Lessons from a security incident
YOW! CTO Summit 2018 Melbourne
When you experience a breach as a tech organisation, it is how you respond, and what you learn from it, that matters most.
We invested heavily in security at PageUp, even going through the ISO 27001 certification process, including having a very active Information Security Governance Committee and a robust security incident response plan -- however -- until May, a security incident was something that you prepared for, but always happened to other organisations.
These days, cyber attacks are a fact of life: it is now a question of when, not if, they will happen to your organisation. That mindset switch has many implications to culture, technology and investment.
We often hear about security incidents from industry experts, academics and commentators in the media. This is a valuable opportunity to share my personal experience with my peers. In this talk, I’ll take you through the key lessons we have learned as an organisation and how we’re implementing this mindset switch.