Trustable Tech Mark / Magic Monday at Casa Jasmina TorinoPeter Bihr
Presenting the ThingsCon Trustable Tech Mark at Casa Jasmina's Magic Monday. Torino, 24 September 2018.
Learn more about the ThingsCon Trustable Tech mark at https://thingscon.com/iot-trustmark
Toreon adding privacy by design in secure application development oss18 v20...Sebastien Deleersnyder
The General Data Protection Regulation (GDPR) has arrived!
One monumental change is the introduction of Privacy by Design. In this keynote we will focus on the Privacy by Design (PbD) implications for developers.
Two cornerstones for a successful implementation of PbD will be pitched: 1) the integration of GDPR in a Secure Development Lifecycle approach 2) threat modeling and GDPR risk patterns
Trustable Tech Mark / Magic Monday at Casa Jasmina TorinoPeter Bihr
Presenting the ThingsCon Trustable Tech Mark at Casa Jasmina's Magic Monday. Torino, 24 September 2018.
Learn more about the ThingsCon Trustable Tech mark at https://thingscon.com/iot-trustmark
Toreon adding privacy by design in secure application development oss18 v20...Sebastien Deleersnyder
The General Data Protection Regulation (GDPR) has arrived!
One monumental change is the introduction of Privacy by Design. In this keynote we will focus on the Privacy by Design (PbD) implications for developers.
Two cornerstones for a successful implementation of PbD will be pitched: 1) the integration of GDPR in a Secure Development Lifecycle approach 2) threat modeling and GDPR risk patterns
Towards Security Software Engineering the Smart Grid as a System of SystemsVanea Chiprianov
Presentation at the 10th Annual System of Systems Engineering Conference (SoSE), 2015.05, San Antonio, USA. More details about the paper at https://sites.google.com/site/vaneachiprianov/papers .
This Presentation will cover the attacks. defenses, protocols
Some contents are taken from http://www.ieeesb.ucy.ac.cy/files/2017/11/fundamentals.pdf ,Mobile Computing Technology , Applications and Service Creation by Ashoke K Talukder, Hasan Ahmed, Roopa R Yavagal, wiki and also some other sites.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
The ICT Association Suriname in collaboration with the Telecommunication Authority Suriname (TAS) presented a Cybersecurity awareness session for the members of the Chamber of Commerce. TAS presented the national response to IT incidents by explaining the implementation of the Computer Emergency Response Team (CERT).
Recommendations for policymakers to promote IoT (Internet of Things) innovation and deployment. Including topics such as spectrum, bandwidth, privacy, cyber security, etc
CDI Security Ltd is one of the leading Fibre Optic Installer in Birmingham. We are also an Expert in Access Control Systems, Wireless Links and cabling systems
In this presentation, we discuss the difference between public, private and hybrid cloud; the best practices to use cloud; how to optimise cost and the future of technology.
Emerging Technology Risk Series - Internet of Things (IoT)Eryk Budi Pratama
Presented at Indonesia Honeynet Project (IHP) meetup. This presentation covering:
1. Overview of Industry 4.0
2. IoT Security Model
3. How to Secure IoT
4. Research in IoT
Other emerging technology risk area that will be covered in my professional services:
1. Cloud
2. Mobile
3. Artificial Intelligence / Intelligent Automation
4. Data & Analytics
CDI Security Ltd is one of the leading Fibre Optic Installer in Birmingham. We are also an Expert in Access Control Systems, Wireless Links and cabling systems
Marcellus Buchheit (Wibu-Systems) and Terrence Barr (Electric Imp) talk about how to secure IIoT endpoints, why they are so vital to secure, and how the Industrial Internet Security Framework (IISF) can help. This talk was given during a webinar as part of the #IICSeries, a continuous series of webinars on the industrial internet hosted by the Industrial Internet Consortium.
Intrusion detection and prevention systems market is expected to grow $7.1 bi...DheerajPawar4
[175 Pages Report] Intrusion detection and prevention systems market categorizes the global market by solutions, services, type, deployment type, organization size, vertical & region.
