Friday, 22 March 2019

Information Security 101 - A talk on PixelsCamp V3.0


Link to the Powerpoint file: 


Dearly beloved, we are gathered here today to discuss Information Security.

Join me around the campfire and let’s start…




Mandatory "who's this guy and what's all of this about" slides.
I decided to make the presentation available to the audience beforehand to allow every participant to follow the presentation at his own pace.

Also, please note the LEGAL DISCLAIMER as I was expressing my own opinions and not the ones of my employer.






Heard in 2002: “If you’re not paying for it, you’re the product” but what does it mean?

Link to Wall Street Journal article: 
https://www.wsj.com/graphics/how-pizza-night-can-cost-more-in-data-than-dollars/


It all starts it a text message “Wanna come for pizza and a movie?”


Consider the Data provided vs. Data collected.
Just some highlights:
  



So… what can we do about it?...

Let’s take a step back….
"Passwords are like underwear: change them often and don’t show them in public."

I have a friend that ends up losing a credit card every 3 months or less J
The downside: she has to send new credit card data for every new actions, for every product ordered, for Netflix, for Android Pay, for Parking payments.
The upside: she gets a new card every 3 months which reduces the chances of exploit

But... does this make any sense?!
It’s pretty much the same we’re asking:
"Change often, has to be complex, 12 chars, 4 symbols, a drop of blood from your firstborn child and a tear of a unicorn."
And then we blame the user when things go wrong!




And if we’re really smart, really into these SECURITY stuff, we all know we should use 2 factor authentication.

Because SAFETY!!! Yes, at its all about safety, that will keep us safe, right?



Well, no, not really…
We have been nagging users about password for the last 20 years…
But it’s never the user password to be blamed for any significant data security breaches.





We must solve this:
The consequence is personal data abuse and society being controlled by The Others (Brexit, Trump, Bolsonaro)





Lets talk about management systems



Everyone can bake a cake at home
We can handle interruptions. We can handle supply issues. Most of the time it’s a one off. We are the client, no need to meet needs or expectations.


Very small IT footprint, maybe a computer running ERP / CRM / Excel / minimal website.
You now have procedures to handle raw materials when they arrive, laws to abide, periodic maintenance on machines, financial goals. 
You’re working with a context, with shareholders, suppliers, clients, employees, neighbour, authorities…
You have to meet the needs and expectations of interested parties if you want to survive.
So we make plans.


Suddenly…

Your supplier changes, Your target clientele changes, Your raw materials are no longer available, You have to abide to different regulations, You want to move into a different market, Your country foolishly decides to leave the EU, Your employees die, You die.
Allow me to introduce you to some nice friends…


Deming and a lovely lady.
The PDCA/CI cycle.


Management systems: Not the hero we call for, but the hero we need.
That means, defining processes, monitoring, keeping tabs on what went wrong and what went right.
But its pays off every time.
Risk is positive and negative that can and will happen.
Is all about figuring out what can change, its impact and whether we wish to mitigate or reap the benefits.


The future, as we can see it
Robotized Cake Factory, very few people.


Confidentiality, Integrity, Availability

Access (physical/ user access management)
Operations (backup pentest, scan, logs)
Network protection 
Secure software development (lifecycle) (plug the holes NIST OWASP framework libraries)


Well, no, not really.

We’ll look into a real world scenario… but first…

The ability to wing it, sometimes referred as one of the greatest Portuguese assets only provides a short term, sub-standard solution. 
It will kill you in the long run.




Up until now, fines limited to 500k
Data breaches before and after GDPR
GDPR comes with a very loooong enforcing stick. Giving people’s rights even before they realise they have them.
Huge impact on data subjects rights. Humongous!



