Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Top 3 tips for security documentation

204 views

Published on

Top 3 Tips how to create security documentation.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Top 3 tips for security documentation

  1. 1. Top 3 Tips For Security Docs Michael Furman Security Architect Icons made by Appzgear and Freepik
  2. 2. What will we see today? • Why is security important? • Don’t be part of the problem • Do’s and Don’ts
  3. 3. About Me • 20+ years in software engineering • 10+ years in application security • 4+ years Lead Security Architect at Tufin • www.linkedin.com/in/furmanmichael/ • ultimatesecpro@gmail.com • Read my blog https://ultimatesecurity.pro/ • Follow me on twitter @ultimatesecpro • I like to travel, read books and listen to music.
  4. 4. About Tufin • Market Leader in Security Policy Orchestration for firewalls and cloud – New Tufin products integrate security into DevOps pipeline • Established in 2005 • Used in over 2,300 enterprises, including 40 Fortune 100 companies • We are constantly growing! www.tufin.com/careers/
  5. 5. Why is security important? • Google for “hacker stole credit cards”. • Google for “cybersecurity breaches”.
  6. 6. Sony PlayStation 2011 • Exposed personal information of 77 million users • Sony suspended PlayStation Network services – costs 155.4 million USD • Sony U.K. fined 395 million USD
  7. 7. Target Breach 2013 • 40 million of credit and debit cards are stolen • Reissuing 21.8 million cards – 200 million USD
  8. 8. Equifax 2017 • US consumer credit reporting agency • Unauthorized access to data – 145.5 million American customers – 15.2 million UK customers • Cost of the breach around 449 million USD
  9. 9. Where to start? • OWASP Top Ten Overview: https://ultimatesecurity.pro/post/top-ten-presentation/
  10. 10. Don’t be part of the problem • Run vulnerability scans • Do a Pen Test • Regularly upgrade a server • Regularly upgrade a tool
  11. 11. Vulnerability vs. security features • A vulnerability is a weakness which can be exploited by an attacker • Security features is enchantment of a product to meet a security requirement
  12. 12. Do’s and Don’ts - Vulnerability • Describe a vulnerability – not how to hack • Notify customers only – Public disclosure after the sufficient time Icons made by Smashicons
  13. 13. Do’s and Don’ts - Security Fixes • Public disclosure • Be preemptive – If it limits the existing functionality Icons made by Freepik
  14. 14. Take Aways • Engage with your IT team • Documenting vulnerabilities is different from documenting security fixes
  15. 15. Thank you! • Contact me – www.linkedin.com/in/furmanmichael/ – ultimatesecpro@gmail.com – https://ultimatesecurity.pro/ – @ultimatesecpro

×