The essence of “Security by Design”
With great new possibilities come great new security and privacy challenges and threats for the financial sector. Systems are increasingly connected, increasingly complex, increasingly open and increasingly under threat of criminals and cyber vandalists. The proof of this can be read in the papers almost every day. The growth of financial high-tech is faster than ever, bringing new security possibilities and issues, and at the same time there is still a large base of legacy that is not going anywhere, also bringing challenges with respect to security risks.
Software plays a large role in these threats because it is central in the processing of information. It is with good reason that in the new “PCI DSS 3.2” it is now explicitly required that the source code should be reviewed by experts prior to releases. This is essential to really find the weaknesses buried in these systems that cannot be found using the regular security tests. These weaknesses require 100 times more effort to fix than to build it right in the first place, which is why it is so important to practice “security by design” as early as possible in the development process.
New privacy regulations, especially the GDPR, require that – apart from securing personal data – the way of processing this data also needs close attention. Regulation fines are higher than ever.
In this key track session, we will take you through observations we made during the many software security & privacy assessments that we performed, to show you and share with you the pitfalls of unconscious incompetence. Next we will analyze why we are seeing the same mistakes over and over again. This allows us to address the root causes to come towards a ‘set of steps’ that is essential for your daily practice to secure your business and your clients interest and trust.
Related interesting reads:
1. Web – Escape from legacy mountain