If you lose a dead hard disk stored in a drawer for the last 3 years, that’s a data breach
If tapes go up in flames, that’s a data breach.
You have to determine a justifiable data retention policy. And then abide by it.
When the user asks for the data back you must provide it. If you lost it (and didn’t report), you’re in trouble.
If you decide on a loan, your client has the right to know your profiling algorithms.
Scope: An American company creating a user account for a Japanese guy is within the scope of GDPR (because he’s in Slovenia)
Data minimisation. Collect only the information you need. GDPR killed the big data star.
Privacy by design. Look at your software development lifecycle and include GDPR compliancy on the earliest of stages. 
When things go wrong you’re in trouble. YOU MUST ABIDE BY THESE RULES!
I’m just the messenger. You don’t have to agree we me. You can even say it’s just #ProjectFear…
But in the end, “Talk to the hand, because the judge is not listening.”


January 2019

"You can not say Information Security and Android in the same sentence with a straight face."
Who agrees with this? … It’s OK if you don’t agree with me.


The real world example with an iOS app:
Can you spot "Informed consent" on this picture?


Let’s look at the same app, developed in Xamarin, a cross platform environment...

HOUSE RULE: If you have the latest version you can shut up now and the reason is twofold: You’re still irrelevant (belong to the 3%) and that didn’t addressed the root cause.

This was a company very conscious on data privacy, they handle personal identifiable information and personal health information and have been managing for the last decades and have a quite impressive system.

What went wrong?
Requesting consent while installing, not when required.
Either you accept all of these or you don’t use the app.
Even Microsoft Office apps on Android ask for access to your phone call log, SMS content, information on machines on your corporate network. And these are high profile apps. What about low-grade, dodgy looking junk apps. Everyone’s guess.
Access to data without even hacking is the Android de facto standard.
Low visibility on what it really means
Low granularity. Fixed on the latest version? Yeah right…
Average age of operating system version is… 3.5 years and that includes 80% of devices.
By 2022 you’ll still have +30% of devices built upon a GDPR non-complaint philoshopy.

Explanation on “CONSENT” was buried on the Terms & Conditions….


.... on the Terms & Conditions….


.... on the Terms & Conditions….


.... on the Terms & Conditions….


We must fix this...
… "with a great power comes a great responsibility."



62 comments:

  1. This is one of the most important blogs home security
    that I have seen, keep it up!

    ReplyDelete
  2. When i benefit your existing document. It might be top notch to examine everyone reveal with text throughout the coronary heart in conjunction with lucidity due to this vital difficulty may very well be easily viewed. idm crack

    ReplyDelete
  3. Great slideshow, data backup solutions for small business are one of the major applications for information security policies.

    ReplyDelete
  4. The accumulated onto your blog site despite the fact paying off acceptance just many tid little submits. Gratifying strategy for honest, I will be bookmarking before you start acquire merchandise realization spgs right in place. windows 8.1 activator

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. This comment has been removed by the author.

    ReplyDelete
  7. Im no expert, but I believe you just made an excellent point. You certainly fully understand what youre speaking about, and I can truly get behind that. keyword: idm crack

    ReplyDelete
  8. This comment has been removed by the author.

    ReplyDelete
  9. This is my first time i visit here. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here keep up the good work idm crack

    ReplyDelete
  10. Yes i am totally agreed with this article and i just want say that this article is very nice and very informative article.I will make sure to be reading your blog more. You made a good point but I can't help but wonder, what about the other side? !!!!!!Thanks latest pakistani news

    ReplyDelete
  11. Hello! I simply would like to give you a huge thumbs up for your great information you have got here on this post. If you are facing cash app down problems then visit our website cash app customer service

    ReplyDelete
  12. Hello My self fernando Halstead and i am from United states. If you have any problem with Garmin express visit our website and solve your problem. call us at - +1 844-902-0609

    ReplyDelete
  13. Thanks for such a great post and the review, I am totally impressed! Keep stuff like this coming. Security Consulting

    ReplyDelete
  14. Hey there! I simply would like to give you a big thumbs up for your great info you've got right here on this post. I'll be coming back to your web site for more soon.
    Lyrics of all the Hindi songs from movies and albums. In addition, we have the translations for these songs.

