Upgrade to Pro — share decks privately, control downloads, hide ads and more …

BSidesSanFrancisco2011 - Misdirection: The Rise...

Avatar for Brett Hardin Brett Hardin
February 14, 2011
Technology
1
220

BSidesSanFrancisco2011 - Misdirection: The Rise and Fall and Rise of Regulatory Compliance

Avatar for Brett Hardin

Brett Hardin

February 14, 2011
Tweet

More Decks by Brett Hardin

See All by Brett Hardin
Penetration Testing is Stupid - BsidesSF 2013
Avatar for Brett Hardin bretthardin
2
2.2k
Building Your House on Sand
Avatar for Brett Hardin bretthardin
2
1.5k
Bad Version of Builders vs. Breakers
Avatar for Brett Hardin bretthardin
1
71
Builders vs. Breakers - AppSec 2012
Avatar for Brett Hardin bretthardin
2
1.5k
Security the Wrong Way
Avatar for Brett Hardin bretthardin
2
240
Security? Who Cares! - Privacy is Dead
Avatar for Brett Hardin bretthardin
1
180
OWASP - Top 10
Avatar for Brett Hardin bretthardin
0
1k

Other Decks in Technology

See All in Technology
Cloud Run を解剖して コンテナ監視を考える / Breaking Down Cloud Run to Rethink Container Monitoring
Avatar for Kento Kimura aoto
PRO
0
110
会社員しながら本を書いてきた知見の共有
Avatar for Satoru Takeuchi sat
PRO
3
680
OSMnx Galleryの紹介
Avatar for mopinfish mopinfish
0
150
積み上げられた技術資産と向き合いながら、プロダクトの信頼性をどう守るか
Avatar for PLAID Tech plaidtech
PRO
0
720
Redmineの意外と知らない便利機能 (Redmine 6.0対応版)
Avatar for MAEDA Go vividtone
0
1.1k
データ戦略部門 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
3.1k
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
Avatar for Sansan, Inc. sansan33
PRO
0
2.6k
Scale Security Programs with Scorecarding
Avatar for Rami McCarthy ramimac
0
420
プロジェクトマネジメント実践論|現役エンジニアが語る!~チームでモノづくりをする時のコツとは?~
Avatar for MIXI ENGINEERS mixi_engineers
PRO
3
180
【5分でわかる】セーフィー エンジニア向け会社紹介
Avatar for Safie safie_recruit
0
24k
AIコードエディタは開発を変えるか?Cursorをチームに導入して1ヶ月経った本音
Avatar for Itaru Ota ota1022
1
670
iOS/Androidで無限循環Carousel表現を考えてみる
Avatar for Fumiya Sakai fumiyasac0921
0
130

Featured

See All Featured
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
48
50k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
46
14k
Docker and Python
Avatar for Tania Allard trallard
44
3.4k
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
349
20k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
523
40k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
205
24k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
29
1.7k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
34
2.3k
Visualization
Avatar for Eitan Lees eitanlees
146
16k
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
329
24k
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
110k
How GitHub (no longer) Works
Avatar for Zach Holman holman
314
140k

Transcript

  1. Being Sneaky About Security and Regulations - OR - "Misdirection:

    The Rise and Fall and Rise of Regulatory Compliance" Brett Hardin and Mike Dahn

  2. Who the Hell Are you Two? Mike Dahn @MikD Payment

    Security Guy Brett Hardin @MiscSecurity Application Fixer Author: •  Hacking: The Next Generation •  SpotTheVuln.com •  MiscSecurity.com
  3. None

  4. How Do Regulatory Rules Get Made and The Goals of

    Compliance

  5. Stop Hitting Yourself

  6. None
  7. None
  8. None

  9. Immunization

  10. None
  11. None

  12. Transition.

  13. Black Swans & Data Breaches

  14. None

  15. Real Costs The Placebo Effect of Fear VS.

  16. None
  17. None

  18. Don't make Compliance the End Goal

  19. Transition.

  20. None

  21. Do not focus on the finger or you will miss

    all that heavenly glory [of Regulatory Compliance] Lee (Bruce Lee) Enter the Dragon
  22. None
  23. None
  24. None
  25. None

  26. CISSP

  27. None

  28. Compliance != Security

  29. Out of the Box

  30. THE END