The document discusses Internet of Things (IoT) and cybersecurity challenges in manufacturing. It provides an overview of the evolving threat landscape, including common hacking techniques like spearphishing and malware. The presentation emphasizes the importance of cyber hygiene practices for manufacturers such as updating software, using strong unique passwords, training employees on security basics, and not browsing as an administrator. It promotes attending an upcoming cybersecurity forum to learn more on topics that will help protect manufacturing organizations from emerging threats.
Designated IT security experts in Europe and Asia have been interviewed by RadarServices, the European market leader for managed security services, with regards to future IT security trends and challenges. They shared their views concerning the development of cyber attacks and security technologies until 2025.
The Cybersecurity Risk Management Framework Strategy for Defense Platform Systems course prepares command leadership to implement the National Institute of Standards and Technology’s (NIST) cybersecurity Risk Management Framework (RMF) from a Platform Information Technology (PIT) perspective.
This one-day workshop reviews the five functions of cybersecurity that leadership must consider when making decisions about program resources and requirements.
For Reference watch my YouTube Video - https://youtu.be/NqvNFwa0hQc
Hey Everyone!
This is my complete talk in a virtual conference for cybersecurity researchers that has been hosted by Bsides Maharashtra and thanks to them that they provided me an opportunity to share my thoughts and knowledge with passionate and budding cybersecurity researchers, Hackers, Bug Hunters, and geeks. My talk is all about the detailed explanation of AI in Cyber Security and this should be listened to by every Cyber Sec Person who wants to learn about How AI Can Help In Cyber Security. I have explained the most and every basic to advance information. So do give it a look and understand the concepts and share as much as you can. Thank you Bsides Maharashtra for inviting me. I am happy and excited to be a part of your event.
If you want to invite me for a webinar or conference connect
mail: hello@priyanshuratnakar.com or priyanshuratnakar@protonmail.com
vent details
Date - 25th to 27th November 2020
CTF
Workshop
Speaker session
website - https://bsidesmaharashtra.com/
Security BSides is a community-driven framework for building events by and for information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent BSides approved event for Delhi, India. We’re a volunteer organized event (we have no paid staff), and we truly strive to keep information accessible for everyone.
The idea behind the Security BSides Delhi is to organize an Information Security gathering where professionals, experts, researchers, and InfoSec enthusiasts come together to discuss. It creates opportunities for individuals to both presents and participates in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
Feel free to use the slide but give credit somewhere :)
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
The slideshare identifies the six steps to moving beyond cybersecurity to cyber resilience. Ensuring federal agencies maintain continuous operations while under persistent threat. Learn more: https://accntu.re/2Q2cdDj
Designated IT security experts in Europe and Asia have been interviewed by RadarServices, the European market leader for managed security services, with regards to future IT security trends and challenges. They shared their views concerning the development of cyber attacks and security technologies until 2025.
The Cybersecurity Risk Management Framework Strategy for Defense Platform Systems course prepares command leadership to implement the National Institute of Standards and Technology’s (NIST) cybersecurity Risk Management Framework (RMF) from a Platform Information Technology (PIT) perspective.
This one-day workshop reviews the five functions of cybersecurity that leadership must consider when making decisions about program resources and requirements.
For Reference watch my YouTube Video - https://youtu.be/NqvNFwa0hQc
Hey Everyone!
This is my complete talk in a virtual conference for cybersecurity researchers that has been hosted by Bsides Maharashtra and thanks to them that they provided me an opportunity to share my thoughts and knowledge with passionate and budding cybersecurity researchers, Hackers, Bug Hunters, and geeks. My talk is all about the detailed explanation of AI in Cyber Security and this should be listened to by every Cyber Sec Person who wants to learn about How AI Can Help In Cyber Security. I have explained the most and every basic to advance information. So do give it a look and understand the concepts and share as much as you can. Thank you Bsides Maharashtra for inviting me. I am happy and excited to be a part of your event.
If you want to invite me for a webinar or conference connect
mail: hello@priyanshuratnakar.com or priyanshuratnakar@protonmail.com
vent details
Date - 25th to 27th November 2020
CTF
Workshop
Speaker session
website - https://bsidesmaharashtra.com/
Security BSides is a community-driven framework for building events by and for information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent BSides approved event for Delhi, India. We’re a volunteer organized event (we have no paid staff), and we truly strive to keep information accessible for everyone.