    List are Here:
    Song Lyrics
    bollywood song lyrics
    bhojpuri song lyrics
    hindi song lyrics
    haryanvi song lyrics
    punjabi song lyrics
    english song lyrics

    ReplyDelete

  15. I’m impressed, I have to admit. Rarely do I encounter a blog that’s both equally educative and amusing, and without a doubt, you have hit the nail on the head. Garmin express not working mac

    ReplyDelete
  16. The tone is so powerful and conceivable.
    nuclear explosion

    ReplyDelete
  17. Your style is very unique in comparison to other folks I've read stuff from. Thanks for posting when you've got the opportunity, Guess I will just book mark this blog. Roadrunner Email Settings

    ReplyDelete
  18. I am impressed. I don't think Ive met anyone who knows as much about this subject as you do. You are truly well informed and very intelligent. You wrote something that people could understand and made the subject intriguing for everyone. Really, great blog you have got here.

    ReplyDelete
  19. Thankyou for sharing the data which is beneficial for me and others likewise to see. Aegean College

    ReplyDelete
  20. Great survey, I'm sure you're getting a great response. cctv camera

    ReplyDelete
  21. Thank you so much for this informative post. Roadrunner email problems

    ReplyDelete
  22. Your good knowledge and kindness in playing with all the pieces were very useful. I don’t know what I would have done if I had not encountered such a step like this.
    CRM with Invoicing

    ReplyDelete
  23. If you as of now have contacts to showcase your new security monitor organization then you are on top of things.Retail Security guard

    ReplyDelete
  24. No doubt this is an excellent post I got a lot of knowledge after reading good luck. Theme of blog is excellent there is almost everything to read, Brilliant post. online chatting websites

    ReplyDelete
  25. breach the security You make so many great points here that I read your article a couple of times. Your views are in accordance with my own for the most part. This is great content for your readers.

    ReplyDelete
  26. When your roof is in need of replacement you need to hire a pro. Our roofers are experienced in the process from the removal of the roof to the finish ensuring your home is clean and free of all debris roof repair greenville sc

    ReplyDelete
  27. A wave of our all-natural Lelu Soaps and bath products, treat yourself with your body submerged in our rich combinations of natural oils and butters. They are beneficial to the skin; revitalize your energy and help you achieve mental serenity. Made with all natural ingredients and 100% pure and natural additives and essential oils to soak into your skin and exfoliate and leave your skin feeling amazing!
    natural handmade soap , natural soap bar , Vegan Bath Bomb , Lelu Bath Fizz Collection , clean beauty products , organic skincare

    ReplyDelete
  28. Even though the average security guard in the USA makes a salary of less than $12.00 per hour (some much less), www.24response.com when a business adds up the total hours and all associated costs, the total cost of security officers can easily be one of the biggest security expenditures.

    ReplyDelete
  29. area 51 iptv
    The face of television has changed over the years. For decades, people had to deal with cable providers to deliver content to their TV sets. However, this model has been replaced by modern technology innovations. The game-changing services like Area 51 IPTV have entered the entertainment market to disrupt the traditional model once and for all.

    ReplyDelete
  30. kore trak watch makes it easy to understand and monitor your health. A quick glance at your wrist and you will be able to track all your key vitals such as heart rate, steps taken, and calories burned.
    The no-fuss interface also allows you quickly to set up your workout with less planning so you can just focus on achieving your goals.

    ReplyDelete
  31. Keep the ball rolling you have done the great job here.
    other

    ReplyDelete
  32. Bitcoin permits you to make exchanges without uncovering your character. However the framework works in plain general visibility. Anybody can see these exchanges which are recorded on the web. This straightforwardness can drive another trust in the economy. bitcoin mixer

    ReplyDelete
  33. idgod
    Our product designs are high quality, effective, and combined with fast delivery and top-notch production system, make sure get your order faster. If you want get a high quality ID, IDGOD is trustworthy. We have over 50 Fake IDs.IDGOD has been the best fake id maker in the market for over 15 years. Order yours today!


