2016 레몬세미나 발표자료 이찬우 final

•

3 likes•745 views

This document discusses three key aspects of customizing security that everyone should know. It discusses (1) creating one's own security framework, (2) realizing threats and what is known, and (3) distinguishing between important and unimportant security issues in an increasingly complex IT environment. The document emphasizes the importance of having an accurate concept, broadening one's insights, and defining what is necessary versus optional in one's security approach.

Product Consultant Personal Information Security Manager
IT Security Solution Engineer Product Strategy & Plannings
IT Security Manager Security Research Project Manager
● ●
● ●
● ● ●
CHANWOO LEE
I T S E C U R I T Y M A N A G E R

A R E I N C R E A S I N G L Y C O M P L E X
THE
IT ENVIRONMENT

THE ONE THING
Should Know About Security

C U S T O M I Z E
S E C U R I T Y
NOT Technical
NOT Difficult
NOT Much

갈수록 늘어나는
위협 요소
AGILE 개발방법론 클라우드 블록체인
무인자율자동차 IOT 사각지대 정보자산
자율보안 비즈니스 다변화 보안 빅데이터

Create
OWN FRAMEWORK Necessary
Define
ACCURATE CONCEPT Realize
Broaden
YOUR INSIGHT Unimpotant

Steven Dow, Stanford HCI Group
달걀 떨어뜨리기 실험
Try Again.. Again.. Again!!

Description: This presentation will start with an overview of the current state of Application Insecurity (with practical examples). This will make the attendees think twice about what is about to happen to their applications. The solution is to leverage a new generation of application security thinking such as: TDD, Docker, Test Automation, Static Analysis, cleaver Fuzzing, JIRA Risk workflows, Kanban, micro web services visualization, and ELK. These practices will not only make applications/software more secure/resilient, but it allow them to be developed in a much more efficient, cheaper and productive way. The v.06 was presented at London Software Craftsmanship Community on 18/Feb/2016 - http://www.meetup.com/london-software-craftsmanship/members/184071944/ The v.0.6 was presented at the OWASP London Chapter meeting on 25t/Feb/2016

Gianluca D'Antonio - Working in Cybersecurity: thrut & lies behind the trince...

RootedCON

Viewers also liked

금뽀 송예림 발표자료(최종)

Lee Chanwoo

창립30주년 기념 isaca korea conference track4 이찬우(20160826)_발표용_final

Lee Chanwoo

금뽀 장웅태 발표자료(최종)

Lee Chanwoo

Sua 그린나래컨퍼런스 발표자료(2015.3.28)_최종본

Lee Chanwoo

Sua 강의자료 2주차_관리체계(2014.03.18)_최종

Lee Chanwoo

최종 Sua 레몬세미나_발표자료(2014.10.26)

Lee Chanwoo

Security plus 강남대_발표자료(2015.7.18)

Lee Chanwoo

2013 산업보안 공모전_대학(원)생부_sua_최종

Lee Chanwoo

오피스키퍼 제안서 일반기업용 Z

시온시큐리티

Sua 정보보호관리체계 cissp_암호학_강의교안

Lee Chanwoo

Sua 정보보호관리체계 cissp_보안관리_강의교안

Lee Chanwoo

금뽀 금융보안 컴플라이언스 학습 가이드(최종)

Lee Chanwoo

내부정보유출방지 대책 및 방안

시온시큐리티

BoB 정보보안_인력양성_아이디어_공모전_ssim

Lee Chanwoo

Polaris 공개세미나 발표자료_기존 보안교육을 통해 살펴보는 평생학습과제_최종(2015.12.06)

Sua 정보보호관리체계 최종_강의교안

[공개용]정보보호, 우리 업무의 기본

보안교육자료

중소기업 ISMS수립 지원을 위한 정보보호지침서 및 서식 모음

진종 최

Korean information security practices 보안 인식교육

Bill Hagestad II

Viewers also liked (20)

금뽀 송예림 발표자료(최종)

창립30주년 기념 isaca korea conference track4 이찬우(20160826)_발표용_final

금뽀 장웅태 발표자료(최종)

Sua 그린나래컨퍼런스 발표자료(2015.3.28)_최종본

Sua 강의자료 2주차_관리체계(2014.03.18)_최종

최종 Sua 레몬세미나_발표자료(2014.10.26)

Security plus 강남대_발표자료(2015.7.18)

2013 산업보안 공모전_대학(원)생부_sua_최종

오피스키퍼 제안서 일반기업용 Z

Sua 정보보호관리체계 cissp_암호학_강의교안

Sua 정보보호관리체계 cissp_보안관리_강의교안

금뽀 금융보안 컴플라이언스 학습 가이드(최종)