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
With sensitive data residing everywhere, organizations becoming more mobile, and the breach epidemic growing, the need for advanced data privacy and security solutions has become even more critical. French regulators cited GDPR in fining Google $57 million and the U.K.'s Information Commissioner's Office is seeking a $230 million fine against British Airways and seeking $124 million from Marriott. Facebook is setting aside $3 billion to cover the costs of a privacy investigation launched by US regulators.
This session will take a practical approach to address guidance and standards from the Federal Financial Institutions Examination Council (FFIEC), EU GDPR, California CCPA, NIST Risk Management Framework, COBIT and the ISO 31000 Risk management Principles and Guidelines.
Learn how new data privacy and security techniques can help with compliance and data breaches, on-premises, and in public and private clouds.
Towards Security Software Engineering the Smart Grid as a System of SystemsVanea Chiprianov
Presentation at the 10th Annual System of Systems Engineering Conference (SoSE), 2015.05, San Antonio, USA. More details about the paper at https://sites.google.com/site/vaneachiprianov/papers .
This Presentation will cover the attacks. defenses, protocols
Some contents are taken from http://www.ieeesb.ucy.ac.cy/files/2017/11/fundamentals.pdf ,Mobile Computing Technology , Applications and Service Creation by Ashoke K Talukder, Hasan Ahmed, Roopa R Yavagal, wiki and also some other sites.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
The ICT Association Suriname in collaboration with the Telecommunication Authority Suriname (TAS) presented a Cybersecurity awareness session for the members of the Chamber of Commerce. TAS presented the national response to IT incidents by explaining the implementation of the Computer Emergency Response Team (CERT).
Recommendations for policymakers to promote IoT (Internet of Things) innovation and deployment. Including topics such as spectrum, bandwidth, privacy, cyber security, etc
CDI Security Ltd is one of the leading Fibre Optic Installer in Birmingham. We are also an Expert in Access Control Systems, Wireless Links and cabling systems
In this presentation, we discuss the difference between public, private and hybrid cloud; the best practices to use cloud; how to optimise cost and the future of technology.
Emerging Technology Risk Series - Internet of Things (IoT)Eryk Budi Pratama
Presented at Indonesia Honeynet Project (IHP) meetup. This presentation covering:
1. Overview of Industry 4.0
2. IoT Security Model
3. How to Secure IoT
4. Research in IoT
Other emerging technology risk area that will be covered in my professional services:
1. Cloud
2. Mobile
3. Artificial Intelligence / Intelligent Automation
4. Data & Analytics
CDI Security Ltd is one of the leading Fibre Optic Installer in Birmingham. We are also an Expert in Access Control Systems, Wireless Links and cabling systems
Marcellus Buchheit (Wibu-Systems) and Terrence Barr (Electric Imp) talk about how to secure IIoT endpoints, why they are so vital to secure, and how the Industrial Internet Security Framework (IISF) can help. This talk was given during a webinar as part of the #IICSeries, a continuous series of webinars on the industrial internet hosted by the Industrial Internet Consortium.
Intrusion detection and prevention systems market is expected to grow $7.1 bi...DheerajPawar4
[175 Pages Report] Intrusion detection and prevention systems market categorizes the global market by solutions, services, type, deployment type, organization size, vertical & region.
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
With sensitive data residing everywhere, organizations becoming more mobile, and the breach epidemic growing, the need for advanced data privacy and security solutions has become even more critical. French regulators cited GDPR in fining Google $57 million and the U.K.'s Information Commissioner's Office is seeking a $230 million fine against British Airways and seeking $124 million from Marriott. Facebook is setting aside $3 billion to cover the costs of a privacy investigation launched by US regulators.
This session will take a practical approach to address guidance and standards from the Federal Financial Institutions Examination Council (FFIEC), EU GDPR, California CCPA, NIST Risk Management Framework, COBIT and the ISO 31000 Risk management Principles and Guidelines.
Learn how new data privacy and security techniques can help with compliance and data breaches, on-premises, and in public and private clouds.
