Submit Search
Upload
Real Life Information Security
•
Download as PPT, PDF
•
0 likes
•
534 views
Pawel Krawczyk
Follow
What is the limit for reasonable expenses for information security?
Read less
Read more
Education
Report
Share
Report
Share
1 of 29
Download now
Recommended
Project Finance
Project Finance
José Luis CUBERO-SOMED
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Pawel Krawczyk
Maximizing your coaxial (cable tv) v2
Maximizing your coaxial (cable tv) v2
Broto Santoso
Securing Your .NET Application
Securing Your .NET Application
Iron Speed
RootedCON 2015 - Deep inside the Java framework Apache Struts
RootedCON 2015 - Deep inside the Java framework Apache Struts
testpurposes
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
jasonjfrank
.Net Hijacking to Defend PowerShell BSidesSF2017
.Net Hijacking to Defend PowerShell BSidesSF2017
Amanda Rousseau
Recommended
Project Finance
Project Finance
José Luis CUBERO-SOMED
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Pawel Krawczyk
Maximizing your coaxial (cable tv) v2
Maximizing your coaxial (cable tv) v2
Broto Santoso
Securing Your .NET Application
Securing Your .NET Application
Iron Speed
RootedCON 2015 - Deep inside the Java framework Apache Struts
RootedCON 2015 - Deep inside the Java framework Apache Struts
testpurposes
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
jasonjfrank
.Net Hijacking to Defend PowerShell BSidesSF2017
.Net Hijacking to Defend PowerShell BSidesSF2017
Amanda Rousseau
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
CSCJournals
SETTING METHOD IN CONSIDERATION OF THE PCI/DSS
SETTING METHOD IN CONSIDERATION OF THE PCI/DSS
hogehuga
Passive infrastructure of FTTH networks: an overview
Passive infrastructure of FTTH networks: an overview
Luc De Heyn
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
Erik Vloothuis
ColdFusion for Penetration Testers
ColdFusion for Penetration Testers
Chris Gates
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
Chris Gates
Prof m02 v2
Prof m02 v2
SelectedPresentations
Data Driven Risk Management
Data Driven Risk Management
Resolver Inc.
Ecommerce(2)
Ecommerce(2)
ecommerce
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
Matthew Pascucci
Financial Crisis And IT Security
Financial Crisis And IT Security
George Fares
Ht t17
Ht t17
SelectedPresentations
R af d
R af d
William L. McGill
Risk Analysis for Dummies
Risk Analysis for Dummies
William L. McGill
IT Controls Presentation
IT Controls Presentation
Bill Lisse
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
Joel Cardella
Some experiences from early-stage Australian startups
Some experiences from early-stage Australian startups
David Jones
Don't risk it presentation
Don't risk it presentation
Vincent Kwon
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
EC-Council
Auditing and fraud detection using Picalo
Auditing and fraud detection using Picalo
Sii Quist
Audit,fraud detection Using Picalo
Audit,fraud detection Using Picalo
guest4ea866f
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12
Patrick Florer
More Related Content
Viewers also liked
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
CSCJournals
SETTING METHOD IN CONSIDERATION OF THE PCI/DSS
SETTING METHOD IN CONSIDERATION OF THE PCI/DSS
hogehuga
Passive infrastructure of FTTH networks: an overview
Passive infrastructure of FTTH networks: an overview
Luc De Heyn
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
Erik Vloothuis
ColdFusion for Penetration Testers
ColdFusion for Penetration Testers
Chris Gates
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
Chris Gates
Viewers also liked
(6)
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
Queue Size Trade Off with Modulation in 802.15.4 for Wireless Sensor Networks
SETTING METHOD IN CONSIDERATION OF THE PCI/DSS
SETTING METHOD IN CONSIDERATION OF THE PCI/DSS
Passive infrastructure of FTTH networks: an overview
Passive infrastructure of FTTH networks: an overview
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
ColdFusion for Penetration Testers
ColdFusion for Penetration Testers
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
Similar to Real Life Information Security
Prof m02 v2
Prof m02 v2
SelectedPresentations
Data Driven Risk Management
Data Driven Risk Management
Resolver Inc.
