Presentation is loading. Please wait.

Presentation is loading. Please wait.

OWASP Principles for GIS Data Security Keeping your GIS data secure.

Published byGerald Collins Modified over 9 years ago

Similar presentations

Presentation on theme: "OWASP Principles for GIS Data Security Keeping your GIS data secure."— Presentation transcript:

1 OWASP Principles for GIS Data Security Keeping your GIS data secure

2 What is OWASP?  Open Web Application Security Project https://www.owasp.org https://www.owasp.org  A worldwide not-for-profit charitable organization focused on improving the security of software.  Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.  OWASP Cheat Sheets: https://www.owasp.org/index.php/Cheat_Sheets https://www.owasp.org/index.php/Cheat_Sheets

3 Hacking, malware, and other internet crime is:  Not limited to isolated criminals or thrill seeking teens  It is state sponsored, and backed by organized crime  Corporate espionage by businesses seeking advantage  It is NOT decreasing, but increasing

4 People’s Liberation Army (PLA)

5 People’s Liberation Army Unit 61398 Lessons:  Mandiant (IT security consulting firm) found that:  More than 110 prominent companies compromised were American  Industries ranged from telecommunications to aerospace  Businesses and governments attacked  Prevalent mode of attack: “spear-phishing” via Email to gain account credentials  Billions of dollars of economic harm and theft have resulted  Their attacks have been going on for years

6 GIS Data Security  Spatial data of a sensitive nature is more readily available today than any time in the past  More and more, GIS data is an investment in intellectual, commercial and scientific property  The Internet is the predominant mode of transmitting GIS data

7 OWASP  Open Web Application Security Project selected recommendations:  Defense in depth (layers of security)  Positive security model (start with “deny all”, then allow)  Fail securely (hide error codes)  Run least privileges as a basis, then add “allow”  Don’t trust services (such as relying on third party partners) See more at: https://www.owasp.org/index.php/Main_Page

8 OWASP: Passwords  Passwords less than 10 characters are weak  Passphrases less than 20 characters are weak  Maximum password length: 128 or no limit  Password complexity, at least the following:  One upper case  One lower case  One digit (0-9)  One special characters (including spaces!)  Not more than 2 identical characters in a row (e.g. 111 not allowed)

9 Passwords: Assume the worst  In any organization, assume that user account information will someday become compromised  Implement monitoring and other mechanisms to detect, and mitigate damage  Log monitoring  Data backups  Account lock-outs  Some data is too sensitive to expose, do not make internet accessible

10 Other recommendations:  Use “out of band” or “side channel” verification  Email sent to verify account creation  Email/text message to verify access to sensitive resources  Use SSL certificates  Keep systems patched!!!!  User accounts: owners identity and authority must be verified  When transmitting sensitive GIS data, use:  Encryption with compression  Archive file password protection

11 Big to do!  Educate your users  Educate your coworkers  Visit the OWASP Cheat Sheets: https://www.owasp.org/index.php/Cheat_Sheets

12 Questions? The End

Download ppt "OWASP Principles for GIS Data Security Keeping your GIS data secure."

Similar presentations

Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Chapter 9 Information Systems Ethics, Computer Crime, and Security.

Chapter 9 Information Systems Ethics, Computer Crime, and Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Similar presentations

Ads by Google