SlideShare a Scribd company logo

Samlink-sd-drinks-10.2.15

J
japijapi

The document discusses principles of information security and service design. It advocates designing security into systems from the start rather than adding it as an afterthought. Following human and organizational needs and understanding risk appetite are important. Security should be user-friendly, fail safely with separation of duties, and avoid relying solely on obscurity. As technology shrinks, security challenges will also need to adapt rapidly.

1 of 14
Copyright © Oy Samlink Ab Information security ♥ service design Service Design Drinks 10.2.2015 Jari Pirhonen @japi999 www.slideshare.net/japijapi
Copyright © Oy Samlink Ab Why do cars have brakes? 10.2.2015@japi999
Copyright © Oy Samlink Ab Because speed is nothing without control! 10.2.2015@japi999
Copyright © Oy Samlink Ab Why information security? You want  enable business, trust, 24/7 10.2.2015@japi999 You must  compliance, regulation You fear  risk management
Copyright © Oy Samlink Ab 10.2.2015@japi999
Copyright © Oy Samlink Ab 10.2.2015@japi999
Copyright © Oy Samlink Ab Security – tower of Babel? 10.2.2015@japi999 Horizontal innovation Verticalinnovation
Copyright © Oy Samlink Ab Security = Quality Security service <> Secure service Security design <> Secure design 10.2.2015 Information security is too important to be left just to information security experts! @japi999
Copyright © Oy Samlink Ab Quality by design Security by design Privacy by design Secure defaults 10.2.2015@japi999
Copyright © Oy Samlink Ab Rule #1 Users are NOT the weakest links 10.2.2015@japi999
Copyright © Oy Samlink Ab Set the bar for security  Service environment  Crown jewels, users, adversaries  Business needs & risk appetite  Security requirements  Want, must, fear  Understood, accepted, communicated  Human (irrational) behaviour 10.2.2015@japi999
Copyright © Oy Samlink Ab Security must be baked in not sprinkled on top  KISS  Check the input  garbage in, garbage out  Secure, Fast, Cheap: Pick any two  Defense in depth (or the onion principle)  Fail safely  Separation of duties  Four-eyes principle for security critical tasks  Do not trust blindly  Open design - no security by obscurity  User-friendly, intuitive, invisible security 10.2.2015@japi999
Copyright © Oy Samlink Ab Better than secure? 10.2.2015 Secure @japi999 Resilient Antifragile
Copyright © Oy Samlink Ab What used to fit in a building, now fits in your pocket, and what fits in your pocket now, will fit inside a blood cell in 25 years. -- Ray Kurzweil 10.2.2015@japi999

Recommended

AppFolio Webinar: 8 Strategies Your Competitors Are Using to Close More Leases
AppFolio Webinar: 8 Strategies Your Competitors Are Using to Close More LeasesAppFolio Webinar: 8 Strategies Your Competitors Are Using to Close More Leases
AppFolio Webinar: 8 Strategies Your Competitors Are Using to Close More Leases
AppFolio
 
AppFolio Webinar: Zillow’s Secrets to Understanding Renters
AppFolio Webinar: Zillow’s Secrets to Understanding RentersAppFolio Webinar: Zillow’s Secrets to Understanding Renters
AppFolio Webinar: Zillow’s Secrets to Understanding Renters
AppFolio
 
AppFolio Webinar: 10 Things Successful Property Managers Have Stopped Doing
AppFolio Webinar: 10 Things Successful Property Managers Have Stopped DoingAppFolio Webinar: 10 Things Successful Property Managers Have Stopped Doing
AppFolio Webinar: 10 Things Successful Property Managers Have Stopped Doing
AppFolio
 
AppFolio Maintenance Contact Center (Customer Webinar Slides)
AppFolio Maintenance Contact Center (Customer Webinar Slides) AppFolio Maintenance Contact Center (Customer Webinar Slides)
AppFolio Maintenance Contact Center (Customer Webinar Slides)
AppFolio
 
AppFolio Webinar: Hug Your Haters - How to Turn Bad Reviews into Your Competi...
AppFolio Webinar: Hug Your Haters - How to Turn Bad Reviews into Your Competi...AppFolio Webinar: Hug Your Haters - How to Turn Bad Reviews into Your Competi...
AppFolio Webinar: Hug Your Haters - How to Turn Bad Reviews into Your Competi...
AppFolio
 
Intro APM: Navigating
Intro APM: NavigatingIntro APM: Navigating
Intro APM: Navigating
AppFolio
 
Prepare for Leasing Season with Nat Kunes [AppFolio Webinar]
Prepare for Leasing Season with Nat Kunes [AppFolio Webinar]Prepare for Leasing Season with Nat Kunes [AppFolio Webinar]
Prepare for Leasing Season with Nat Kunes [AppFolio Webinar]
AppFolio
 
How Property Managers Can Pivot to Compete in an On-Demand Economy
How Property Managers Can Pivot to Compete in an On-Demand EconomyHow Property Managers Can Pivot to Compete in an On-Demand Economy
How Property Managers Can Pivot to Compete in an On-Demand Economy
AppFolio
 