The idea behind the Security BSides Delhi is to organize an Information Security gathering where professionals, experts, researchers, and InfoSec enthusiasts come together to discuss. It creates opportunities for individuals to both presents and participates in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
Feel free to use the slide but give credit somewhere :)
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
The slideshare identifies the six steps to moving beyond cybersecurity to cyber resilience. Ensuring federal agencies maintain continuous operations while under persistent threat. Learn more: https://accntu.re/2Q2cdDj
The Future of Security: How Artificial Intelligence Will Impact UsPECB
For decades, the security profession has relied on the best technology we had at the time to deflect the onslaught of what we faced daily in the way of virus and malware attacks. Now, as predicted by Thomas Kuhn in his book “The Structure of Scientific Revolutions, we’re seeing the dawn of a new day where AI’s machine learning and advanced mathematical algorithms now offer validated deflection rates, pre-execution, in the realm of 99%. This session will explore this new paradigm and how it will impact our future.
Main points covered:
• How did our profession change in the world of reactive detection?
• How to escape the inertia that held us, prisoners?
• What is the power of AI and machine learning?
• What are the risks of this new technology?
Presenter:
Our presenter for this webinar, John McClurg serves as Vice President and Ambassador-At-Large of Cylance, where he is responsible for building Security and Trust programs & operational excellence efforts. Prior to Cylance, he served as the CSO of Dell, Honeywell, and Lucent and in the U.S. Intelligence Community, as a twice-decorated member of the Federal Bureau of Investigation (FBI). He also served as a Deputy Branch Chief of CIA where he helped to establish the new Counterespionage Group and was responsible for the management of complex counterespionage investigations. McClurg was voted one of America’s 25 most influential security professionals.
Organizer: Ardian Berisha
Date: October 25th, 2018
Recorded webinar link:
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
This presentation explained the security controls and evolving threats that pertain in the market
at the moment through giving descriptive elaboration on today's security landscape. The
presentation further envelopes the key reasons why Cyber Security is imperative for
organizations today.
Happiest Minds Cyber Security Services:
http://www.happiestminds.com/cyber-security-services/
HD version: http://1drv.ms/1eR5OQf
This is my publication on how the integration of the TOGAF Enterprise Architecture framework, the SABSA Enterprise Security Architecture framework, and Information Governance discipline add up to a robust and successful Information Security Management Program.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
As a new CISO, you want to have an impact as quickly as possible - people will be watching and judging. But at the same time, you need to be practical about what's achievable in an organization that you're still getting to know. It's also important to consider the experience you bring to the role and how it applies - or doesn't - to your new job.
In this webinar, we'll discuss three fundamental differences you're likely to experience in your new job and offer recommendations on strategic activities you can focus on in your first 90 days. New CISOs will gain a framework for identifying these quick wins. Existing CISOs will get an opportunity to refresh and revitalize their security program.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Bill Campbell, IT Executive and Serial CISO
Are you a CIPP holder? (CIPP/US, CIPP/C, CIPP/E, CIPP/G and CIPP/IT) Attend this webinar for CPE credit.
An introductory overview of cybersecurity covering technical and non-technical aspects of cybersecurity.
We define what is cybersecurity, we talk about risks and impacts of a cybersecurity breach and present means to avoid it both in term of regulations (Common criteria, FIPS, ...). We continue with technology and some cryptography and we finish by some fact numbers.
The views / opinions / assumptions expressed in this presentation/resource is for educational & research purposes only. Do not attempt to violate the law with anything contained here. Neither the author of this material, nor anyone else affiliated in any way, is liable for your actions.
The purpose of this presentation is to share what is happening in cyber and what is possible...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Tools" gives an introduction to the various tools used in the industry for the purpose of cybersecurity. You get to know different kinds of security tools in today's IT world and how they protect us against cyber threats/attacks. The following tools are discussed in this tutorial:
- BluVector
- Bricata
- Cloud Defender
- Contrast Security
- Digital Guardian
- Intellicta
- Mantix4
- SecBI
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
The Future of Security: How Artificial Intelligence Will Impact UsPECB
For decades, the security profession has relied on the best technology we had at the time to deflect the onslaught of what we faced daily in the way of virus and malware attacks. Now, as predicted by Thomas Kuhn in his book “The Structure of Scientific Revolutions, we’re seeing the dawn of a new day where AI’s machine learning and advanced mathematical algorithms now offer validated deflection rates, pre-execution, in the realm of 99%. This session will explore this new paradigm and how it will impact our future.
Main points covered:
• How did our profession change in the world of reactive detection?
• How to escape the inertia that held us, prisoners?
• What is the power of AI and machine learning?
• What are the risks of this new technology?
