They make it sound easy. Identify data assets. Assess threats. Protect it. Encrypt it. In theory, sure. In practice, not so much. Besides, what does a real attack look like? This session explores the problem, punch and counter-punch, by demonstrating attack techniques and encryption coding practices. We will start with common use cases, such as data warehousing, payment systems, Big Data analytics, and more. We will then discuss the threats and vulnerabilities, perform a basic threat modeling and risk assessment, and show how criminals punch through the security. Using secure development patterns and tools, we’ll demonstrate how to block and counter-punch the criminals.
J Wolfgang Goerlich supports information security initiatives for clients in the healthcare, education, financial services, and energy verticals. He is the vice president for security programs at CBI, focused on secure IT operations and software development practices. Wolfgang regularly advises and presents on the topics of changing culture, managing risk, and securing systems through-out the development lifecycle.