際際滷

際際滷Share a Scribd company logo

Cyber security & gaming - LevelUp! 2018 - v.3.1

Download as PPSX, PDF
Fabrizio Cilli
Fabrizio Cilli

This document discusses the convergence of cybersecurity and gaming. It argues that cybersecurity and gaming development share principles like the need for fast, continuous development and deployment. However, gaming also introduces security risks like the theft of user accounts and digital goods. To address these risks, the document recommends integrating cybersecurity practices into gaming development like application security testing, extending PCI security standards to gaming, and ensuring proper IoT security for connected gaming devices. Overall, the document frames cybersecurity and gaming as an "unmissable marriage" where both fields can learn from each other to better secure games and gamers.

1 of 27
Download to read offline
CYBERSECURITY & GAMING THE UNMISSABLE MARRIAGE All Images used are Copyright速 of their respective owners.
WHOS WHO ?
A BRIEF INTRODUCTION ABOUT MYSELF: Im THIS GUY here* - > YEAH TRUE STORY I REALLY DO ENJOY WORKING AROUND THE BUSH! https://it.linkedin.com/in/fabriziocilli www.linkedin.com/pulse/posts/fabriziocilli* I know I look much better in the picture FABRIZIO CILLI
A BRIEF INTRODUCTION ABOUT MYSELF: ! * Special Thanks: Mom and Dad. 18 An unforeseeable amount of years of Happiness, Fulfillment and Personal Growth ! :D :D :D *** ** You dont want to enter into details HERE. *** OPTIMISM is the scent of life!.
LATEST WORKS : https://it.linkedin.com/in/fabriziocilli www.linkedin.com/pulse/posts/fabriziocilli/FabrizioCilli A View on Cyber Security 2015 ISACA Call for Papers Feeling Vulnerable is Good 2015 Dev:Mob Startup MeetUps Dantes, Is Coding A Divine Gift? 2017 Developers.NL MeetUp A quick overview of some key elements in cybersecurity. Dedicated to Battleship Yamatos glorious history, a side view on Vulnerability and Attack Vectors. A parallel between Coding Security and Dante Alighieris Divine Comedy held in Florence of course!
WHY CYBER + GAMING WITH SO MANY BUZZWORDS AROUND WHY CHOOSE EM FOR THIS TALK?
CYBER IS COOL GAMING TOO
WHY I CONSIDER CYBER SECURITY AND GAMING AS CONVERGING FORCES AND ABILITIES ? ARE YOU LINKING THE SAME DOT AS I AM ? LETS TAKE A DEEP BREATH (theres much to consider here), THINK OVER IT, THEN LETS DIVIDE AND CONQUER TOGETHER!
CYBER SEC TOPICS Cybersecurity (Formerly IT SEC OPS) DevSecOps (A hatred contraption) I.o.T. Security GAMING DEV TOPICS Gaming Development DevOps (the beloved one) Virtual Reality Gaming IoT Devices
OF THE SPOTLESS CYBER SECURITY EXPERT MIND THE SPOTLESS GAMING DEVELOPER MIND ! THE
FAST, CONTINUOUS DEV IS KEY FOR GAMING ! Speed Unit Testing Bug Check Play Test Agile or Spiral ALMs Layered Approach Re-Use Industrialization Multi Platform Builds MVP Accelerated Build Fast Deploy Fast (Functional) Testing Fast Release Application Lifecycle Management Release Models Key Factors Wheres NON- FUNCTIONAL TESTING ?!?! GIMME SOME SECURITY !!!
NOW LETS GET SERIOUS SECURITY IS A NEED ! Gaming Network / Endpoints Gaming Networks / Endpoints User Phishing Direct Attacks Vulnerabilities and Patching Obsolescence User Endpoints / Servers Falsification and theft of virtual goods or data Deliberate and Traversal Hacking Issues Trojans Man-made hacking Server Maintenance Problem Identity Theft Attack Types Attack Vectors
WHAT CAN GO WRONG ? WHY BOTHER SO MUCH ? YOUD BE SURPRISED ! https://blog.highfidelity.com/roadmap-protecting-intellectual-property-in-virtual-worlds-4388096d72c2 What could go wrong, were just PLAYING! Never heard of Cryptocurrencies in gaming? Uhm, yeah I guess some of my swords are worth few bucks now How about I steal your account and sell them ALL? WhaAt? Not my Teebu's Blazing Longsword! Ohhh Yes! And even your friends lists and emails, in order to POWN them too!! Ahahah! So youll learn not to Secure your Code!NoooooOoOoOo !!! You cant be serious!
CYBERSECURITY FOR GAMING Protect the Intellectual Property Protect the Infrastructure Avoid cross/internal attacks Protect digital currencies use Adhere to the National Defense Program, beyond boudaries for that is the business core for that is where you host your clients for broken code is a skyfall for theyre a thing now! Whatever you do, GDPR, NIS Directive and NIST WILL find you! What For and Why
