Information Security - is it everyone's job?
-
Upload
brian-a-johnson -
Category
Documents
-
view
220 -
download
5
Transcript of Information Security - is it everyone's job?
![Page 1: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/1.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
Information Security: "is it everyone's job...really?!"Arizona Technology Summit 2014
Brian Johnson, BISO
PayPal – September 17, 2014
![Page 2: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/2.jpg)
26
CURRENCIES SUPPORTED
152MACTIVE REGISTERED ACCOUNTS
203MARKETS OFFER PAYPAL
EUROPEAN UNIONEURO
AUSTRALIANDOLLAR
CANADIANDOLLAR
NEW ZEALANDDOLLAR
HUNGARIANFORINT
MALAYSIANRINGGIT
UNITED KINGDOMPOUNDS STERLING
HONG KONGDOLLAR
UNITED STATESDOLLAR
TAIWANNEW DOLLAR
CHINESERMB
SWEDISHKRONA
SINGAPOREDOLLAR
PHILIPPINEPESO
BRAZILIANREAL
RUSSIANRUBLE
NORWEGIANKRONE
JAPANESEYEN
MEXICANPESO
TURKISHLIRA
SWISSFRANC
CZECHKORUNA
ISRAELINEW SHEKEL
DANISHKRONE
THAIBAHT
POLISHZLOTY
![Page 3: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/3.jpg)
152MACTIVE
ACCOUNTS1
$7,001 IN PAYMENTS PROCESSEDEVERY SECOND 2
9.3M PAYMENTS PROCESSEDEVERY DAY 3 +6M NEW ACTIVE
ACCOUNTS 1
1. Active Registered Accounts: All registered accounts that successfully sent or received at least one payment or payment reversal through our PayPal payments networks, including Bill Me Later and Venmo, and excluding users of Braintree’s unbranded payment checkout solutions, within the last 12 months and which are currently able to transact., 2. Total Payment Volume: Total dollar volume of payments, net of payment reversals, successfully completed through our PayPal payments networks, including Bill Me Later, Venmo, and payments processed through Braintree’s full stack payments platform during the period; excludes payments sent or received through PayPal and Braintree’s payment gateway businesses. 3. Net Total Number of Payments: Total number of payments, net of payment reversals, successfully completed through our PayPal payments networks, including Bill Me Later, Venmo, and payments processed through Braintree’s full stack payments platform during the period; excludes payments sent or received through PayPal and Braintree’s payment gateway businesses.Htt
ps://www.paypal-media.com/assets/pdf/fact_sheet/PayPal_Q2_2014_FastFacts_Final.pdf
Q2 2014 Financial Metrics
$1 .95B
PAYPAL REVENUES20% YOY
TPV2
29% YOY
$55B
![Page 4: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/4.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
Compliant with PCI-DSS 2.0 StandardsCompliant with local country regulations
4
Compliance Statement: http://www.visa.com/splisting/viewSPDetail.do?coName=PayPal
![Page 5: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/5.jpg)
5© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
security• freedom from care, anxiety, or doubt; well-
founded confidence.
• something that secures or makes safe; protection; defense
job• a piece of work, especially a specific task done as part of the
routine of one's occupation or for an agreed price
• anything a person is expected or obliged to do;
duty; responsibilityhttp://www.dictionary.com
“…is security everyone's job?”
![Page 6: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/6.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
6
@ http://xkcd.com used with permission under Creative commons License
Cyber Attacks have no boundaries
http://www.digitalattackmap.com
![Page 7: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/7.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
7source: http://www.unisyssecurityindex.com/
![Page 8: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/8.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
8
So…"is it everyone's job...really?!"uh, yes!!! duh...
![Page 9: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/9.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
9
internal
> code deployment is now near-instantaneous
> "DevOps" = “welcome flood of privileged users!”
> time to market pressures for feature / function
> insider threats are an increasing concern
> much of IT stinks at basic hygiene
![Page 10: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/10.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
10
external
> cost of attack to hackers continues to drop significantly
> scale of loss and impact to business increases
dramatically
> bad guys don't have to play by the rules
> surface area : tools at scale disproportionate
![Page 11: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/11.jpg)
Three Lines of DefenseResource request focused from the 2nd line on the performance of the 1st line
Line of Business1st Line of Defense Day-to-day Risk Management
Infosec & Tech Risk Mgmt., Tech Compliance, Engagement etc.2nd Line of Defense Risk Oversight
Internal Audit3rd Line of Defense Independent Assurance
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
11
![Page 12: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/12.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
12
guiding principles...
![Page 13: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/13.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
13
security must ENABLE the business
![Page 14: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/14.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
14
be as seamless & transparent as possible
![Page 15: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/15.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
15
treat credentials as highly valuable ASSETS
![Page 16: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/16.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
16
least privileged for all data access
![Page 17: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/17.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
17
data & information protection is in our DNA
![Page 18: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/18.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
18
classification and encryption are about way more than compliance
![Page 19: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/19.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
19
working tenants
![Page 20: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/20.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
20
compliant≠
secure
![Page 21: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/21.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
21
don't write & talk security speak just to sound cool
![Page 22: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/22.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
22
how about a neighborhood block watch, you got my back?
![Page 23: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/23.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
23
people lose stuff, let's plan accordingly!
![Page 24: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/24.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
24
secure is nota permanent
state
![Page 25: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/25.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
25
assess what you hope to never detect
![Page 26: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/26.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
26
inspect what you expect
![Page 27: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/27.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
27
Since security IS everyone's job...let's
share:
![Page 28: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/28.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
28
debate… decide…deliver
secure
![Page 29: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/29.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
29
Reproduced under rights by Twentieth Century-Foxhttps://archive.org/details/ItsEvery1945
![Page 30: Information Security - is it everyone's job?](https://reader036.fdocuments.us/reader036/viewer/2022062304/55900d1f1a28abd53d8b46f7/html5/thumbnails/30.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
For more information, please contact:
Brian [email protected]