how secure is your website?

Ian Grey

April 2016

How secure is your website?

What I would like to cover

1. Introduction2. How secure is your

website?3. Being more secure

FTSE 100

15 years experience of managing website builds & ongoing maintenance

Public Sector

Publishers SMEs

Introduction• Experience and scars

Introduction• Experience and scars• Services

• Cyber security• Information security (paper, verbal)• Physical security• Business continuity• Awareness training

Philippines 55mHow secure is your website?

• Some recent security breaches

Images from Wikipedia and Mossack Fonseca

Turkey 50m

Panamanian law firm 11m

Syria 274,000

How secure is your website?

• Some recent security breaches

• Causes?

• Old versions of Drupal, Joomla and WordPress

• Hosting environment

• Unencrypted emails and old version of Outlook

• Lack of testing

• Insiders

How secure is your website?

• Some recent security breaches

• Causes?• The bigger picture

IntegrityAccurate & Complete

AvailabilityTo authorized people

ConfidentialityPrivate & Secure

How secure is your website?

• Some recent security breaches

• Causes?• The bigger picture• Should these be

allowed?

Not Acceptable!An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.

400 Bad RequestRequest Header Or Cookie Too Large

Don’t forget about social media

Being more secure

• US– Know what information you have– Ask what security measures are being

taken by your suppliers– Control access– Secure your phone

• THEM (in a nice way)– Development and testing– Keeping software up to date– Hosting

General Data Protection RegulationsGDPR

Thank you Ian.grey@wadiff-consulting.co.uk 07941 188462 https://twitter.com/wadiffconsult

https://wadiff-consulting.co.uk/