CYBERSECURITY FOR GAMING Protect the Intellectual Property Protect the Infrastructure Avoid cross/internal attacks Protect digital currencies use Adhere to the National Defense Program, beyond boudaries DATA MANAGEMENT THREAT MANAGEMENT CODE & APP SECURITY TESTING EXTENDING PCI-DSS PRINCIPLES LOG, CORRELATE, CONTAIN, MITIGATE and REPORT BREACHES TIMELY What For and thanks to? You dont WANT to be the VECTOR of a DISASTER, EVER ! https://www.techworld.com/security/uks-most-infamous-data-
CODE & APPSEC FOR GAMING SAST Static Application Security Testing : Working closely with CD/CI infrastructures is timed to respond to the need of testing before releasing. It also provide Security Awareness to your developers thanks to a virtuous feedback and remediation mechanism, even integrated with your IDE of choice. DAST Dynamic Application Security Testing : By Automated Tools (less efficient) or better by direct testing, the Dynamic Test takes place when application chunks are released in their natural environment, making it the most accurate way to verify that the combination of Application, Hosting Infrastructure and linked Devices (IoT shortly) wont allow an attacker to ruin your SecureIm sure you agree this is worthy
DEVSECOPS FOR GAMING Release Management is necessarily an accelerated process, DevOps infrastructure change management automation and automated provisioning too. Its unthinkable to process all this without Security Orchestration, to assure Patching, Golden Copies & Snapshots Updates and Vulnerability Management. DevOps cannot thrive without SecOps Its a matter of working at speed or working securely, at speed ! Gaming Industry owes it To The Gamers!
I.O.T. SECURITY FOR GAMING DEVICES A VERY QUICK SLIDE HERE Should I mention Amazon ECHO ? Should I mention FitBit ? Maybe I should mention Connected CARS? Sniper Rifles, maybe? Or just go back to STUXNET, Nuclear Plants? You dont WANT to be in THIS LIST EVER ! https://www.embitel.com/blog/embedded-blog/security-challenges-faced-by-iot- FEW WHYs? LACK OF TESTING CROSS ATTACK VECTOR CROSS ATTACK VECTOR LACK OF TESTING LACK OF TESTING
I.O.T. SECURITY IS A SERIOUS AND VERY INTIMATE MATTER !
THE LARGEST THREAT IN CYBER GAMING ISSUES YEAH IM GOING TO DO IT : PLAYSTATION NETWORK XBOX Live Battle.Net STEAM You dont WANT to be in THIS LIST EVER ! https://www.bestvpn.com/privacy-news/gaming-industry-leak/ and yet Im here to FIX not to SCARE : Core Infrastructure Hack DDoS, Infrastructure Resilience DDoS on eb Frontend Infrastructure Steam Stealer Malware plus a number of previous attacks to Users Endpoints Not a Blame Game, but better a wake - up call
AWARENES S FOR GAMERS REMEMBER THEY PLAY WITH YOUR BUSINESS!
VIDEO GAMES AS A TRAINING TOOL TO PREPARE THE NEXT GENERATION OF CYBER WARRIORS Christopher Herr, Dennis M. Allen - July 2015 - Cyber Workforce Development (CWD) Carnegie-Mellon University Software Engineering Institute To summarize, Cybersecurity and Gaming UNMISSABLE marriage, is a two-way process. Since 2015 we measured an explosive growth in attacks against the Gaming Industry, and on the other side we lack the right amount of Cyber professionals to defend it. A Virtuous Exchange is due to compensate for that ! https://resources.sei.cmu.edu/asset_files/Presentation/2015_017_001_4
LIFE IS SHORT LEAVE YOUR MARK !
WILL YOU MARRY ME ? I think I can finally understand how much it Is important to stay Secure! Oh my this change of heart is very touching Guile Our customers, the sap of our online business! Would you marry me, and keep that promise for me? Not just for ourselves, but also for those we oath to protect! Chun-Li, it SOUNDS GOOD.
LONG STORY SHORT That, of Cyber Security and Gaming Dev (including all the Gaming Infrastructures you can think of), is indeed an unmissable marriage, built to last. Secure By Design, is the fundamental Oath we should think as last thought before sleep LIVE LONG AND PROSPER.
ANY QUESTION ?! HUH ?!
All Images used are Copyright速 of their respective owners.