내부정보유출방지 대책 및 방안

BoB 정보보안_인력양성_아이디어_공모전_ssim

Polaris 공개세미나 발표자료_기존 보안교육을 통해 살펴보는 평생학습과제_최종(2015.12.06)

Sua 정보보호관리체계 최종_강의교안

[공개용]정보보호, 우리 업무의 기본

보안교육자료

중소기업 ISMS수립 지원을 위한 정보보호지침서 및 서식 모음

Korean information security practices 보안 인식교육

Similar to 2016 레몬세미나 발표자료 이찬우 final

New Era of Software with modern Application Security (v0.6)

Dinis Cruz

Gianluca D'Antonio - Working in Cybersecurity: thrut & lies behind the trince...

RootedCON

ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...

Santhosh Tuppad

As technology evolved, software security faced huge challenges and as the years passed, the world has seen drastic changes far too quickly. And along with these advancements, even black-hat hackers or malicious hackers have evolved also very well. Today, the internet is the place for everyone where hackers dwell almost all the time. Every day new applications are released to the web and users start using them and even get addicted to them due to outstanding UX. But, wait! Did someone think about the "security" layer of these applications? Well, we often don’t and most of the applications today suffer from "beggarly / bad security". In this talk, Santhosh Tuppad will focus on the pitfalls of bad security and why software security has failed in a pretty way. He will also shed light on how your users may be facing bigger problems than you can imagine due to bad software that lacks security testing. He will also demonstrate some of the lethal problems that exist in the industry and will talk about technical impact, business impacts like reputation damage, revenue loss and a lot more. Not only that, Santhosh won’t end his talk without some hacking demonstrations that will for sure wow you. Finally, he will tell you how you can start security testing from day 1 and start contributing in terms of building secure software. From this talk, you will gain an understanding about the problems that a lack of security testing presents and you find out about tool-assisted security testing; performing security tests through questioning. After the talk, you will be able to start identifying risks and report comm.on vulnerabilities giving you a feeling of “I can do this”

OSB50: Operational Security: State of the Union

Ivanti

Information Security

E-Journal ICT4D

SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...

Varun Mithran

Psych of Sec

Scot A Terban

SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends

Anton Chuvakin

Compliance in the Era of Cloud

OneLogin

Enterprises enthusiastically embrace SaaS apps, yet organizations are essentially entrusting 3rd parties with business critical data. View this deck for actionable insights for driving a more compliant portfolio of cloud services. -How to implement a secure access strategy no matter where your data lives or how your users access it -How to easily federate directories and facilitate cross domain access -How to enforce access control policies to support compliance with mandates -How to audit application access and usage

How to Take Cloud Access Control to the Next Level

OneLogin

Imagine your users could easily access all their business apps from anywhere, at any time and from any device. What if they could access them through an impenetrable gateway? What if there was virtually no risk of an unauthorized person gaining access, even if they somehow knew an authorized user’s password? Multi-Factor Authentication (MFA) has become a standard practice for any security-conscious organization and OneLogin enables you to instantly apply it to all your apps. Combine MFA with a centralized app gateway and you have struck the modern balance between security and convenience. Join OneLogin, the leader in enterprise identity and access management to learn: -Why MFA eliminates a major threat to your data -How to set up OneLogin MFA -The OneLogin MFA user experience

How to Secure America

SecurityStudio

Security by default - Building continuous cyber-resilience.

Thoughtworks

Single-line of defence security is no longer enough. Organisations need to build security across everything they do - business processes, data handling, platforms, products and services, and understand security as an evolving, responsive, agile setup. In this talk, Dave explains how technology foundations for secure product development and an agile security setup across the board can promote sustainable innovation and enhance cyber-resilience overall.

Congratulations! You're The New Security Person! (or, I've Made a Huge Mistake)

Sean Jackson

Things i wished i knew as a junior developer

Geshan Manandhar

Pyramid of Cyber Security

Jiří Napravnik

Modern SOC Trends 2020

Anton Chuvakin

Unconventional Security Metrics & Marginal Analysis

Roger Johnston

Cyber Security & User's Privacy Invasion

Isaiah Edem

Vulnerability Analyst interview Questions.pdf

infosec train

Agentless Patch Management for the Data Center

Ivanti

Many organizations automate patch management in their end user environments, but often times the Data Center tends to be more manual. What if you could manage your Windows Servers in a better way? Agentlessly discovery, assess and remediation security vulnerabilities. Control your maintenance windows by choosing when to assess, stage updates, execute, and reboot systems. Manage physical and virtual servers, on premises or in the cloud. Contain virtual sprawl in your VMware environments with the ability to scan and automate patching for offline VMs and templates. Integrate into any orchestrator or automation solution using our REST or Powershell APIs to full script and automate patching of complex workloads. Did we mention this can all be done Agentlessly? Join our webinar to learn how.