Recommended

AppFolio Webinar: 8 Strategies Your Competitors Are Using to Close More Leases
AppFolio Webinar: 8 Strategies Your Competitors Are Using to Close More LeasesAppFolio Webinar: 8 Strategies Your Competitors Are Using to Close More Leases
AppFolio Webinar: 8 Strategies Your Competitors Are Using to Close More Leases
AppFolio
 
AppFolio Webinar: Zillow’s Secrets to Understanding Renters
AppFolio Webinar: Zillow’s Secrets to Understanding RentersAppFolio Webinar: Zillow’s Secrets to Understanding Renters
AppFolio Webinar: Zillow’s Secrets to Understanding Renters
AppFolio
 
AppFolio Webinar: 10 Things Successful Property Managers Have Stopped Doing
AppFolio Webinar: 10 Things Successful Property Managers Have Stopped DoingAppFolio Webinar: 10 Things Successful Property Managers Have Stopped Doing
AppFolio Webinar: 10 Things Successful Property Managers Have Stopped Doing
AppFolio
 
AppFolio Maintenance Contact Center (Customer Webinar Slides)
AppFolio Maintenance Contact Center (Customer Webinar Slides) AppFolio Maintenance Contact Center (Customer Webinar Slides)
AppFolio Maintenance Contact Center (Customer Webinar Slides)
AppFolio
 
AppFolio Webinar: Hug Your Haters - How to Turn Bad Reviews into Your Competi...
AppFolio Webinar: Hug Your Haters - How to Turn Bad Reviews into Your Competi...AppFolio Webinar: Hug Your Haters - How to Turn Bad Reviews into Your Competi...
AppFolio Webinar: Hug Your Haters - How to Turn Bad Reviews into Your Competi...
AppFolio
 
Intro APM: Navigating
Intro APM: NavigatingIntro APM: Navigating
Intro APM: Navigating
AppFolio
 
Prepare for Leasing Season with Nat Kunes [AppFolio Webinar]
Prepare for Leasing Season with Nat Kunes [AppFolio Webinar]Prepare for Leasing Season with Nat Kunes [AppFolio Webinar]
Prepare for Leasing Season with Nat Kunes [AppFolio Webinar]
AppFolio
 
How Property Managers Can Pivot to Compete in an On-Demand Economy
How Property Managers Can Pivot to Compete in an On-Demand EconomyHow Property Managers Can Pivot to Compete in an On-Demand Economy
How Property Managers Can Pivot to Compete in an On-Demand Economy
AppFolio
 
Working Agile in an Ever Changing World
Working Agile in an Ever Changing WorldWorking Agile in an Ever Changing World
Working Agile in an Ever Changing World
Capgemini
 
Smart Parking Oman
Smart Parking OmanSmart Parking Oman
Smart Parking Oman
prajakta gawande
 
For developers
For developersFor developers
For developers
YOYO Holdings Pte. Ltd.
 
Secure valley companyprofile_2015
Secure valley companyprofile_2015Secure valley companyprofile_2015
Secure valley companyprofile_2015
Guisun Han
 
Digital, bear or just bull
Digital, bear or just bullDigital, bear or just bull
Digital, bear or just bull
Scott Rigby
 
Corporate overview @Pi DATA CENTERS
Corporate overview @Pi DATA CENTERSCorporate overview @Pi DATA CENTERS
Corporate overview @Pi DATA CENTERS
Debmalya Dey Roy ( Deb )
 
Case study - Google's Polymer web components let us develop tomorrow's digita...
Case study - Google's Polymer web components let us develop tomorrow's digita...Case study - Google's Polymer web components let us develop tomorrow's digita...
Case study - Google's Polymer web components let us develop tomorrow's digita...
Henry D Amm
 
Powering Omnichannel Experiences with Real-Time Data
Powering Omnichannel Experiences with Real-Time DataPowering Omnichannel Experiences with Real-Time Data
Powering Omnichannel Experiences with Real-Time Data
Tealium
 
How to convert video files to audio format using miro video converter by Rema...
How to convert video files to audio format using miro video converter by Rema...How to convert video files to audio format using miro video converter by Rema...
How to convert video files to audio format using miro video converter by Rema...
Denise Fredeluces
 
Tech Tricks to Crush Leasing Season
Tech Tricks to Crush Leasing SeasonTech Tricks to Crush Leasing Season
Tech Tricks to Crush Leasing Season
AppFolio
 
Project Controls Expo 18th Nov 2014 - "BIM and the Project Control Bicycle" B...
Project Controls Expo 18th Nov 2014 - "BIM and the Project Control Bicycle" B...Project Controls Expo 18th Nov 2014 - "BIM and the Project Control Bicycle" B...
Project Controls Expo 18th Nov 2014 - "BIM and the Project Control Bicycle" B...
Project Controls Expo
 
Ericpol_overview_2015
Ericpol_overview_2015Ericpol_overview_2015
Ericpol_overview_2015
Jacek Bukala
 
Automated Project Management Across Departments at Oi
Automated Project Management Across Departments at OiAutomated Project Management Across Departments at Oi
Automated Project Management Across Departments at Oi
CA Technologies
 
