SlideShare a Scribd company logo
1 of 32
Mosaic Theory of Information
Security
For Technical Writers
1
Margaret Fero
For SF Bay Chapter of the STC, November 2020
FIRST: Disclaimers
SF Bay Chapter of the STC, November 20202
I’m not a lawyer, a financial advisor, the SEC, or in any way entitled to make expert
judgements on what is or is not legal or insider trading. This whole talk is provided
without warranty or guarantee. This is not legal advice. This is not financial advice.
I’m going to talk about how legal and financial concepts work in a general sense based on
a layperson’s understanding so we can all have a shared basis from which to discuss their
applicability to information security. Do not make financial or legal decisions based on any
information in this talk. Talk to actual experts if you feel inspired to make financial or legal
decisions after watching this talk, do not rely on my information here.
I am not an Expert on insider trading regulations, but I have enough of a general idea to
use them as an allegory for a security problem.
"Cat on a wall" by digitaltemi is licensed under CC BY 2.03
4
About Me
● Currently a Software
Engineer with a focus on
Security at a small startup
● Previously a Principal
Technical Writer at
Degreed, and overall a
technical writer for over a
decade, the last 6 years of
it full-time
● Hold security certifications
including the GSEC,
GCIH, and GCIA
About Mosaic Theory
Agenda
1
2
5
3
Some Examples, General and Specific to TechComm
What To Watch Out For
4 Conclusion
5 Questions
About Mosaic Theory
6
Why mosaic
theory?
7
Money Stuff by Matt
Levine
https://www.bloomberg.com/opinion/articles/2018-03-18/equifax-exec-sold-stock-after-hack-was-it-insider-
trading
What’s Insider Trading?
8
https://www.investor.gov/additional-resources/general-resources/glossary/insider-trading
What’s Insider Trading?
9
https://www.investor.gov/additional-resources/general-resources/glossary/insider-trading
Every day, professional investors and
research analysts work the phones to
ferret out information about companies that
can’t be found by simply reading news
releases.
10
Andrew Ross Sorkin
New York Times Dealbook Column
November 29, 2010
https://dealbook.nytimes.com/2010/11/29/just-tidbits-or-material-
facts-for-insider-trading/ ;
"Puzzling" by byzantiumbooks is licensed under CC BY 2.0
● “Material” information
direct from a reputable
source
● Information comes
packaged together
● Information is useful alone
What counts as insider trading?
11
● “Immaterial” information
from multiple sources
● You combine information
to create useful packages
● Individual pieces of
information are not as
useful as the whole
Insider Trading
(Bad)
Skilled
Financial
Analysis (Good)
Some Examples
12
Insider Trading
This is bad.
13 https://www.sec.gov/news/press-release/2020-27
Another Example of Alleged Insider Trading
This one still hasn’t gone to trial, so it may be okay, but it also sounds bad.
14 https://www.sec.gov/news/press-release/2020-228
Skilled Financial Analysis
This is good!
15
To Review
Insider
Trading
Bad.
16
Skilled
Financial
Analysis
Good, actually!
17 "Frank, September 4, 2011 - keyboard" by pat00139 is licensed under CC BY 2.0
Why should I care as a
technical writer?
You also have information.
18
Material non-
public
information
● Details of unreleased
features
● Internal approvals or QA
processes
● Product roadmaps
● Usage data
● Company costs
Immaterial or
public
information
● Press release archives
● Job ads
● Your company’s website
● Your colleague’s lunch
preferences
● Published documentation
Material
Information
19
This is bad to release.
https://www.darkreading.com/cloud/hotelscom-and-expedia-provider-exposes-millions-of-guests-data/d/d-id/1339407
Immaterial
Information
20
● Travel opportunities
● Employee
sabbaticals
● Employee travel
● Onsite/Offsite timing
● Food preferences
● Release schedule
This is good to release!
...right?
What should I watch for?
21
22
High-Risk Categories
Job Posts &
Resignations
Employee
Sentiment
Feature
Details
Tooling Compliance
Changes
"Sharpest tool in the shed" by Lachlan is licensed under CC BY 2.0; "Slides Box Paperwork" by cdsessums is licensed
under CC BY-SA 2.0; "Job Listings" by flazingo_photos is licensed under CC BY-SA 2.0; "Thumbs Up" by Learn4Life is
licensed under CC BY-SA 2.0; "Project Management Plan" by perhapstoopink is licensed under CC BY 2.0
Disclaimer
(again):
23
The tools I’m about to
mention are risky
because they’re useful!
Banning these tools is
not a good mitigation
strategy.
"Lego bricks" by EEPaul is licensed under CC BY 2.0
● Job post contents
● Employees’ role descriptions on LinkedIn or networking sites
● Meetup membership or attendance
● Vendor forum membership
● Event or networking conversations
Tooling
24
25
Compliance Changes
● LinkedIn posts
● Conference attendance or course completion
● Forum posts
● Meetup membership or attendance
● Job postings
● Joining professional organizations or networks
26
Job Posts & Resignations
● Your career site
● Your ATS or company LinkedIn page
● Recent alumni’s LinkedIn or social media accounts
● Your company or product blog, or individuals’ blogs
● Networking conversations
27
Employee Sentiment
● Social media
● Press mentions
● Glassdoor reviews
● Networking Slacks and Discords
● Conversations on public transit (someday...)
● Conversations near your office (someday...)
28
Feature Details
● “Coming Soon” listings or sections
● Company blog
● Descriptions of what individual employees are working on
● Documented defaults
● Documented settings
● Documented procedures, processes, and overrides
29
Other Information You Have
● Instagram posts
● Vacation responders
● Individual Preferences
What Now?
30
Don’t despair, just
be aware!"Full Rainbow at Sunrise at Columbia River in Washington" by Landscapes in The West is licensed under CC PDM 1.0
Thank you!
Questions?
@maggiefero
Linkedin.com/in/margaretfero
Degreed.com/maggiefero
32