    ReplyDelete
  34. We're Hollywoods elites best kept secret for spray tanning . Many popular celebrities have been spray tanned where the spray tan artists use our spray tan formulas. Our formulations or spray tan solutions and products are known to produce the most natural looking spray tans for over the last decade. We use the highest grade DHA in our products along with the finest skin care ingredients most being natural or organic. All of our products are safe for all skin types, not tested on animals and paraben free. We have trained over 300 professional spray tan artists most from USA but many have flown from other countries too to get VIP certified.
    fake tan ,
    sunless tanning ,
    sunless tan ,
    self tanner ,
    best self tanner ,
    self tanning mousse ,
    spray tan machines ,
    maximist ,
    norvell sunless

    ReplyDelete
  35. best online payment gatewayIPS allows businesses to accept payments in multiple ways, typically we provide debit or credit card machines. We are providing in-store and online payment solutions, Countertop terminals (debit machines), Long/Short Range Terminal, POS systems, ATM and Thermal paper rolls for debit machines and Credit Card Machines & Printers.

    ReplyDelete
  36. cebanqq1.vip
    cebanqq merupakan situs judi online qq, poker online, dominoqq terpercaya

    ReplyDelete
  37. This Divi theme review for 2020 was written by a professional web design agency with 15 years of experience. Divi is a popular Wordpress theme with the best page builder available for Wordpress.

    ReplyDelete
  38. The most important equipment a private investigator has available during the course of conducting surveillance is his mind and its esoteric components.
    look here

    ReplyDelete
  39. find a job you love on Lensa! Search millions of jobs online and find companies who are hiring now on our new job board.

    ReplyDelete
  40. The result of a game, competition or an uncertain event is called gambling. Gambling risk and profit prospects are very uncertain. The rules by which gambling games are played sometimes allow some players to manipulate the game to serve their own interests. So, it is important to have knowledge about the game.

    먹튀검증
    사설토토

    ReplyDelete
  41. Legal problems can be incredibly stressful. During this challenging time, a dedicated and reliable attorney can make a significant difference in the outcome of your matter. If you're seeking legal guidance, I have the expertise that you need. Ferguson Law Group, LLC is focused solely on the needs of my clients. I provide professional and effective representation.
    Car Accident Attorney Ferguson Law Group

    ReplyDelete
  42. Positive site, where did u come up with the information on this posting? I'm pleased I discovered it though, ill be checking back soon to find out what additional posts you include. فناوری اطلاعات

    ReplyDelete
  43. Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work! https://pitchnotecreative.com/home-security-camera-computer-monitoring-technology-allows-you-to-remotely-check-your-property/

    ReplyDelete
  44. Additionally, the electronic interface permits internet business dealers to watch that a request is inside reliable and that the request, receipt, and receipt coordinate. Through web based business, firms can move quite a bit of their client care on line with the goal that clients can get to information bases or manuals legitimately.Alfresco Training

    ReplyDelete
  45. 먹튀검증완벽한사이트저희먹튀커머스는 2016년 5월부터지금까지먹튀커머스를믿고방문해주시는유저분들을위해더이상먹튀없는공정한배팅문화를만들기위해서항상노력하고유저분들에소리에귀를기울리는 NO.1 먹튀검증커뮤니티입니다. 또한먹튀커머스에서는무분별한배팅사이트들을일방적으로추천하지않고철저한검수작업을토대로사전에먹튀사고가발생안되게끔유저분들에게추천하는만큼저희측에등록되어있는배팅사이트내에서혹여먹튀가발생한다면오로지그책임은저희먹튀커머스에있음을알려드립니다.먹튀검증