The how and why of patch management
The how and why of patch managementThe how and why of patch management
The how and why of patch management
Solarwinds N-able
 
IYF ISG Welcome
IYF ISG WelcomeIYF ISG Welcome
IYF ISG Welcome
Information Services Group (ISG)
 
Able construction pte ltd company profile
Able construction pte ltd company profileAble construction pte ltd company profile
Able construction pte ltd company profile
VHConsult (Pty) Ltd
 
Mobile apps presentation - Mobile App Development Services
Mobile apps presentation - Mobile App Development ServicesMobile apps presentation - Mobile App Development Services
Mobile apps presentation - Mobile App Development Services
Rosa Aguiar Catraio
 
Modeling Microservices
Modeling MicroservicesModeling Microservices
Modeling Microservices
Sander Hoogendoorn
 
Ai One Sem Tech Presentation
Ai One Sem Tech PresentationAi One Sem Tech Presentation
Ai One Sem Tech Presentation
diggelmann
 
Synergy Technology Services Corporate Profile - 28-01-2016
Synergy Technology Services Corporate Profile - 28-01-2016Synergy Technology Services Corporate Profile - 28-01-2016
Synergy Technology Services Corporate Profile - 28-01-2016
BNI Exponential
 
Palveluntarjoajien kyberturvakyvykkyys-11.9.23.pdf
Palveluntarjoajien kyberturvakyvykkyys-11.9.23.pdfPalveluntarjoajien kyberturvakyvykkyys-11.9.23.pdf
Palveluntarjoajien kyberturvakyvykkyys-11.9.23.pdf
japijapi
 
Tietoturvakatsaus 2022
Tietoturvakatsaus 2022Tietoturvakatsaus 2022
Tietoturvakatsaus 2022
japijapi
 

More Related Content

Similar to Samlink-sd-drinks-10.2.15

Working Agile in an Ever Changing World
Working Agile in an Ever Changing WorldWorking Agile in an Ever Changing World
Working Agile in an Ever Changing World
Capgemini
 
Smart Parking Oman
Smart Parking OmanSmart Parking Oman
Smart Parking Oman
prajakta gawande
 
For developers
For developersFor developers
For developers
YOYO Holdings Pte. Ltd.
 
Secure valley companyprofile_2015
Secure valley companyprofile_2015Secure valley companyprofile_2015
Secure valley companyprofile_2015
Guisun Han
 
Digital, bear or just bull
Digital, bear or just bullDigital, bear or just bull
Digital, bear or just bull
Scott Rigby
 
Corporate overview @Pi DATA CENTERS
Corporate overview @Pi DATA CENTERSCorporate overview @Pi DATA CENTERS
Corporate overview @Pi DATA CENTERS
Debmalya Dey Roy ( Deb )
 
Case study - Google's Polymer web components let us develop tomorrow's digita...
Case study - Google's Polymer web components let us develop tomorrow's digita...Case study - Google's Polymer web components let us develop tomorrow's digita...
Case study - Google's Polymer web components let us develop tomorrow's digita...
Henry D Amm
 
Powering Omnichannel Experiences with Real-Time Data
Powering Omnichannel Experiences with Real-Time DataPowering Omnichannel Experiences with Real-Time Data
Powering Omnichannel Experiences with Real-Time Data
Tealium
 
How to convert video files to audio format using miro video converter by Rema...
How to convert video files to audio format using miro video converter by Rema...How to convert video files to audio format using miro video converter by Rema...
How to convert video files to audio format using miro video converter by Rema...
Denise Fredeluces
 
Tech Tricks to Crush Leasing Season
Tech Tricks to Crush Leasing SeasonTech Tricks to Crush Leasing Season
Tech Tricks to Crush Leasing Season
AppFolio
 
Project Controls Expo 18th Nov 2014 - "BIM and the Project Control Bicycle" B...
Project Controls Expo 18th Nov 2014 - "BIM and the Project Control Bicycle" B...Project Controls Expo 18th Nov 2014 - "BIM and the Project Control Bicycle" B...
Project Controls Expo 18th Nov 2014 - "BIM and the Project Control Bicycle" B...
Project Controls Expo
 
Ericpol_overview_2015
Ericpol_overview_2015Ericpol_overview_2015
Ericpol_overview_2015
Jacek Bukala
 
Automated Project Management Across Departments at Oi
Automated Project Management Across Departments at OiAutomated Project Management Across Departments at Oi
Automated Project Management Across Departments at Oi
CA Technologies
 
The how and why of patch management
The how and why of patch managementThe how and why of patch management
The how and why of patch management
Solarwinds N-able
 
IYF ISG Welcome
IYF ISG WelcomeIYF ISG Welcome
IYF ISG Welcome
Information Services Group (ISG)
 
Able construction pte ltd company profile
Able construction pte ltd company profileAble construction pte ltd company profile
Able construction pte ltd company profile
VHConsult (Pty) Ltd
 
Mobile apps presentation - Mobile App Development Services
Mobile apps presentation - Mobile App Development ServicesMobile apps presentation - Mobile App Development Services
Mobile apps presentation - Mobile App Development Services
Rosa Aguiar Catraio
 