More Related Content

Similar to Mosaic Theory of Information Security: For Technical Writers

10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdf10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdfCIO Look Magazine
 
Fortinet: The New CISO – From Technology to Business Focused Leadership
Fortinet: The New CISO – From Technology to Business Focused LeadershipFortinet: The New CISO – From Technology to Business Focused Leadership
Fortinet: The New CISO – From Technology to Business Focused LeadershipMighty Guides, Inc.
 
Towards a Trustmark for IoT (May 2018)
Towards a Trustmark for IoT (May 2018)Towards a Trustmark for IoT (May 2018)
Towards a Trustmark for IoT (May 2018)Peter Bihr
 
Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)Peter Bihr
 
Bitclave - investment attractiveness report (Digital Rating Agency)
Bitclave -  investment attractiveness report (Digital Rating Agency)Bitclave -  investment attractiveness report (Digital Rating Agency)
Bitclave - investment attractiveness report (Digital Rating Agency)digitalrating
 
Everything Blockchain Presentation - June 2021
 Everything Blockchain Presentation - June 2021 Everything Blockchain Presentation - June 2021
Everything Blockchain Presentation - June 2021RedChip Companies, Inc.
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity  (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity  (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Berezha Security Group
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version   ...Four mistakes to avoid when hiring your next security chief (print version   ...
Four mistakes to avoid when hiring your next security chief (print version ...Niren Thanky
 
Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)Peter Bihr
 
Dimensions Network – investment attractiveness report (Digital Rating Agency)
Dimensions Network – investment attractiveness report (Digital Rating Agency)Dimensions Network – investment attractiveness report (Digital Rating Agency)
Dimensions Network – investment attractiveness report (Digital Rating Agency)digitalrating
 
Jincor - investment attractiveness report (Digital Rating Agency)
Jincor - investment attractiveness report (Digital Rating Agency)Jincor - investment attractiveness report (Digital Rating Agency)
Jincor - investment attractiveness report (Digital Rating Agency)digitalrating
 
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Mighty Guides, Inc.
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...Resourceful Nonprofit
 
Upside_Taxonomy-of-Tokens.pptx
Upside_Taxonomy-of-Tokens.pptxUpside_Taxonomy-of-Tokens.pptx
Upside_Taxonomy-of-Tokens.pptxkelroyjames1
 
Cointelligence - ICO Rating Report Q2-Q3 2018
Cointelligence - ICO Rating Report Q2-Q3 2018Cointelligence - ICO Rating Report Q2-Q3 2018
Cointelligence - ICO Rating Report Q2-Q3 2018Cointelligence
 
Designing business models with blockchain
Designing business models with blockchainDesigning business models with blockchain
Designing business models with blockchainMarco Bar Goria
 