Similar to 2016 레몬세미나 발표자료 이찬우 final (20)

New Era of Software with modern Application Security (v0.6)

Gianluca D'Antonio - Working in Cybersecurity: thrut & lies behind the trince...

ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...

OSB50: Operational Security: State of the Union

Information Security

SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...

Psych of Sec

SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends

Compliance in the Era of Cloud

How to Take Cloud Access Control to the Next Level

How to Secure America

Security by default - Building continuous cyber-resilience.

Congratulations! You're The New Security Person! (or, I've Made a Huge Mistake)

Things i wished i knew as a junior developer

Pyramid of Cyber Security

Modern SOC Trends 2020

Unconventional Security Metrics & Marginal Analysis

Cyber Security & User's Privacy Invasion

Vulnerability Analyst interview Questions.pdf

Agentless Patch Management for the Data Center

Recently uploaded

Comparing Evolved Extractive Text Summary Scores of Bidirectional Encoder Rep...

University of Maribor

role of pramana in research.pptx in science

sonaliswain16

S.1 chemistry scheme term 2 for ordinary level

ronaldlakony0

如何办理(uvic毕业证书)维多利亚大学毕业证本科学位证书原版一模一样

yqqaatn0

原版纸张【微信：741003700 】【(uvic毕业证书)维多利亚大学毕业证】【微信：741003700 】学位证，留信认证（真实可查，永久存档）offer、雅思、外壳等材料/诚信可靠,可直接看成品样本，帮您解决无法毕业带来的各种难题！外壳，原版制作，诚信可靠，可直接看成品样本。行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题，包您满意。本公司拥有海外各大学样板无数，能完美还原海外各大学 Bachelor Diploma degree, Master Degree Diploma 1:1完美还原海外各大学毕业材料上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700 留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才

Remote Sensing and Computational, Evolutionary, Supercomputing, and Intellige...

University of Maribor

Earliest Galaxies in the JADES Origins Field: Luminosity Function and Cosmic ...

Sérgio Sacani

We characterize the earliest galaxy population in the JADES Origins Field (JOF), the deepest imaging field observed with JWST. We make use of the ancillary Hubble optical images (5 filters spanning 0.4−0.9µm) and novel JWST images with 14 filters spanning 0.8−5µm, including 7 mediumband filters, and reaching total exposure times of up to 46 hours per filter. We combine all our data at > 2.3µm to construct an ultradeep image, reaching as deep as ≈ 31.4 AB mag in the stack and 30.3-31.0 AB mag (5σ, r = 0.1” circular aperture) in individual filters. We measure photometric redshifts and use robust selection criteria to identify a sample of eight galaxy candidates at redshifts z = 11.5 − 15. These objects show compact half-light radii of R1/2 ∼ 50 − 200pc, stellar masses of M⋆ ∼ 107−108M⊙, and star-formation rates of SFR ∼ 0.1−1 M⊙ yr−1 . Our search finds no candidates at 15 < z < 20, placing upper limits at these redshifts. We develop a forward modeling approach to infer the properties of the evolving luminosity function without binning in redshift or luminosity that marginalizes over the photometric redshift uncertainty of our candidate galaxies and incorporates the impact of non-detections. We find a z = 12 luminosity function in good agreement with prior results, and that the luminosity function normalization and UV luminosity density decline by a factor of ∼ 2.5 from z = 12 to z = 14. We discuss the possible implications of our results in the context of theoretical models for evolution of the dark matter halo mass function.

Mudde & Rovira Kaltwasser. - Populism - a very short introduction [2017].pdf

frank0071

Seminar of U.V. Spectroscopy by SAMIR PANDA

SAMIR PANDA

DERIVATION OF MODIFIED BERNOULLI EQUATION WITH VISCOUS EFFECTS AND TERMINAL V...