Modeling Microservices
Modeling MicroservicesModeling Microservices
Modeling Microservices
Sander Hoogendoorn
 
Ai One Sem Tech Presentation
Ai One Sem Tech PresentationAi One Sem Tech Presentation
Ai One Sem Tech Presentation
diggelmann
 
Synergy Technology Services Corporate Profile - 28-01-2016
Synergy Technology Services Corporate Profile - 28-01-2016Synergy Technology Services Corporate Profile - 28-01-2016
Synergy Technology Services Corporate Profile - 28-01-2016
BNI Exponential
 

Similar to Samlink-sd-drinks-10.2.15 (20)

Working Agile in an Ever Changing World
Working Agile in an Ever Changing WorldWorking Agile in an Ever Changing World
Working Agile in an Ever Changing World
 
Smart Parking Oman
Smart Parking OmanSmart Parking Oman
Smart Parking Oman
 
For developers
For developersFor developers
For developers
 
Secure valley companyprofile_2015
Secure valley companyprofile_2015Secure valley companyprofile_2015
Secure valley companyprofile_2015
 
Digital, bear or just bull
Digital, bear or just bullDigital, bear or just bull
Digital, bear or just bull
 
Corporate overview @Pi DATA CENTERS
Corporate overview @Pi DATA CENTERSCorporate overview @Pi DATA CENTERS
Corporate overview @Pi DATA CENTERS
 
Case study - Google's Polymer web components let us develop tomorrow's digita...
Case study - Google's Polymer web components let us develop tomorrow's digita...Case study - Google's Polymer web components let us develop tomorrow's digita...
Case study - Google's Polymer web components let us develop tomorrow's digita...
 
Powering Omnichannel Experiences with Real-Time Data
Powering Omnichannel Experiences with Real-Time DataPowering Omnichannel Experiences with Real-Time Data
Powering Omnichannel Experiences with Real-Time Data
 
How to convert video files to audio format using miro video converter by Rema...
How to convert video files to audio format using miro video converter by Rema...How to convert video files to audio format using miro video converter by Rema...
How to convert video files to audio format using miro video converter by Rema...
 
Tech Tricks to Crush Leasing Season
Tech Tricks to Crush Leasing SeasonTech Tricks to Crush Leasing Season
Tech Tricks to Crush Leasing Season
 
Project Controls Expo 18th Nov 2014 - "BIM and the Project Control Bicycle" B...
Project Controls Expo 18th Nov 2014 - "BIM and the Project Control Bicycle" B...Project Controls Expo 18th Nov 2014 - "BIM and the Project Control Bicycle" B...
Project Controls Expo 18th Nov 2014 - "BIM and the Project Control Bicycle" B...
 
Ericpol_overview_2015
Ericpol_overview_2015Ericpol_overview_2015
Ericpol_overview_2015
 
Automated Project Management Across Departments at Oi
Automated Project Management Across Departments at OiAutomated Project Management Across Departments at Oi
Automated Project Management Across Departments at Oi
 
The how and why of patch management
The how and why of patch managementThe how and why of patch management
The how and why of patch management
 
IYF ISG Welcome
IYF ISG WelcomeIYF ISG Welcome
IYF ISG Welcome
 
Able construction pte ltd company profile
Able construction pte ltd company profileAble construction pte ltd company profile
Able construction pte ltd company profile
 
Mobile apps presentation - Mobile App Development Services
Mobile apps presentation - Mobile App Development ServicesMobile apps presentation - Mobile App Development Services
Mobile apps presentation - Mobile App Development Services
 
Modeling Microservices
Modeling MicroservicesModeling Microservices
Modeling Microservices
 
Ai One Sem Tech Presentation
Ai One Sem Tech PresentationAi One Sem Tech Presentation
Ai One Sem Tech Presentation
 
Synergy Technology Services Corporate Profile - 28-01-2016
Synergy Technology Services Corporate Profile - 28-01-2016Synergy Technology Services Corporate Profile - 28-01-2016
Synergy Technology Services Corporate Profile - 28-01-2016
 

More from japijapi

Palveluntarjoajien kyberturvakyvykkyys-11.9.23.pdf
Palveluntarjoajien kyberturvakyvykkyys-11.9.23.pdfPalveluntarjoajien kyberturvakyvykkyys-11.9.23.pdf
Palveluntarjoajien kyberturvakyvykkyys-11.9.23.pdf
japijapi
 
Tietoturvakatsaus 2022
Tietoturvakatsaus 2022Tietoturvakatsaus 2022
Tietoturvakatsaus 2022
japijapi
 
Management Events kybervoimavara 16.2.22.pdf
Management Events kybervoimavara 16.2.22.pdfManagement Events kybervoimavara 16.2.22.pdf
Management Events kybervoimavara 16.2.22.pdf
japijapi
 
EK kyberosaaminen 26.1.22
EK kyberosaaminen 26.1.22EK kyberosaaminen 26.1.22
EK kyberosaaminen 26.1.22
japijapi
 