More Related Content

Cyber security & gaming - LevelUp! 2018 - v.3.1

  • 1. CYBERSECURITY & GAMING THE UNMISSABLE MARRIAGE All Images used are Copyright速 of their respective owners.
  • 3. A BRIEF INTRODUCTION ABOUT MYSELF: Im THIS GUY here* - > YEAH TRUE STORY I REALLY DO ENJOY WORKING AROUND THE BUSH! https://it.linkedin.com/in/fabriziocilli www.linkedin.com/pulse/posts/fabriziocilli* I know I look much better in the picture FABRIZIO CILLI
  • 4. A BRIEF INTRODUCTION ABOUT MYSELF: ! * Special Thanks: Mom and Dad. 18 An unforeseeable amount of years of Happiness, Fulfillment and Personal Growth ! :D :D :D *** ** You dont want to enter into details HERE. *** OPTIMISM is the scent of life!.
  • 5. LATEST WORKS : https://it.linkedin.com/in/fabriziocilli www.linkedin.com/pulse/posts/fabriziocilli/FabrizioCilli A View on Cyber Security 2015 ISACA Call for Papers Feeling Vulnerable is Good 2015 Dev:Mob Startup MeetUps Dantes, Is Coding A Divine Gift? 2017 Developers.NL MeetUp A quick overview of some key elements in cybersecurity. Dedicated to Battleship Yamatos glorious history, a side view on Vulnerability and Attack Vectors. A parallel between Coding Security and Dante Alighieris Divine Comedy held in Florence of course!
  • 6. WHY CYBER + GAMING WITH SO MANY BUZZWORDS AROUND WHY CHOOSE EM FOR THIS TALK?
  • 8. WHY I CONSIDER CYBER SECURITY AND GAMING AS CONVERGING FORCES AND ABILITIES ? ARE YOU LINKING THE SAME DOT AS I AM ? LETS TAKE A DEEP BREATH (theres much to consider here), THINK OVER IT, THEN LETS DIVIDE AND CONQUER TOGETHER!
  • 9. CYBER SEC TOPICS Cybersecurity (Formerly IT SEC OPS) DevSecOps (A hatred contraption) I.o.T. Security GAMING DEV TOPICS Gaming Development DevOps (the beloved one) Virtual Reality Gaming IoT Devices
  • 10. OF THE SPOTLESS CYBER SECURITY EXPERT MIND THE SPOTLESS GAMING DEVELOPER MIND ! THE
  • 11. FAST, CONTINUOUS DEV IS KEY FOR GAMING ! Speed Unit Testing Bug Check Play Test Agile or Spiral ALMs Layered Approach Re-Use Industrialization Multi Platform Builds MVP Accelerated Build Fast Deploy Fast (Functional) Testing Fast Release Application Lifecycle Management Release Models Key Factors Wheres NON- FUNCTIONAL TESTING ?!?! GIMME SOME SECURITY !!!
  • 12. NOW LETS GET SERIOUS SECURITY IS A NEED ! Gaming Network / Endpoints Gaming Networks / Endpoints User Phishing Direct Attacks Vulnerabilities and Patching Obsolescence User Endpoints / Servers Falsification and theft of virtual goods or data Deliberate and Traversal Hacking Issues Trojans Man-made hacking Server Maintenance Problem Identity Theft Attack Types Attack Vectors
  • 13. WHAT CAN GO WRONG ? WHY BOTHER SO MUCH ? YOUD BE SURPRISED ! https://blog.highfidelity.com/roadmap-protecting-intellectual-property-in-virtual-worlds-4388096d72c2 What could go wrong, were just PLAYING! Never heard of Cryptocurrencies in gaming? Uhm, yeah I guess some of my swords are worth few bucks now How about I steal your account and sell them ALL? WhaAt? Not my Teebu's Blazing Longsword! Ohhh Yes! And even your friends lists and emails, in order to POWN them too!! Ahahah! So youll learn not to Secure your Code!NoooooOoOoOo !!! You cant be serious!
  • 14. CYBERSECURITY FOR GAMING Protect the Intellectual Property Protect the Infrastructure Avoid cross/internal attacks Protect digital currencies use Adhere to the National Defense Program, beyond boudaries for that is the business core for that is where you host your clients for broken code is a skyfall for theyre a thing now! Whatever you do, GDPR, NIS Directive and NIST WILL find you! What For and Why