Ecommerce(2)
Ecommerce(2)
ecommerce
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
Matthew Pascucci
Financial Crisis And IT Security
Financial Crisis And IT Security
George Fares
Ht t17
Ht t17
SelectedPresentations
R af d
R af d
William L. McGill
Risk Analysis for Dummies
Risk Analysis for Dummies
William L. McGill
IT Controls Presentation
IT Controls Presentation
Bill Lisse
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
Joel Cardella
Some experiences from early-stage Australian startups
Some experiences from early-stage Australian startups
David Jones
Don't risk it presentation
Don't risk it presentation
Vincent Kwon
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
EC-Council
Auditing and fraud detection using Picalo
Auditing and fraud detection using Picalo
Sii Quist
Audit,fraud detection Using Picalo
Audit,fraud detection Using Picalo
guest4ea866f
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12
Patrick Florer
Data Security for Nonprofits
Data Security for Nonprofits
NPowerCR
Common sense security by Fortium Partners
Common sense security by Fortium Partners
DAVID BERGH
L123
L123
Btyy121
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Rishi Singh
Similar to Real Life Information Security
(20)
Prof m02 v2
Prof m02 v2
Data Driven Risk Management
Data Driven Risk Management
Ecommerce(2)
Ecommerce(2)
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
Financial Crisis And IT Security
Financial Crisis And IT Security
Ht t17
Ht t17
R af d
R af d
Risk Analysis for Dummies
Risk Analysis for Dummies
IT Controls Presentation
IT Controls Presentation
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
Some experiences from early-stage Australian startups
Some experiences from early-stage Australian startups
Don't risk it presentation
Don't risk it presentation
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Auditing and fraud detection using Picalo
Auditing and fraud detection using Picalo
Audit,fraud detection Using Picalo
Audit,fraud detection Using Picalo
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12
Data Security for Nonprofits
Data Security for Nonprofits
Common sense security by Fortium Partners
Common sense security by Fortium Partners
L123
L123
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
More from Pawel Krawczyk
Top DevOps Security Failures
Top DevOps Security Failures
Pawel Krawczyk
Authenticity and usability
Authenticity and usability
Pawel Krawczyk
Reading Geek Night 2019
Reading Geek Night 2019
Pawel Krawczyk
Effective DevSecOps
Effective DevSecOps
Pawel Krawczyk
Unicode the hero or villain
Unicode the hero or villain
Pawel Krawczyk
Get rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protection
Pawel Krawczyk
Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015
Pawel Krawczyk
Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"
Pawel Krawczyk
Paweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwa
Pawel Krawczyk
Are electronic signature assumptions realistic
Are electronic signature assumptions realistic
Pawel Krawczyk
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Pawel Krawczyk
Filtrowanie sieci - Panoptykon
Filtrowanie sieci - Panoptykon
Pawel Krawczyk
Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93
Pawel Krawczyk
Why care about application security
Why care about application security
Pawel Krawczyk
Source Code Scanners
Source Code Scanners
Pawel Krawczyk
Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2
Pawel Krawczyk
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
Pawel Krawczyk
Kryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwa
Pawel Krawczyk
Zaufanie W Systemach Informatycznych
Zaufanie W Systemach Informatycznych
Pawel Krawczyk
Europejskie Ramy Interoperacyjności 2.0
Europejskie Ramy Interoperacyjności 2.0
Pawel Krawczyk
More from Pawel Krawczyk
(20)
Top DevOps Security Failures
Top DevOps Security Failures
Authenticity and usability
Authenticity and usability
Reading Geek Night 2019
Reading Geek Night 2019
Effective DevSecOps
Effective DevSecOps
Unicode the hero or villain
Unicode the hero or villain