Kyberosaaja 17.5.21
Kyberosaaja 17.5.21Kyberosaaja 17.5.21
Kyberosaaja 17.5.21
japijapi
 
Cybersecurity skills-gap 2021
Cybersecurity skills-gap 2021Cybersecurity skills-gap 2021
Cybersecurity skills-gap 2021
japijapi
 
TTRY etatyon tietoturva_28.5.20
TTRY etatyon tietoturva_28.5.20TTRY etatyon tietoturva_28.5.20
TTRY etatyon tietoturva_28.5.20
japijapi
 
Aalto PRO turvallisuus 2.0
Aalto PRO turvallisuus 2.0Aalto PRO turvallisuus 2.0
Aalto PRO turvallisuus 2.0
japijapi
 
Cybersecurity skills gap 2020
Cybersecurity skills gap 2020Cybersecurity skills gap 2020
Cybersecurity skills gap 2020
japijapi
 
Digiturva sovellusturva-11.2.19
Digiturva sovellusturva-11.2.19Digiturva sovellusturva-11.2.19
Digiturva sovellusturva-11.2.19
japijapi
 
Tieturi-internet-ohjelmointi-1998
Tieturi-internet-ohjelmointi-1998Tieturi-internet-ohjelmointi-1998
Tieturi-internet-ohjelmointi-1998
japijapi
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
japijapi
 
Digiturva17 sovellusturva-16.10.17
Digiturva17 sovellusturva-16.10.17Digiturva17 sovellusturva-16.10.17
Digiturva17 sovellusturva-16.10.17
japijapi
 
Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017
japijapi
 
Digitaalinen turvallisuus muuttuvassa ympäristössä
Digitaalinen turvallisuus muuttuvassa ympäristössäDigitaalinen turvallisuus muuttuvassa ympäristössä
Digitaalinen turvallisuus muuttuvassa ympäristössä
japijapi
 
Kokemuksia tietoturvallisuuden johtamisesta
Kokemuksia tietoturvallisuuden johtamisestaKokemuksia tietoturvallisuuden johtamisesta
Kokemuksia tietoturvallisuuden johtamisesta
japijapi
 
Turvallisuus- ja yritysjohdon yhteistyö
Turvallisuus- ja yritysjohdon yhteistyöTurvallisuus- ja yritysjohdon yhteistyö
Turvallisuus- ja yritysjohdon yhteistyö
japijapi
 
Talentum palvelujen-tietoturva-12.6.13
Talentum palvelujen-tietoturva-12.6.13Talentum palvelujen-tietoturva-12.6.13
Talentum palvelujen-tietoturva-12.6.13
japijapi
 
Finanssialan tietoturvakatsaus 8.5.13
Finanssialan tietoturvakatsaus 8.5.13Finanssialan tietoturvakatsaus 8.5.13
Finanssialan tietoturvakatsaus 8.5.13japijapi
 
Verkkosovellusten tietoturvastrategia 20.4.2010
Verkkosovellusten tietoturvastrategia 20.4.2010Verkkosovellusten tietoturvastrategia 20.4.2010
Verkkosovellusten tietoturvastrategia 20.4.2010
japijapi
 

More from japijapi (20)

Palveluntarjoajien kyberturvakyvykkyys-11.9.23.pdf
Palveluntarjoajien kyberturvakyvykkyys-11.9.23.pdfPalveluntarjoajien kyberturvakyvykkyys-11.9.23.pdf
Palveluntarjoajien kyberturvakyvykkyys-11.9.23.pdf
 
Tietoturvakatsaus 2022
Tietoturvakatsaus 2022Tietoturvakatsaus 2022
Tietoturvakatsaus 2022
 
Management Events kybervoimavara 16.2.22.pdf
Management Events kybervoimavara 16.2.22.pdfManagement Events kybervoimavara 16.2.22.pdf
Management Events kybervoimavara 16.2.22.pdf
 
EK kyberosaaminen 26.1.22
EK kyberosaaminen 26.1.22EK kyberosaaminen 26.1.22
EK kyberosaaminen 26.1.22
 
Kyberosaaja 17.5.21
Kyberosaaja 17.5.21Kyberosaaja 17.5.21
Kyberosaaja 17.5.21
 
Cybersecurity skills-gap 2021
Cybersecurity skills-gap 2021Cybersecurity skills-gap 2021
Cybersecurity skills-gap 2021
 
TTRY etatyon tietoturva_28.5.20
TTRY etatyon tietoturva_28.5.20TTRY etatyon tietoturva_28.5.20
TTRY etatyon tietoturva_28.5.20
 
Aalto PRO turvallisuus 2.0
Aalto PRO turvallisuus 2.0Aalto PRO turvallisuus 2.0
Aalto PRO turvallisuus 2.0
 
Cybersecurity skills gap 2020
Cybersecurity skills gap 2020Cybersecurity skills gap 2020
Cybersecurity skills gap 2020
 
Digiturva sovellusturva-11.2.19
Digiturva sovellusturva-11.2.19Digiturva sovellusturva-11.2.19
Digiturva sovellusturva-11.2.19
 