Legal Risks of Operating in the World of Connected Technologies (Internet of ...Quarles & Brady
Program Overview:
What Your Company Needs to Understand to Stay Ahead of
the Competition
Companies are exponentially expanding their use and production of connected products and technologies. It is estimated that in 2021, 22.5 billion IoT devices will be shipped globally. With that growth comes a litany of legal challenges. We will discuss the scope of the IoT landscape and address some of the critical legal areas for companies using or selling IoT products, including:
Data privacy and security risks associated with use of IoT devices, The tension between engineering and marketing departments' desire to retain and mine IoT data and the legal risks of accessing, aggregating, and storing the data, Product liability and other legal issues arising from IoT devices on product liability claims, and the ever changing landscape of industry specific regulatory requirements.
Date Use Rules in Different Business Scenarios:It's All Contextual William Tanenbaum
All privacy is contextual. Like that, the legal rules for collecting, aggregating, sharing and protecting data, including through IP, are specific to the context. One size does not fit all.
Date Use Rules in Different Business Scenarios: It's All Contextual William Tanenbaum
Arent Fox LLP. Rules for data collection, aggregation, sharing, use and protection all depend on the business and legal context. One size does not fit all.
Date Use Rules in Different Business Scenarios: It's All Contextual William Tanenbaum
Arent Fox LLP. Collecting, sharing, aggregating and using data in different business models and scenarios are subject to different rules and depend on the specific context
Iot report federal trade commission_150127iotrptMarket Engel SAS
I publish this FTC report on IOT because i think that it's a good report and it has also been -- i think -- wrongly been seen as potentially bashing IOT potentials. See, for example, an article published yesterday "From www.theverge.com - February 15, 11:24 PM
'In the internet of things, the Federal Trade Commission sees the possibility of flourishing new markets. But it also sees a prologue to Black Mirror: in a new report that probes the privacy implications of connected devices, the commission surveys a landscape of possible dystopian futures. Get ready for invasive marketing, unending consumer surveillance, invisible nudging, and new potential for government spying and novel forms of hacking...'"
The FTC report is 55 page long, refers to workshops discussions that took place in nov 2013, and although the report stages pros and cons in a very articulated manner, the FTC applies to IOT the security & privacy guidelines and other 'good practices' that have been applied to internet-of-other-things, :-), so far. So, i think that we need to be super cautious about these discussions: Yes, the IOT generates challenges with which we may not yet be familiar with. But not really more. And let's remember that, unless we haven't learned about basic security risks, we are still in a position to say 'no' if the risks look bigger than the opportunities. Many say that 'privacy' -- as we've known it on the net 10 years ago -- is gone. Maybe. Things evolve. But at this stage, i think that no, IOT won't kill privacy. It might actually be the contrary. Let's think that, thx to IOT, i'll be more capable to change the way i work, live, pay and play online and offline. Let's say that, thx to IOT, my assurance level(s) against risks of -- for example -- ID theft and impersonation does rise. Let's believe that, thx to IOT, we just become more and better aware of what matters and does not,, so that we have the tools and the systems to better manage our environment. To make a long story short, let's just recall that IOT technology is just like any other technology: It is neutral. What is not neutral is its use. So, this is why i believe that there is, with IOT, more opportunities than risks to strengthen the privacy of our environment... provided that -- yes, i agree -- we (also) think IOT this way. My 2cts. fred.
FTC Internet of Things Report
The report includes the following recommendations for companies developing Internet of Things devices:
build security into devices at the outset, rather than as an afterthought in the design process;
train employees about the importance of security, and ensure that security is managed at an appropriate level in the organization;
ensure that when outside service providers are hired, that those providers are capable of maintaining reasonable security, and provide reasonable oversight of the providers;
when a security risk is identified, consider a “defense-in-depth” strategy whereby multiple layers of security may be used to defend against a particular risk;
consider measures to keep unauthorized users from accessing a consumer’s device, data, or personal information stored on the network;
monitor connected devices throughout their expected life cycle, and where feasible, provide security patches to cover known risks.
Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely
Multiple security regulations became effective across the globe in 2018, most notably the European Union’s General Data Protection Regulation (GDPR), and additional regulations are on their heels. The California Consumer Privacy Act, with its GDPR-like requirements, is just one of the regulations that requires planning and preparation today.
