Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Presentation

Smelling Out a Bad Security Culture

  • May 2017
  • By Harald Wesenberg (Statoil ASA)
  • In this talk, I share experiences from years of security observations that help identify weak signals of a faulty security culture in a large organization.
  • Publisher: Software Engineering Institute
  • This presentation was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.
  • Abstract

    Some call it the fourth industrial revolution. Some call it the age of digitalization. No matter what you call it, we are harvesting more and more data about people and businesses. This data is then connected to other data and exposed as services, which need to be protected properly. As software architects, our primary security goal is to write secure software. Secure software has a technical aspect that is well covered (if not understood) in developer literature, but there are also human and organizational aspects of security that software architects must manage. These aspects often go beyond the boundaries of the software development organization and are influenced by forces well beyond the company walls. On the path to security, many tradeoffs will be made, and some of them are made outside the IT organization. After working for more than 20 years in large organizations, I have found certain signals that can be used to identify whether you have a weak security culture. In this talk, I will cover topics such as balancing prevention, detection, and response; balancing short-term gains with long time security impact; handling security incidents; and communicating security concerns beyond the IT organization.

  • Download

Part of a Collection

SATURN 2017 Presentations