Tieturi-internet-ohjelmointi-1998
Tieturi-internet-ohjelmointi-1998Tieturi-internet-ohjelmointi-1998
Tieturi-internet-ohjelmointi-1998
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
 
Digiturva17 sovellusturva-16.10.17
Digiturva17 sovellusturva-16.10.17Digiturva17 sovellusturva-16.10.17
Digiturva17 sovellusturva-16.10.17
 
Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017
 
Digitaalinen turvallisuus muuttuvassa ympäristössä
Digitaalinen turvallisuus muuttuvassa ympäristössäDigitaalinen turvallisuus muuttuvassa ympäristössä
Digitaalinen turvallisuus muuttuvassa ympäristössä
 
Kokemuksia tietoturvallisuuden johtamisesta
Kokemuksia tietoturvallisuuden johtamisestaKokemuksia tietoturvallisuuden johtamisesta
Kokemuksia tietoturvallisuuden johtamisesta
 
Turvallisuus- ja yritysjohdon yhteistyö
Turvallisuus- ja yritysjohdon yhteistyöTurvallisuus- ja yritysjohdon yhteistyö
Turvallisuus- ja yritysjohdon yhteistyö
 
Talentum palvelujen-tietoturva-12.6.13
Talentum palvelujen-tietoturva-12.6.13Talentum palvelujen-tietoturva-12.6.13
Talentum palvelujen-tietoturva-12.6.13
 
Finanssialan tietoturvakatsaus 8.5.13
Finanssialan tietoturvakatsaus 8.5.13Finanssialan tietoturvakatsaus 8.5.13
Finanssialan tietoturvakatsaus 8.5.13
 
Verkkosovellusten tietoturvastrategia 20.4.2010
Verkkosovellusten tietoturvastrategia 20.4.2010Verkkosovellusten tietoturvastrategia 20.4.2010
Verkkosovellusten tietoturvastrategia 20.4.2010
 

Recently uploaded

AHMED TALAAT ARCHITECTURE PORTFOLIO .pdf
AHMED TALAAT ARCHITECTURE PORTFOLIO .pdfAHMED TALAAT ARCHITECTURE PORTFOLIO .pdf
AHMED TALAAT ARCHITECTURE PORTFOLIO .pdf
talaatahm
 
定制美国西雅图城市大学毕业证学历证书原版一模一样
定制美国西雅图城市大学毕业证学历证书原版一模一样定制美国西雅图城市大学毕业证学历证书原版一模一样
定制美国西雅图城市大学毕业证学历证书原版一模一样
qo1as76n
 
SECURING BUILDING PERMIT CITY OF CALOOCAN.pdf
SECURING BUILDING PERMIT CITY OF CALOOCAN.pdfSECURING BUILDING PERMIT CITY OF CALOOCAN.pdf
SECURING BUILDING PERMIT CITY OF CALOOCAN.pdf
eloprejohn333
 
Revolutionizing the Digital Landscape: Web Development Companies in India
Revolutionizing the Digital Landscape: Web Development Companies in IndiaRevolutionizing the Digital Landscape: Web Development Companies in India
Revolutionizing the Digital Landscape: Web Development Companies in India
amrsoftec1
 
一比一原版(UW毕业证)西雅图华盛顿大学毕业证如何办理
一比一原版(UW毕业证)西雅图华盛顿大学毕业证如何办理一比一原版(UW毕业证)西雅图华盛顿大学毕业证如何办理
一比一原版(UW毕业证)西雅图华盛顿大学毕业证如何办理
kecekev
 
Graphic Design Tools and Software .pptx
Graphic Design Tools and Software .pptxGraphic Design Tools and Software .pptx
Graphic Design Tools and Software .pptx
Virtual Real Design
 
CocaCola_Brand_equity_package_2012__.pdf
CocaCola_Brand_equity_package_2012__.pdfCocaCola_Brand_equity_package_2012__.pdf
CocaCola_Brand_equity_package_2012__.pdf
PabloMartelLpez
 
Practical eLearning Makeovers for Everyone
Practical eLearning Makeovers for EveryonePractical eLearning Makeovers for Everyone
Practical eLearning Makeovers for Everyone
Bianca Woods
 
ARENA - Young adults in the workplace (Knight Moves).pdf
ARENA - Young adults in the workplace (Knight Moves).pdfARENA - Young adults in the workplace (Knight Moves).pdf
ARENA - Young adults in the workplace (Knight Moves).pdf
Knight Moves
 
Storytelling For The Web: Integrate Storytelling in your Design Process
Storytelling For The Web: Integrate Storytelling in your Design ProcessStorytelling For The Web: Integrate Storytelling in your Design Process
Storytelling For The Web: Integrate Storytelling in your Design Process
Chiara Aliotta
 
Divertidamente SLIDE.pptxufururururuhrurid8dj
Divertidamente SLIDE.pptxufururururuhrurid8djDivertidamente SLIDE.pptxufururururuhrurid8dj
Divertidamente SLIDE.pptxufururururuhrurid8dj
lunaemel03
 
