Security Heroes versus the Power of Privacy
The clash of Security and Privacy! Is this really a heroic battle of Good versus Evil? Or is Privacy not the villain they are made out to be…
In this exciting session, Our Heroes, Captain Security and Professor Privacy, will battle for the hearts of our teams and the department’s budget. Powers will be displayed, arguments will be made, shots will be fired, and eventually these two unlikely foes will learn to respect each other.
And together, they will discover how they can leverage their combined powers to overwhelm any enemy or executive complaint, in order to fulfill their shared destiny: protecting their users through the magic of Threat Modeling!
The main objective of this talk is to highlight the need for integrating privacy approaches into “regular” security activities. While we will be presenting this in a fun, superhero story way, we will tackle common misconceptions many security pros have about privacy. Some example misconceptions include:
- There is no need to invest in privacy;
- It is automatically covered by security;
- There is a conflict between privacy and security.
We will show why security pros need to treat privacy as a first class citizen, how to implement a shared workflow, and how to leverage security activities into a privacy by design approach. A key tool for this is Threat Modeling - while this is becoming more common practice in security teams, this can likewise be used to great effect with privacy implications. This requires some small modifications to classic security threat modeling techniques, and a complementary threat framework such as LINDDUN.
We will explain all of these in a very engaging and fun manner, leaving the audience with a lasting impression and specific, ready-to-use knowledge that they can implement by themselves.