Get rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protection
Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015
Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"
Paweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwa
Are electronic signature assumptions realistic
Are electronic signature assumptions realistic
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Filtrowanie sieci - Panoptykon
Filtrowanie sieci - Panoptykon
Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93
Why care about application security
Why care about application security
Source Code Scanners
Source Code Scanners
Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwa
Zaufanie W Systemach Informatycznych
Zaufanie W Systemach Informatycznych
Europejskie Ramy Interoperacyjności 2.0
Europejskie Ramy Interoperacyjności 2.0
Recently uploaded
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
Celine George
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
bennyroshan06
NLC-2024-Orientation-for-RO-SDO (1).pptx
NLC-2024-Orientation-for-RO-SDO (1).pptx
ssuserbdd3e8
678020731-Sumas-y-Restas-Para-Colorear.pdf
678020731-Sumas-y-Restas-Para-Colorear.pdf
CarlosHernanMontoyab2
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
Vivekanand Anglo Vedic Academy
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
Excellence Foundation for South Sudan
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
ricssacare
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
Nguyen Thanh Tu Collection
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
Basic_QTL_Marker-assisted_Selection_Sourabh.ppt
Basic_QTL_Marker-assisted_Selection_Sourabh.ppt
Sourabh Kumar
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
Accounting and finance exit exam 2016 E.C.pdf
Accounting and finance exit exam 2016 E.C.pdf
YibeltalNibretu
Benefits and Challenges of Using Open Educational Resources
Benefits and Challenges of Using Open Educational Resources
dimpy50
B.ed spl. HI pdusu exam paper-2023-24.pdf
B.ed spl. HI pdusu exam paper-2023-24.pdf
Special education needs
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
Steve Thomason
How to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
Col Mukteshwar Prasad
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
Denish Jangid
Recently uploaded
(20)
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
NLC-2024-Orientation-for-RO-SDO (1).pptx
NLC-2024-Orientation-for-RO-SDO (1).pptx
678020731-Sumas-y-Restas-Para-Colorear.pdf
678020731-Sumas-y-Restas-Para-Colorear.pdf
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
Basic_QTL_Marker-assisted_Selection_Sourabh.ppt
Basic_QTL_Marker-assisted_Selection_Sourabh.ppt
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Accounting and finance exit exam 2016 E.C.pdf
Accounting and finance exit exam 2016 E.C.pdf
Benefits and Challenges of Using Open Educational Resources
Benefits and Challenges of Using Open Educational Resources
B.ed spl. HI pdusu exam paper-2023-24.pdf
B.ed spl. HI pdusu exam paper-2023-24.pdf
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
How to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
Real Life Information Security
1.
Real Life Information
Security Embedding security in economic reality [email_address]
2.
3.
4.
5.
6.
7.
Learn f rom
others’ mistakes Source: FSA, 22 July 2009
8.
9.
10.
11.
Risk Analysis ->
Potential loss -> Control -> Real loss Wrong but common scenario...
12.
Case studies
13.
14.
15.
16.
Risk Management in
e-banking Source: Bankier.pl report, October 2009 (selected data only) ↓ Repudiation ↓ Low security, ↑ Low cost 7 TAN ↑ Non-repudiation ↓ Not usable, ↓ Big cost 2 Smart - card ↓ Repudiation ↓ Big cost 11 Token ↓ Repudiation ↑ Usable, ↓ Big cost 15 SMS High non-repudiation needs Millions of clients Auth method Corporate Individual Number
17.
Laffer’s curve in
security Source: Wikipedia
18.
Mayfield’s Paradox Source:
ISACA, „ Mathematical Proofs of Mayfield's Paradox ”, 2001
19.
How to?
20.
Avoid „ o
ne-size fits all” approach
21.
22.
23.
24.
Source: Willem Duiff,
GE (SASMA 2009)
25.
26.
27.
28.
29.
Download now