Impact of Fonts: in Web and Apps Design
Impact of Fonts: in Web and Apps DesignImpact of Fonts: in Web and Apps Design
Impact of Fonts: in Web and Apps Design
contactproperweb2014
 
一比一原版(BU毕业证)波士顿大学毕业证如何办理
一比一原版(BU毕业证)波士顿大学毕业证如何办理一比一原版(BU毕业证)波士顿大学毕业证如何办理
一比一原版(BU毕业证)波士顿大学毕业证如何办理
peuce
 
Virtual Tour Application Powerpoint for museum of edinburgh
Virtual Tour Application Powerpoint for museum of edinburghVirtual Tour Application Powerpoint for museum of edinburgh
Virtual Tour Application Powerpoint for museum of edinburgh
millarj46
 
哪里办理美国中央华盛顿大学毕业证双学位证书原版一模一样
哪里办理美国中央华盛顿大学毕业证双学位证书原版一模一样哪里办理美国中央华盛顿大学毕业证双学位证书原版一模一样
哪里办理美国中央华盛顿大学毕业证双学位证书原版一模一样
qo1as76n
 
Technoblade The Legacy of a Minecraft Legend.
Technoblade The Legacy of a Minecraft Legend.Technoblade The Legacy of a Minecraft Legend.
Technoblade The Legacy of a Minecraft Legend.
Techno Merch
 
NHR Engineers Portfolio 2023 2024 NISHANT RATHI
NHR Engineers Portfolio 2023 2024 NISHANT RATHINHR Engineers Portfolio 2023 2024 NISHANT RATHI
NHR Engineers Portfolio 2023 2024 NISHANT RATHI
NishantRathi18
 
Heuristics Evaluation - How to Guide.pdf
Heuristics Evaluation - How to Guide.pdfHeuristics Evaluation - How to Guide.pdf
Heuristics Evaluation - How to Guide.pdf
Jaime Brown
 
Top Interior Designers in Bangalore.pdf1
Top Interior Designers in Bangalore.pdf1Top Interior Designers in Bangalore.pdf1
Top Interior Designers in Bangalore.pdf1
Decomart Studio
 
Timeless Principles of Good Design
Timeless Principles of Good DesignTimeless Principles of Good Design
Timeless Principles of Good Design
Carolina de Bartolo
 

Recently uploaded (20)

AHMED TALAAT ARCHITECTURE PORTFOLIO .pdf
AHMED TALAAT ARCHITECTURE PORTFOLIO .pdfAHMED TALAAT ARCHITECTURE PORTFOLIO .pdf
AHMED TALAAT ARCHITECTURE PORTFOLIO .pdf
 
定制美国西雅图城市大学毕业证学历证书原版一模一样
定制美国西雅图城市大学毕业证学历证书原版一模一样定制美国西雅图城市大学毕业证学历证书原版一模一样
定制美国西雅图城市大学毕业证学历证书原版一模一样
 
SECURING BUILDING PERMIT CITY OF CALOOCAN.pdf
SECURING BUILDING PERMIT CITY OF CALOOCAN.pdfSECURING BUILDING PERMIT CITY OF CALOOCAN.pdf
SECURING BUILDING PERMIT CITY OF CALOOCAN.pdf
 
Revolutionizing the Digital Landscape: Web Development Companies in India
Revolutionizing the Digital Landscape: Web Development Companies in IndiaRevolutionizing the Digital Landscape: Web Development Companies in India
Revolutionizing the Digital Landscape: Web Development Companies in India
 
一比一原版(UW毕业证)西雅图华盛顿大学毕业证如何办理
一比一原版(UW毕业证)西雅图华盛顿大学毕业证如何办理一比一原版(UW毕业证)西雅图华盛顿大学毕业证如何办理
一比一原版(UW毕业证)西雅图华盛顿大学毕业证如何办理
 
Graphic Design Tools and Software .pptx
Graphic Design Tools and Software .pptxGraphic Design Tools and Software .pptx
Graphic Design Tools and Software .pptx
 
CocaCola_Brand_equity_package_2012__.pdf
CocaCola_Brand_equity_package_2012__.pdfCocaCola_Brand_equity_package_2012__.pdf
CocaCola_Brand_equity_package_2012__.pdf
 
Practical eLearning Makeovers for Everyone
Practical eLearning Makeovers for EveryonePractical eLearning Makeovers for Everyone
Practical eLearning Makeovers for Everyone
 
ARENA - Young adults in the workplace (Knight Moves).pdf
ARENA - Young adults in the workplace (Knight Moves).pdfARENA - Young adults in the workplace (Knight Moves).pdf
ARENA - Young adults in the workplace (Knight Moves).pdf
 
Storytelling For The Web: Integrate Storytelling in your Design Process
Storytelling For The Web: Integrate Storytelling in your Design ProcessStorytelling For The Web: Integrate Storytelling in your Design Process
Storytelling For The Web: Integrate Storytelling in your Design Process
 
Divertidamente SLIDE.pptxufururururuhrurid8dj
Divertidamente SLIDE.pptxufururururuhrurid8djDivertidamente SLIDE.pptxufururururuhrurid8dj
Divertidamente SLIDE.pptxufururururuhrurid8dj
 
