/Media/News/2021/210316.pdf
  5. 5. https://www.bloomberg.com/news/articles/2021-05-20/cna-financial-paid-40-million-in-ransom-after-march-cyberattack https://www.insidehighered.com/digital-learning/blogs/online-trending-now/rising-threat-ransomware-and-other-malware The Rise of Ransomware
  6. 6. https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password
  7. 7. Back to Basics
  8. 8. Passwords and multifactor authentication Use your institution's single sign-on (SSO) Have an inventory of the systems you operate Know what software runs on those systems Patch your systems and software regularly Limit access to the things that people truly need Turn off systems when they are no longer used Turn off access when people leave the org Monitor your systems for changes from "normal" Educate users/patrons to risks on ongoing basis Newly Added! "The Basics"
  9. 9. Maintain Security Proactively (Not Just When Crisis Strikes) Bake security into your other development and operations planning Develop systems with commitments to 1 out of every X sprints being for longer term security features, and Y% of each sprint being earmarked for tactical security fixes Design the resiliency of systems to include patching requirements more than 2x/year Share the idea that security costs much more (up to 100x*) to fix later than do earlier Complexity increases security. Try to normalise on technologies whenever possible Review source code before releasing technology and don't release with critical vulns Know your suppliers and dig into how they are securing their systems (which are also now also your systems) Know (and practice) how you will respond when you get the call The mean time from disclosure to impact continues to shrink; be ready to react in a similar timeframe. that a breach has taken place. * Source: IBM System Science Institute: Relative Cost of Fixing Defects, 2010
  10. 10. Considerations on Data Data collection does not necessarily equal a privacy violation Just because you can doesn't mean you should. and ensure that it truly needs to do so Know what data flows in and out,
  11. 11. TWITTER @buddhake LINKEDIN /in/danielaayala EMAIL daniel@secratic.com Contact Information

Presentation on the need for security as part of a NISO/NFAIS conference on why it is important for people to invest in their systems.

Views

Total views

68

On Slideshare

0

From embeds

0

Number of embeds

0

Actions

Downloads

0

Shares

0

Comments

0

Likes

0

×