If you need to implement security policies for IBM i systems and data that will meet today’s compliance requirements and prepare you for those that are on the way, this webinar will help you get on the right track.
Anti Counterfeiting - Playing Roulette Or Chess?Ruth Thomson
An overview of the counterfeiting problem, the trends and the stakeholders. An insight into how to design an effective approach and the role of technology in the solution.
AIRESS is a portable, autonomous, easy-to-use, and economical medical device class IIb (Europe) to replace mouth-to-mouth resuscitation techniques, which are absolutely advised against by COVID-19. This medical device will remain very useful and necessary in the post-pandemic era because it improves cardiorespiratory resuscitation procedures. Using AIRESS, a unique rescuer can attend to a patient by focusing on providing cardiac massage to the patient.
AIRESS has an amazing market because is the right complement to a defibrillator (DEA). 300 units per 100K inhabitants is the ratio of DEAS deployed, for example, in Japan and US
Help us to save lives by improving cardiorespiratory resuscitation techniques forever.
Cristal clear concepts to sucessfully face energy transformation for a greener future.
Summary of the ideas exposed in the panel Transformation for a Greener Future at Smart Cities Summit and Expo at Taipei (Taiwán) on March, 20, 2024
David Steen presentation at Abat Oliba University about the evolution of the telecom technology and the telecom industry.
VII Society of Communications Technology Consultants International conference at Barcelona during MWC24
Slides of my presentation Healthcare digital transformation - How to lead it at the prestigious Official College of Physicians of Barcelona on May, 10th 2023
Healthcare digital transformation is a must worldwide. Learn the best practices to lead such a challenging process. Understand the key success factors.
The demographic changes and the lack of human resources, doctors, and nurses, only can be faced using digital technologies.
Agustin Argelich's presentation at Abat Oliba University in Barcelona about the 5+1 indicators of the methodology of the think tank Intelligent Community Forum to build prosperous societies.
Creative ideas to build prosperous, innovative, and resilient societies.
6 indicators: Technology, talent, innovation, sustainability, social awareness, continuous improvement, equity, leadership.
Watch the video of the event at: https://youtu.be/sye_pPsbm50
Innovation represents changing, therefore, difficulty. In consequence, a successful innovation needs brilliant leadership. Which are the 5 key factors to lead it successfully?
This is my presentation at Global Emerging Innovation Summit (EIS’22) Melbourne, Australia 29-31 August 2022
Digital transformation: what does it mean for Vietnam, and how to lead it to ...Agustin Argelich Casals
Given the social, sanitary, demographic, economic, and technological changes occurring worldwide, a community can only respond by innovating and efficiently using the right technology. We name this process Digital Transformation. Digital transformation allows a country to improve its citizens' quality of life very quickly. Let's see how.
But, innovation represents changing, therefore, difficulty. In consequence, a successful digital transformation needs brilliant leadership. Which are the best practices to lead it?
Agustin Argelich presentation at Barcelona World Jurist Association Congress in May 2016
The lemma of the congress was: Internet: Challenges to Peace and Freedom
The new role of Governments in deregulated telecom markets. Who is responsibl...Agustin Argelich Casals
Conference of Mr. Georges Mokhbat at 14th Diada de les Telecomunicacions de Catalunya
The new role of Governments in deregulated telecom markets. Who is responsible for “Digital Highways”
My conference at ICF 2021 Conference at Marple Ridge and Langley, British Columbia - Canada.
Digital infrastructures are key not only to survive a crisis but to fuel recovery and prosperity
COVID crisis confirms the strongness of ICF methodology
TEBIOM has launched a fundraising round for TBIOM a disruptive and much-needed project of an emergency ventilator ("resuscitator"). AIRESS is a portable, autonomous, easy to use, and economical medical device to replace mouth-to-mouth resuscitation techniques, absolutely advised against by COVID-19
AIRESS is a portable, autonomous, easy to use, and economical medical device to replace mouth-to-mouth resuscitation techniques, absolutely advised against by COVID-19.
Presentación de cuales son la razones por las que Taiwan ha gestionado con éxito en la crisis de Coronavirus con solo 440 infectados y 7 difuntos. Qué estrategia ha aplicado y en que se fundamenta su éxito.
