As an engineer, you will probably have wondered “why didn’t they secure this just a little better” after you’re notified of yet another breach of your information. As professionals, we understand how security should work in our corner of the organization, but what about the rest? Outside IT, security and risk are often handled in a very different way. This talk will show you a peek of how the “real world” thinks about security. We’ll touch upon the models that are used, how risk is quantified, and why smart companies sometimes take dumb risks. We’ll show you the breadth of security, ranging from encryption, IDSs and firewalls to personnel security training, risks vs measures, legislation (like Europe’s GDPR and Dutch law) and terms like “residual risk.” To top it off, we will go into some of the main risks threatening organizations today. This talk will bring you a more complete picture of what “security” actually is, and helps you understand—and provide arguments against—decisions that don’t make sense from your point of view.
Digital security for engineers [DevCon]