Wasswaderrick3

In this book, we use conservation of energy techniques on a fluid element to derive the Modified Bernoulli equation of flow with viscous or friction effects. We derive the general equation of flow/ velocity and then from this we derive the Pouiselle flow equation, the transition flow equation and the turbulent flow equation. In the situations where there are no viscous effects , the equation reduces to the Bernoulli equation. From experimental results, we are able to include other terms in the Bernoulli equation. We also look at cases where pressure gradients exist. We use the Modified Bernoulli equation to derive equations of flow rate for pipes of different cross sectional areas connected together. We also extend our techniques of energy conservation to a sphere falling in a viscous medium under the effect of gravity. We demonstrate Stokes equation of terminal velocity and turbulent flow equation. We look at a way of calculating the time taken for a body to fall in a viscous medium. We also look at the general equation of terminal velocity.

general properties of oerganologametal.ppt

IqrimaNabilatulhusni

in vitro propagation of plants lecture note.pptx

yusufzako14

Nutraceutical market, scope and growth: Herbal drug technology

Lokesh Patil

As consumer awareness of health and wellness rises, the nutraceutical market—which includes goods like functional meals, drinks, and dietary supplements that provide health advantages beyond basic nutrition—is growing significantly. As healthcare expenses rise, the population ages, and people want natural and preventative health solutions more and more, this industry is increasing quickly. Further driving market expansion are product formulation innovations and the use of cutting-edge technology for customized nutrition. With its worldwide reach, the nutraceutical industry is expected to keep growing and provide significant chances for research and investment in a number of categories, including vitamins, minerals, probiotics, and herbal supplements.

Chapter 12 - climate change and the energy crisis

tonzsalvador2222

Leaf Initiation, Growth and Differentiation.pdf

RenuJangid3

Toxic effects of heavy metals : Lead and Arsenic

sanjana502982

GBSN - Microbiology (Lab 4) Culture Media

Areesha Ahmad

Salas, V. (2024) "John of St. Thomas (Poinsot) on the Science of Sacred Theol...

Studia Poinsotiana

I Introduction II Subalternation and Theology III Theology and Dogmatic Declarations IV The Mixed Principles of Theology V Virtual Revelation: The Unity of Theology VI Theology as a Natural Science VII Theology’s Certitude VIII Conclusion Notes Bibliography All the contents are fully attributable to the author, Doctor Victor Salas. Should you wish to get this text republished, get in touch with the author or the editorial committee of the Studia Poinsotiana. Insofar as possible, we will be happy to broker your contact.

What is greenhouse gasses and how many gasses are there to affect the Earth.

moosaasad1975

Unveiling the Energy Potential of Marshmallow Deposits.pdf

Erdal Coalmaker

Lateral Ventricles.pdf very easy good diagrams comprehensive

silvermistyshot

Recently uploaded (20)

Comparing Evolved Extractive Text Summary Scores of Bidirectional Encoder Rep...

role of pramana in research.pptx in science

S.1 chemistry scheme term 2 for ordinary level

如何办理(uvic毕业证书)维多利亚大学毕业证本科学位证书原版一模一样

Remote Sensing and Computational, Evolutionary, Supercomputing, and Intellige...

Earliest Galaxies in the JADES Origins Field: Luminosity Function and Cosmic ...

Mudde & Rovira Kaltwasser. - Populism - a very short introduction [2017].pdf

Seminar of U.V. Spectroscopy by SAMIR PANDA

DERIVATION OF MODIFIED BERNOULLI EQUATION WITH VISCOUS EFFECTS AND TERMINAL V...

general properties of oerganologametal.ppt

in vitro propagation of plants lecture note.pptx

Nutraceutical market, scope and growth: Herbal drug technology

Chapter 12 - climate change and the energy crisis

Leaf Initiation, Growth and Differentiation.pdf

Toxic effects of heavy metals : Lead and Arsenic

GBSN - Microbiology (Lab 4) Culture Media

Salas, V. (2024) "John of St. Thomas (Poinsot) on the Science of Sacred Theol...

What is greenhouse gasses and how many gasses are there to affect the Earth.

Unveiling the Energy Potential of Marshmallow Deposits.pdf

Lateral Ventricles.pdf very easy good diagrams comprehensive

2016 레몬세미나 발표자료 이찬우 final

2. Product Consultant Personal Information Security Manager IT Security Solution Engineer Product Strategy & Plannings IT Security Manager Security Research Project Manager ● ● ● ● ● ● ● CHANWOO LEE I T S E C U R I T Y M A N A G E R

3. A R E I N C R E A S I N G L Y C O M P L E X THE IT ENVIRONMENT

5. We can see it as much about as YOU KNOW

6. THE ONE THING Should Know About Security

7. C U S T O M I Z E S E C U R I T Y NOT Technical NOT Difficult NOT Much

8. HOW ? THREE ASPECT

9. Create OWN FRAMEWORK

10. ACCURATE CONCEPT

11. Broaden YOUR INSIGHT

12. THE FIRST Should Know About Security

13. There are Necessary Optional&

14. Administrative Controls

15. Physical Controls