Impact of Fonts: in Web and Apps Design
Impact of Fonts: in Web and Apps DesignImpact of Fonts: in Web and Apps Design
Impact of Fonts: in Web and Apps Design
 
一比一原版(BU毕业证)波士顿大学毕业证如何办理
一比一原版(BU毕业证)波士顿大学毕业证如何办理一比一原版(BU毕业证)波士顿大学毕业证如何办理
一比一原版(BU毕业证)波士顿大学毕业证如何办理
 
Virtual Tour Application Powerpoint for museum of edinburgh
Virtual Tour Application Powerpoint for museum of edinburghVirtual Tour Application Powerpoint for museum of edinburgh
Virtual Tour Application Powerpoint for museum of edinburgh
 
哪里办理美国中央华盛顿大学毕业证双学位证书原版一模一样
哪里办理美国中央华盛顿大学毕业证双学位证书原版一模一样哪里办理美国中央华盛顿大学毕业证双学位证书原版一模一样
哪里办理美国中央华盛顿大学毕业证双学位证书原版一模一样
 
Technoblade The Legacy of a Minecraft Legend.
Technoblade The Legacy of a Minecraft Legend.Technoblade The Legacy of a Minecraft Legend.
Technoblade The Legacy of a Minecraft Legend.
 
NHR Engineers Portfolio 2023 2024 NISHANT RATHI
NHR Engineers Portfolio 2023 2024 NISHANT RATHINHR Engineers Portfolio 2023 2024 NISHANT RATHI
NHR Engineers Portfolio 2023 2024 NISHANT RATHI
 
Heuristics Evaluation - How to Guide.pdf
Heuristics Evaluation - How to Guide.pdfHeuristics Evaluation - How to Guide.pdf
Heuristics Evaluation - How to Guide.pdf
 
Top Interior Designers in Bangalore.pdf1
Top Interior Designers in Bangalore.pdf1Top Interior Designers in Bangalore.pdf1
Top Interior Designers in Bangalore.pdf1
 
Timeless Principles of Good Design
Timeless Principles of Good DesignTimeless Principles of Good Design
Timeless Principles of Good Design
 

Samlink-sd-drinks-10.2.15

  • 1. Copyright © Oy Samlink Ab Information security ♥ service design Service Design Drinks 10.2.2015 Jari Pirhonen @japi999 www.slideshare.net/japijapi
  • 2. Copyright © Oy Samlink Ab Why do cars have brakes? 10.2.2015@japi999
  • 3. Copyright © Oy Samlink Ab Because speed is nothing without control! 10.2.2015@japi999
  • 4. Copyright © Oy Samlink Ab Why information security? You want  enable business, trust, 24/7 10.2.2015@japi999 You must  compliance, regulation You fear  risk management
  • 5. Copyright © Oy Samlink Ab 10.2.2015@japi999
  • 6. Copyright © Oy Samlink Ab 10.2.2015@japi999
  • 7. Copyright © Oy Samlink Ab Security – tower of Babel? 10.2.2015@japi999 Horizontal innovation Verticalinnovation
  • 8. Copyright © Oy Samlink Ab Security = Quality Security service <> Secure service Security design <> Secure design 10.2.2015 Information security is too important to be left just to information security experts! @japi999
  • 9. Copyright © Oy Samlink Ab Quality by design Security by design Privacy by design Secure defaults 10.2.2015@japi999
  • 10. Copyright © Oy Samlink Ab Rule #1 Users are NOT the weakest links 10.2.2015@japi999
  • 11. Copyright © Oy Samlink Ab Set the bar for security  Service environment  Crown jewels, users, adversaries  Business needs & risk appetite  Security requirements  Want, must, fear  Understood, accepted, communicated  Human (irrational) behaviour 10.2.2015@japi999
  • 12. Copyright © Oy Samlink Ab Security must be baked in not sprinkled on top  KISS  Check the input  garbage in, garbage out  Secure, Fast, Cheap: Pick any two  Defense in depth (or the onion principle)  Fail safely  Separation of duties  Four-eyes principle for security critical tasks  Do not trust blindly  Open design - no security by obscurity  User-friendly, intuitive, invisible security 10.2.2015@japi999
  • 13. Copyright © Oy Samlink Ab Better than secure? 10.2.2015 Secure @japi999 Resilient Antifragile
  • 14. Copyright © Oy Samlink Ab What used to fit in a building, now fits in your pocket, and what fits in your pocket now, will fit inside a blood cell in 25 years. -- Ray Kurzweil 10.2.2015@japi999

Editor's Notes

  1. Data Security  IT Security  Information Security  Cyber Security  Digital Security
  2. Are criminals and the NSA only information security innovators?
  3. Technology and digitalization  vertical innovations Information security  horizontal innovations
  4. People don’t want encryption, PKI and certificates – they want safe and secure communications
  5. User are the weakest link IF users are forgotten at design phase
  6. Keeping secrets is hard Understand your assumpions From "Murphy's computer" to "Satan's computer"
  7. Will we still be using tiiny tiny ”nanofirewalls and nano anti-virus”?