    ReplyDelete
  46. 안녕하세요먹튀잡고입니다먹튀, 먹튀검증의모든정보를제공하고있습니다항상저희먹튀잡고에방문해주시는배터여러분들에게감사드립니다. 저희먹튀잡고에서는배터여러분들에게다양한정보및소식들을드리고자항상최선을다하고있습니다혹여다른토토사이트이용하시기전에저희먹튀잡고에서진행하는인증업체를방문해주신다면 대단히감사하겠습니다. 저희먹튀잡고에서는추후발생할수도있는토토먹튀 에대해서 모든책임을지고있습니다. 요즘들어먹튀사이트가많이생겨나는 추세에배터님들자신의자산을안전히지키시길바라겠습니다. 이번에말씀드릴내용은해외에서운영하는사이트들과현지에서운영하는사이트들에대해서말씀드리고자합니다. 먹튀

    ReplyDelete
  47. Dear Romanians,
    The Romanian Embassy in the United Kingdom of Great Britain and Northern Ireland reminds Romanian citizens who want to obtain resident status in this country that they have only one year left for registration.To date, over 3.6 million citizens of the European conomic Area have applied for SETTLED or PRE-SETTLED status and over 3.3 million citizens have received the new resident status. Don't forget to apply in the next period to protect your current right to live, work and study in the UK, without restrictions, if you want to stay in the UK and after 30 June 2021. Visit for more information
    romani in uk

    ReplyDelete
  48. how to buy fake degree online, where to buy fake diploma? Can I get a fake diploma in USA.
    Purchase fake certificate online,
    buy degree |fake degree| buy diploma|online degree|university transcript|fake diploma| provide MBA diploma, PHD diploma.with
    Full color Ink Emblem, Embossed gold emblem, flat gold foil emblem,Raised putty ink actual state emblem, hologram.
    buy fake degree from AUS university,buy bachelor degree,where to buy fake degree,Buy fake degree online from UK
    buy fake diploma & degree & certificate, plz contact us
    how to buy fake diploma online, where to buy fake diploma, purchase fake diploma,
    obtain fake degree, order fake diploma online.
    how to buy a fake degree online

    ReplyDelete
  49. Professional partner to improve and boost your Alexa or Google rank.
    professional seo services

    ReplyDelete
  50. The yield delivered by PC security cameras varies relying on the camera. Security camera installation

    ReplyDelete
  51. Hi there! Nice material, do keep me posted when you post something like this again! I will visit this blog leaps and bounds for more quality posts like it. Thanks... empresa de seguridad

    ReplyDelete
  52. At RPD Limousine we are committed to delivering the best in class, taste, and distinction, all while making sure to take special care of you and leave you safe and satisfied. Whether you need to be taken home from the airport, get your guests to your wedding reception, have a night out with your closest friends, or you just want to get to where you’re going in style and comfort, we’re here to offer the BEST service, the very varied selection of transportation at the best possible, affordable prices.
    RPD Limo Somerset County New Jersey NJ

    ReplyDelete
  53. Modest security cameras don't have these choices. Low-evaluated security cameras are the most ideal route for mortgage holders to shield their property without purchasing to significant security organizations. security camera tech support

    ReplyDelete
  54. Grammar is a writing assistant. Get clear, constructive writing advice wherever you work. We provide clear, constructive writing advice that works where you work, enabling better understanding between people. Our products can help you with grammar, spelling, punctuation, brevity, clarity, readability and much more. Improve any text easily. Fix punctuation errors. Quickly find and add sources. Exclude grammar errors.
    best app for writers

    ReplyDelete
  55. Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info. ip camera

    ReplyDelete
  56. This is also a very good post which I really enjoyed reading. It is not every day that I have the possibility to see something like this.. 먹튀검증

    ReplyDelete
  57. Excellent article. Very interesting to read.Thanks!
    At Budget Boat Things we stock and ship a wide variety of boat parts, electronics, and accessories from the United States. We stock trusted known brands and ship directly from our 2 warehouses in the USA. We strive to always keep our prices low and affordable. We pride ourselves on our competitive prices and excellent customer service. In this blog, we will answer some frequently asked questions and supply you with a list of things you need to look for when buying a used boat; this list will give you a good idea of red flags to look out for.
    best quality boats parts

    ReplyDelete