Similar to Mosaic Theory of Information Security: For Technical Writers (20)

10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdf10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdf
 
(Webinar Slides) How to Ethically Use Technology in Your Practice
(Webinar Slides) How to Ethically Use Technology in Your Practice(Webinar Slides) How to Ethically Use Technology in Your Practice
(Webinar Slides) How to Ethically Use Technology in Your Practice
 
Fortinet: The New CISO – From Technology to Business Focused Leadership
Fortinet: The New CISO – From Technology to Business Focused LeadershipFortinet: The New CISO – From Technology to Business Focused Leadership
Fortinet: The New CISO – From Technology to Business Focused Leadership
 
Towards a Trustmark for IoT (May 2018)
Towards a Trustmark for IoT (May 2018)Towards a Trustmark for IoT (May 2018)
Towards a Trustmark for IoT (May 2018)
 
Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)
 
Bitclave - investment attractiveness report (Digital Rating Agency)
Bitclave -  investment attractiveness report (Digital Rating Agency)Bitclave -  investment attractiveness report (Digital Rating Agency)
Bitclave - investment attractiveness report (Digital Rating Agency)
 
Everything Blockchain Presentation - June 2021
 Everything Blockchain Presentation - June 2021 Everything Blockchain Presentation - June 2021
Everything Blockchain Presentation - June 2021
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity  (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity  (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version   ...Four mistakes to avoid when hiring your next security chief (print version   ...
Four mistakes to avoid when hiring your next security chief (print version ...
 
Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)
 
Dimensions Network – investment attractiveness report (Digital Rating Agency)
Dimensions Network – investment attractiveness report (Digital Rating Agency)Dimensions Network – investment attractiveness report (Digital Rating Agency)
Dimensions Network – investment attractiveness report (Digital Rating Agency)
 
Jincor - investment attractiveness report (Digital Rating Agency)
Jincor - investment attractiveness report (Digital Rating Agency)Jincor - investment attractiveness report (Digital Rating Agency)
Jincor - investment attractiveness report (Digital Rating Agency)
 
What is token
What is tokenWhat is token
What is token
 
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...
 
Upside_Taxonomy-of-Tokens.pptx
Upside_Taxonomy-of-Tokens.pptxUpside_Taxonomy-of-Tokens.pptx
Upside_Taxonomy-of-Tokens.pptx
 
Cointelligence - ICO Rating Report Q2-Q3 2018
Cointelligence - ICO Rating Report Q2-Q3 2018Cointelligence - ICO Rating Report Q2-Q3 2018
Cointelligence - ICO Rating Report Q2-Q3 2018
 
Designing business models with blockchain
Designing business models with blockchainDesigning business models with blockchain
Designing business models with blockchain
 

Recently uploaded

A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdftbatkhuu1
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116  - With room ServiceCall Girls in Gomti Nagar - 7388211116  - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...Suhani Kapoor
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
Progress Report - Oracle Database Analyst Summit
Progress  Report - Oracle Database Analyst SummitProgress  Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 

Recently uploaded (20)

A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdf
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116  - With room ServiceCall Girls in Gomti Nagar - 7388211116  - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
Progress Report - Oracle Database Analyst Summit
Progress  Report - Oracle Database Analyst SummitProgress  Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 