  • 15. CYBERSECURITY FOR GAMING Protect the Intellectual Property Protect the Infrastructure Avoid cross/internal attacks Protect digital currencies use Adhere to the National Defense Program, beyond boudaries DATA MANAGEMENT THREAT MANAGEMENT CODE & APP SECURITY TESTING EXTENDING PCI-DSS PRINCIPLES LOG, CORRELATE, CONTAIN, MITIGATE and REPORT BREACHES TIMELY What For and thanks to? You dont WANT to be the VECTOR of a DISASTER, EVER ! https://www.techworld.com/security/uks-most-infamous-data-
  • 16. CODE & APPSEC FOR GAMING SAST Static Application Security Testing : Working closely with CD/CI infrastructures is timed to respond to the need of testing before releasing. It also provide Security Awareness to your developers thanks to a virtuous feedback and remediation mechanism, even integrated with your IDE of choice. DAST Dynamic Application Security Testing : By Automated Tools (less efficient) or better by direct testing, the Dynamic Test takes place when application chunks are released in their natural environment, making it the most accurate way to verify that the combination of Application, Hosting Infrastructure and linked Devices (IoT shortly) wont allow an attacker to ruin your SecureIm sure you agree this is worthy
  • 17. DEVSECOPS FOR GAMING Release Management is necessarily an accelerated process, DevOps infrastructure change management automation and automated provisioning too. Its unthinkable to process all this without Security Orchestration, to assure Patching, Golden Copies & Snapshots Updates and Vulnerability Management. DevOps cannot thrive without SecOps Its a matter of working at speed or working securely, at speed ! Gaming Industry owes it To The Gamers!
  • 18. I.O.T. SECURITY FOR GAMING DEVICES A VERY QUICK SLIDE HERE Should I mention Amazon ECHO ? Should I mention FitBit ? Maybe I should mention Connected CARS? Sniper Rifles, maybe? Or just go back to STUXNET, Nuclear Plants? You dont WANT to be in THIS LIST EVER ! https://www.embitel.com/blog/embedded-blog/security-challenges-faced-by-iot- FEW WHYs? LACK OF TESTING CROSS ATTACK VECTOR CROSS ATTACK VECTOR LACK OF TESTING LACK OF TESTING
  • 19. I.O.T. SECURITY IS A SERIOUS AND VERY INTIMATE MATTER !
  • 20. THE LARGEST THREAT IN CYBER GAMING ISSUES YEAH IM GOING TO DO IT : PLAYSTATION NETWORK XBOX Live Battle.Net STEAM You dont WANT to be in THIS LIST EVER ! https://www.bestvpn.com/privacy-news/gaming-industry-leak/ and yet Im here to FIX not to SCARE : Core Infrastructure Hack DDoS, Infrastructure Resilience DDoS on eb Frontend Infrastructure Steam Stealer Malware plus a number of previous attacks to Users Endpoints Not a Blame Game, but better a wake - up call
  • 22. VIDEO GAMES AS A TRAINING TOOL TO PREPARE THE NEXT GENERATION OF CYBER WARRIORS Christopher Herr, Dennis M. Allen - July 2015 - Cyber Workforce Development (CWD) Carnegie-Mellon University Software Engineering Institute To summarize, Cybersecurity and Gaming UNMISSABLE marriage, is a two-way process. Since 2015 we measured an explosive growth in attacks against the Gaming Industry, and on the other side we lack the right amount of Cyber professionals to defend it. A Virtuous Exchange is due to compensate for that ! https://resources.sei.cmu.edu/asset_files/Presentation/2015_017_001_4
  • 24. WILL YOU MARRY ME ? I think I can finally understand how much it Is important to stay Secure! Oh my this change of heart is very touching Guile Our customers, the sap of our online business! Would you marry me, and keep that promise for me? Not just for ourselves, but also for those we oath to protect! Chun-Li, it SOUNDS GOOD.
  • 25. LONG STORY SHORT That, of Cyber Security and Gaming Dev (including all the Gaming Infrastructures you can think of), is indeed an unmissable marriage, built to last. Secure By Design, is the fundamental Oath we should think as last thought before sleep LIVE LONG AND PROSPER.
  • 27. All Images used are Copyright速 of their respective owners.