Presenter:
Our presenter for this webinar, John McClurg serves as Vice President and Ambassador-At-Large of Cylance, where he is responsible for building Security and Trust programs & operational excellence efforts. Prior to Cylance, he served as the CSO of Dell, Honeywell, and Lucent and in the U.S. Intelligence Community, as a twice-decorated member of the Federal Bureau of Investigation (FBI). He also served as a Deputy Branch Chief of CIA where he helped to establish the new Counterespionage Group and was responsible for the management of complex counterespionage investigations. McClurg was voted one of America’s 25 most influential security professionals.
Organizer: Ardian Berisha
Date: October 25th, 2018
Recorded webinar link:
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
This presentation explained the security controls and evolving threats that pertain in the market
at the moment through giving descriptive elaboration on today's security landscape. The
presentation further envelopes the key reasons why Cyber Security is imperative for
organizations today.
Happiest Minds Cyber Security Services:
http://www.happiestminds.com/cyber-security-services/
HD version: http://1drv.ms/1eR5OQf
This is my publication on how the integration of the TOGAF Enterprise Architecture framework, the SABSA Enterprise Security Architecture framework, and Information Governance discipline add up to a robust and successful Information Security Management Program.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
As a new CISO, you want to have an impact as quickly as possible - people will be watching and judging. But at the same time, you need to be practical about what's achievable in an organization that you're still getting to know. It's also important to consider the experience you bring to the role and how it applies - or doesn't - to your new job.
In this webinar, we'll discuss three fundamental differences you're likely to experience in your new job and offer recommendations on strategic activities you can focus on in your first 90 days. New CISOs will gain a framework for identifying these quick wins. Existing CISOs will get an opportunity to refresh and revitalize their security program.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Bill Campbell, IT Executive and Serial CISO
Are you a CIPP holder? (CIPP/US, CIPP/C, CIPP/E, CIPP/G and CIPP/IT) Attend this webinar for CPE credit.
An introductory overview of cybersecurity covering technical and non-technical aspects of cybersecurity.
We define what is cybersecurity, we talk about risks and impacts of a cybersecurity breach and present means to avoid it both in term of regulations (Common criteria, FIPS, ...). We continue with technology and some cryptography and we finish by some fact numbers.
The views / opinions / assumptions expressed in this presentation/resource is for educational & research purposes only. Do not attempt to violate the law with anything contained here. Neither the author of this material, nor anyone else affiliated in any way, is liable for your actions.
The purpose of this presentation is to share what is happening in cyber and what is possible...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Tools" gives an introduction to the various tools used in the industry for the purpose of cybersecurity. You get to know different kinds of security tools in today's IT world and how they protect us against cyber threats/attacks. The following tools are discussed in this tutorial:
- BluVector
- Bricata
- Cloud Defender
- Contrast Security
- Digital Guardian
- Intellicta
- Mantix4
- SecBI
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Etude sur le marché de la cyber sécurité (2011) PwC France
L’étude « Cyber Security M&A » analyse les opérations de fusions-acquisitions sur le marché de la cyber sécurité, comprenant toutes les entreprises qui fournissent des produits et/ou services pour des applications offensives comme défensives, dans les secteurs industriel, IT et télécom. Les informations utilisées, issues de Thomson Fianncial, analysent les transactions entre le 1er janvier 2008 et le 30 juin 2011.
Retrouvez toutes nos publications : http://www.pwc.fr/publications
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Schneider Electric
As presented at AIST 2014: The proliferation of cyber threats and recent facts have prompted asset owners in industrial environments to search for security solutions that can protect plant assets and prevent potentially significant monetary loss and safety issues
While some industries have made progress in reducing the risk of cyber attacks, the barriers to improving cybersecurity remain high. More open architectures and different networks exchanging data among different levels have made systems more vulnerable to attack.
With the increased use of commercial off-the-shelf IT solutions in industrial environments, control system integrity started to be vulnerable to malware originally targeted for commercial applications and already opened a new world of new threats dedicated for control systems.
The objective of this presentation is to describe a multi-layered Defense-in-Depth approach through a holistic, step-by-step plan to mitigate risk.
MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ...Maurice Dawson
Mobile devices are becoming a method to provide an efficient and convenient way to access, find and share information; however, the availability of this information has caused an increase in cyber attacks. Currently, cyber threats range from Trojans and viruses to botnets and toolkits. Presently, 96% of mobile devices do not have preinstalled security software while approximately 65% of the vulnerabilities are found within the application layer. This lack in security and policy driven systems is an opportunityfor malicious cyber attackers to hack into the various popular devices. Traditional security software found in desktop computing platforms, such as firewalls, antivirus, and encryption, is widely used by the general public in mobile devices. Moreover, mobile devices are even more vulnerable than personal desktop computers because more people are using mobile devices to do personal tasks. This review attempts to display the importance of developing a national security policy created for mobile devices in order to protect sensitive and confidential data. Results of this review provide methods to address security related issues in mobile devices.
