Information Security for startups

8

Click here to load reader

description

Information Security for startups was presented on 11 September 2010 at the Barcamp meeting in Antwerp, Belgium. It presents issues, tips and interesting information security pointers for startup businesses in the world of e-commerce.

Transcript of Information Security for startups

Page 1: Information Security for startups

Information Security for startups

Stijn Vande Casteele

@[email protected]

Page 2: Information Security for startups

Overview

➲Introduction➲Your world➲My world➲Tips➲Pointers

Page 3: Information Security for startups

Introduction

➲ Information Security Architect● MSc in InfoSec, CISSP, GCFA● Ubizen(VzB), Telindus/Belgacom > Deloitte.

➲ Startup experience● Scanit, ArcSight, Indio

Page 4: Information Security for startups

Your world

➲ Online➲ Social media➲ IT, Technology➲ Time is money➲ Grow (pains)➲ Partners (offshore) (cheap/uptime/perf)➲ The cloud

Page 5: Information Security for startups

My world

➲ Risk analysis & management

➲ People, Process, Technology

➲ Confidentiality➲ Integrity➲ Availability

Page 6: Information Security for startups

Tips

➲ Can you trust your partners? SLA? Reports?➲ Are secure coding techniques used?➲ Who has access to your backend? Cloud?➲ Protect your most critical information➲ Work out a backup/restore method (DRP)➲ Know what to do in case of a security incident➲ Logs?!➲ Look for expert➲ Keep an eye on the darkside

Page 7: Information Security for startups

Pointers

➲ http://isc.sans.edu➲ http://www.h-online.com/➲ http://www.owasp.org➲ https://www.ecops.be➲ https://www.cert.be➲ http://www.rootsecure.net/

Page 8: Information Security for startups

Questions?