X desayuno de economía y empresa de Societat Civil Catalana
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
An American Legal Perspective
1. How Digital Technology is Shaping
the Future of Humanity
An American Legal Perspective
MARTHA BUYER
MARCH 1, 2017
LAW OFFICES OF MARTHA BUYER, PLLC
WWW.MARTHABUYER.COM
1
5. Incredible convenience and efficiencies
create incredible vulnerabilities
Would you want your emails read?
What steps do you take to keep your private
information private?
5
8. In the U.S., 4 critical entities
NTIA – U. S. Department of Commerce
FTC – Federal Trade Commission
FCC – Federal Communications Commission
States
8
11. NTIA – U.S. Department of Commerce
Not a regulator
Multiple stakeholders process
Continuing open standards process
To continue to be a strong and active user of devices
to learn from the staff’s own experiences
11
13. FTC (con’t)
Same basic principles of software security apply to
IoT
Making sure that the right people are in charge and
actively managing security issues
Having a written plan in place
13
14. FTC (enforcement focus)
Conducting risk assessments and addressing the
identified risks
Oversight of service providers
A continuous process
The “reasonableness” in enforcement, not strict
liability
14
15. Quantifiable Harm
FTC’s pursuit of “deception” will continue
Industry-specific statutes will continue to be used in
enforcement
FTC will be looking at harm.
When there’s a failure of an IoT device, there can
be numerous harms
15
17. FCC
FCC’s privacy rules, which are scheduled to take effect this
Thursday, require broadband providers (ISPs) to keep
customer information confidential.
FCC’s vote gave consumers control, with mandated disclosure
and opt-in requirements for sensitive data, as well as data
security protections, he added.
17
19. Managing Increased Connectivity
A Legal Perspective
IoT has many new players who haven’t had to
consider security in the same way that other
information technology providers have.
19
20. 3 key challenges to managing IoT
devices
1. Ubiquitous data collection
2. Unexpected uses of consumer data
3. Heightened security risk, as devices can be easily
compromised.
20
21. Two categories of devices
Those with privacy implications
Those without privacy implications
21
22. IoT Device Management
Current operation
Ongoing maintenance and support
Knowledge about how IoT-generated
information is being shared, and with whom
22
23. One more thing…
Sometimes the information that’s being collected
becomes its own product with its own generated
income stream.
Whose information is it?
Who is benefiting from its sale?
23
24. Whose Responsibility is it?
Manufacturer
Seller/Distributor
Consumer
Software patches
Security updates
Ongoing maintenance
Knowledge of product life cycle
24
26. Every lawyer’s favorite question…
Where is the risk?
Risk in communications to and from
IoT device(s)
Risk to the integrity of the device
itself.
26
27. IoT Trivia
Large number of IoT devices with factory default
passwords that have never been changed
Personal devices
Industrial devices with broad reach
27
28. Cybersecurity Considerations
1. “Mature” manufacturers of newly connected
devices may have little, if any experience in
managing the collection, security and protection
of consumer data
28
29. Cybersecurity Considerations (con’t)
2. Challenge of the manufacturer and
distributor of getting the product to
market v. getting the product to market
safely
29
32. OK…one more consideration
Security failures are more likely to occur
when security is not a consideration
throughout the concept and design
processes
32
33. Data Minimization
The collection and retention of large amounts of data
increases the harms associated with a breach
Larger stores of data are more valuable to hackers
than are small ones
33
34. If the company collects and retains large
amounts of data, there is a risk that the data
will be used in a way that departs from
consumers’ reasonable expectations of how
that data will be used
34
35. Pre-IoT Purchase Questions
1. Does the hardware contain built-in safeguards?
a. What authentication tools exist?
2. Is a complete testing protocol in place?
a. The keyword here is “complete.”
3. How can security practices be communicated to customers, relevant regulators
and the public?
4. How often will the system be upgraded or patched? Is there a regular schedule
35
36. Regulation
Industry should regulate itself
Regulation stifles innovation
Industry is too young to be regulated
(yet)
Industry cannot regulate itself
36