Mosaic Theory of Information Security: For Technical Writers

  • 1. Mosaic Theory of Information Security For Technical Writers 1 Margaret Fero For SF Bay Chapter of the STC, November 2020
  • 2. FIRST: Disclaimers SF Bay Chapter of the STC, November 20202 I’m not a lawyer, a financial advisor, the SEC, or in any way entitled to make expert judgements on what is or is not legal or insider trading. This whole talk is provided without warranty or guarantee. This is not legal advice. This is not financial advice. I’m going to talk about how legal and financial concepts work in a general sense based on a layperson’s understanding so we can all have a shared basis from which to discuss their applicability to information security. Do not make financial or legal decisions based on any information in this talk. Talk to actual experts if you feel inspired to make financial or legal decisions after watching this talk, do not rely on my information here. I am not an Expert on insider trading regulations, but I have enough of a general idea to use them as an allegory for a security problem.
  • 3. "Cat on a wall" by digitaltemi is licensed under CC BY 2.03
  • 4. 4 About Me ● Currently a Software Engineer with a focus on Security at a small startup ● Previously a Principal Technical Writer at Degreed, and overall a technical writer for over a decade, the last 6 years of it full-time ● Hold security certifications including the GSEC, GCIH, and GCIA
  • 5. About Mosaic Theory Agenda 1 2 5 3 Some Examples, General and Specific to TechComm What To Watch Out For 4 Conclusion 5 Questions
  • 7. Why mosaic theory? 7 Money Stuff by Matt Levine https://www.bloomberg.com/opinion/articles/2018-03-18/equifax-exec-sold-stock-after-hack-was-it-insider- trading
  • 10. Every day, professional investors and research analysts work the phones to ferret out information about companies that can’t be found by simply reading news releases. 10 Andrew Ross Sorkin New York Times Dealbook Column November 29, 2010 https://dealbook.nytimes.com/2010/11/29/just-tidbits-or-material- facts-for-insider-trading/ ; "Puzzling" by byzantiumbooks is licensed under CC BY 2.0
  • 11. ● “Material” information direct from a reputable source ● Information comes packaged together ● Information is useful alone What counts as insider trading? 11 ● “Immaterial” information from multiple sources ● You combine information to create useful packages ● Individual pieces of information are not as useful as the whole Insider Trading (Bad) Skilled Financial Analysis (Good)
  • 13. Insider Trading This is bad. 13 https://www.sec.gov/news/press-release/2020-27
  • 14. Another Example of Alleged Insider Trading This one still hasn’t gone to trial, so it may be okay, but it also sounds bad. 14 https://www.sec.gov/news/press-release/2020-228
  • 17. 17 "Frank, September 4, 2011 - keyboard" by pat00139 is licensed under CC BY 2.0 Why should I care as a technical writer?
  • 18. You also have information. 18 Material non- public information ● Details of unreleased features ● Internal approvals or QA processes ● Product roadmaps ● Usage data ● Company costs Immaterial or public information ● Press release archives ● Job ads ● Your company’s website ● Your colleague’s lunch preferences ● Published documentation
  • 19. Material Information 19 This is bad to release. https://www.darkreading.com/cloud/hotelscom-and-expedia-provider-exposes-millions-of-guests-data/d/d-id/1339407
  • 20. Immaterial Information 20 ● Travel opportunities ● Employee sabbaticals ● Employee travel ● Onsite/Offsite timing ● Food preferences ● Release schedule This is good to release! ...right?
  • 21. What should I watch for? 21
  • 22. 22 High-Risk Categories Job Posts & Resignations Employee Sentiment Feature Details Tooling Compliance Changes "Sharpest tool in the shed" by Lachlan is licensed under CC BY 2.0; "Slides Box Paperwork" by cdsessums is licensed under CC BY-SA 2.0; "Job Listings" by flazingo_photos is licensed under CC BY-SA 2.0; "Thumbs Up" by Learn4Life is licensed under CC BY-SA 2.0; "Project Management Plan" by perhapstoopink is licensed under CC BY 2.0
  • 23. Disclaimer (again): 23 The tools I’m about to mention are risky because they’re useful! Banning these tools is not a good mitigation strategy. "Lego bricks" by EEPaul is licensed under CC BY 2.0
  • 24. ● Job post contents ● Employees’ role descriptions on LinkedIn or networking sites ● Meetup membership or attendance ● Vendor forum membership ● Event or networking conversations Tooling 24
  • 25. 25 Compliance Changes ● LinkedIn posts ● Conference attendance or course completion ● Forum posts ● Meetup membership or attendance ● Job postings ● Joining professional organizations or networks
  • 26. 26 Job Posts & Resignations ● Your career site ● Your ATS or company LinkedIn page ● Recent alumni’s LinkedIn or social media accounts ● Your company or product blog, or individuals’ blogs ● Networking conversations
  • 27. 27 Employee Sentiment ● Social media ● Press mentions ● Glassdoor reviews ● Networking Slacks and Discords ● Conversations on public transit (someday...) ● Conversations near your office (someday...)
  • 28. 28 Feature Details ● “Coming Soon” listings or sections ● Company blog ● Descriptions of what individual employees are working on ● Documented defaults ● Documented settings ● Documented procedures, processes, and overrides
  • 29. 29 Other Information You Have ● Instagram posts ● Vacation responders ● Individual Preferences
  • 31. Don’t despair, just be aware!"Full Rainbow at Sunrise at Columbia River in Washington" by Landscapes in The West is licensed under CC PDM 1.0