-
Notifications
You must be signed in to change notification settings - Fork 0
Home
An typical complaint we've been hearing for a while, is that developers don't take Security into consideration when developing their apps. This message has reach a lot of developers and change is afoot. However, holistically security often still isn't a consideration in startups. Its the adopting of SaaS platforms that have increased security throughout startups. Sometimes when administrators don't understand that security implications of a SaaS/PaaS/IaaS configuration they unintentionally undermine their data security (e.g. AWS S3 public buckets).
Security at a startup should be present at day one and logically grow with the company. Security budget, headcount and when and where controls(security configurations/tools/procedure) are implemented needs to make sense in relation to the data and systems you're protecting. It should allow the maximum freedom to the company to do business, while preserving the trust, essential if the company wants to remain in business.
This repo/resource exists to give every company, a roadmap/guide to establishing and growing their information security capabilities.
Information Security is expensive. There is a world wide shortage of skilled individuals. Those that are skilled can demand wages far above that of other skill sets. Security like all things in IT is a moving target. Attackers become more skilled all the time and their job is easier, they only have to breach you once. We all need to work together to set the bar high for attackers.
Consistently the stats are telling us you're most likely to be compromised via an employee (either intentionally or unintentionally). Most small and medium size organizations are using google Gsuite because of cost, flexibility and familiarity, so a great first place to is here: