Digi securitypres
-
Upload
duane-raymond -
Category
Government & Nonprofit
-
view
52 -
download
1
Transcript of Digi securitypres
![Page 1: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/1.jpg)
Digital Risks and Security for Activists
eCampaigning ForumFuture ForumApril 11th, 2014
Dirk SlaterFabRiders- www.fabrider.net
@fabrider
![Page 2: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/2.jpg)
![Page 3: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/3.jpg)
Evolution of Information Security Stuff that makes us vulnerable The Problem with Online Services and Security
Tools Frameworks for Information Security Responsibility of Data Collectors Some tools and resources
Today
![Page 4: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/4.jpg)
A personal look at protecting information The rise of the relational database
Evolution of Information Security
![Page 5: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/5.jpg)
Stuff that makes us Vulnerable
• Email• Search engines• Web browsers• Cloud services• VoIP comms• Social networking
• (i.e. everything we do on the internet)
![Page 6: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/6.jpg)
MOBILES
Stuff That Makes Us Vulnerable
![Page 7: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/7.jpg)
The problem with online services
If you aren't paying for it you are the product
![Page 8: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/8.jpg)
The problem with online services
![Page 9: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/9.jpg)
The problem with online services
![Page 10: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/10.jpg)
Why are we surprised?
![Page 11: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/11.jpg)
The problem with security tools
They are often counter-intuitive and not in the reach of mere mortals
They often arise suspicion
It's an arms race
![Page 12: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/12.jpg)
Information about us is shared everywhere Online Services are completely insecure and are
making money off the information they are collecting Security tools are problematic
So?
![Page 13: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/13.jpg)
What about just using a notebook?
![Page 14: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/14.jpg)
How does information itself make people vulnerable?
Information Security not Digital Security
![Page 15: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/15.jpg)
Three things to remember when sharing information
What are your assets?What are the threats?What are the risks?
![Page 16: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/16.jpg)
Assets
How is the information valuable?
![Page 17: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/17.jpg)
What is the threat?
• Confidentiality is keeping assets or knowledge about assets away from unauthorized parties.
• Integrity is keeping assets undamaged and unaltered.
• Availability is the assurance that assets are available to parties authorized to use them.
• Consistency is when assets behave and work as expected, all the time.
• Control is the regulation of access to assets.
• Audit is the ability to verify that assets are secure.
![Page 18: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/18.jpg)
What is the Risk?
The Likelihood of a Threat Actually Occurring:• Confidentiality• Integrity• Availability• Consi• stency• Control • Verification
![Page 19: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/19.jpg)
Responsibility of Data Collection
• How can information be traced back to real people?
• What are the implications of that?
![Page 20: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/20.jpg)
Responsibility of Data Collection
• Do you have consent?• Do people understand how you are
going to use the data?• Do people understand the risks?
![Page 21: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/21.jpg)
Five Questions About Security Solutions*
What assets are you trying to protect? What are the risks to those assets? How well does the security solution mitigate
those risks? What other risks does the security solution
cause? What costs and trade-offs does the security
solution impose?* from Bruce Shneier's book 'Beyond Fear'
![Page 22: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/22.jpg)
Password Managers PGP (email encryption) TOR The Guardian Project (TOR for
Android)
Security Tools to Consider
![Page 23: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/23.jpg)
What are the assets, risks, & threats? Be responsible in your data collection Consider using security tools after you’ve assessed
their impact
Remember
![Page 24: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/24.jpg)
EFF’s Surveillance Self Defense - https://ssd.eff.org/risk
Tactical Tech’s Protect Program – https://protect.tacticaltech.org/
Me and My Shadow https://myshadow.org/# Article 19’s Online Protection Videoshttp
://www.article19.org/online-protection/
Resources
![Page 25: Digi securitypres](https://reader034.fdocuments.net/reader034/viewer/2022052315/554ad2d2b4c90542708b5568/html5/thumbnails/25.jpg)
Dirk Slater
FabRiders
www.fabriders.net
Twitter: @fabrider
THANKS!!!