In today’s threat landscape, cyber security isn't just an enterprise concern, nor is it entirely a government concern. To learn what that stance is and what security challenges government agencies are facing, we spoke to retired US Air Force Colonel Cedric Leighton.
In the new world of connected healthcare, medical device manufacturers are challenged with cybersecurity issues to comply with the new FDA regulations. We examine the 5 domain areas of cybersecurity which apply to IoT HealthCare Vendors/ Providers.
Digital Manufacturing and Design Innovation InstituteControlEng
Announced earlier this year, the Digital Manufacturing and Design Innovation Institute (DMDII) is a Chicago-based manufacturing hub that will bring together public, educational and private interests to accelerate innovation and reduce development time and costs. Learn how all manufacturing will benefit from the research and development based at this digital lab.
Cyber Security Threats to Industrial Control SystemsDavid Spinks
Every day we are hearing in the media of potential Cyber Security threats to Critical National Infrastructure such as power grids, airlines and nuclear power stations. David has spent over 40 years working in the ICS environments. He was invited to speak in London at the British Computer Society cyber event these are the slides.
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
With sensitive data residing everywhere, organizations becoming more mobile, and the breach epidemic growing, the need for advanced data privacy and security solutions has become even more critical. French regulators cited GDPR in fining Google $57 million and the U.K.'s Information Commissioner's Office is seeking a $230 million fine against British Airways and seeking $124 million from Marriott. Facebook is setting aside $3 billion to cover the costs of a privacy investigation launched by US regulators.
This session will take a practical approach to address guidance and standards from the Federal Financial Institutions Examination Council (FFIEC), EU GDPR, California CCPA, NIST Risk Management Framework, COBIT and the ISO 31000 Risk management Principles and Guidelines.
Learn how new data privacy and security techniques can help with compliance and data breaches, on-premises, and in public and private clouds.
This presentation discusses the massive increases in cyber threats and the best ways to keep your data safe. Through this presentation, you will learn the best practices for implementing and testing a data security program.
Practical risk management for the multi cloudUlf Mattsson
This session will take a practical approach to IT risk management and discuss multi cloud, Verizon Data Breach Investigations Report (DBIR) and how Enterprises are losing ground in the fight against persistent cyber-attacks. We simply cannot catch the bad guys until it is too late. This picture is not improving. Verizon reports concluded that less than 14% of breaches are detected by internal monitoring tools.
We will review the JP Morgan Chase data breach were hackers were in the bank’s network for months undetected. Network configuration errors are inevitable, even at the largest banks as Capital One that recently had a data breach where a hacker gained access to 100 million credit card applications and accounts.
Viewers will also learn about:
- Macro trends in Cloud security and Micro trends in Cloud security
- Risks from Quantum Computing and when we should move to alternate forms of encryption
- Review “Kill Chains” from Lockhead Martin in relation to APT and DDoS Attacks
- Risk Management methods from ISACA and other organizations
Speaker: Ulf Mattsson, Head of Innovation, TokenEx
Cybersecurity and continuous intelligenceNISIInstituut
Welcome to the cybersecurity & continuous intelligence knowledge slidedeck of NISI (Nederlands Instituut voor de Software Industrie).
Cybersecurity & Continuous Intelligence is a broad topic, covering rules & regulation, internet, cyberwar, software, machine learning and society & trust.
This slidedeck offers you a more in-depth view of this exciting area.
Please contact us directly for more information via email info@nisi.nl or the contact on form on nisi.nl.
Nederlands Instituut voor de Software Industrie
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
The ICT Association Suriname in collaboration with the Telecommunication Authority Suriname (TAS) presented a Cybersecurity awareness session for the members of the Chamber of Commerce. TAS presented the national response to IT incidents by explaining the implementation of the Computer Emergency Response Team (CERT).
Presentation by Larry Clinton, President of the Internet Security Alliance (ISA) to the 66th Annual Fowler Seminar on Oct 12 2012 titled Evolution of the Cyber Threat - A Unified Systems Approach.
Welcome to the world of Internet of Things wherein a glut of devices are connected to the internet which emanates massive amounts of data. But we have many hoops to jump before we can claim that crown starting with a huge number of devices lacking unified platform with serious issues of security standards threating the very progress of IoT.
Symantec 2011 State of Security Survey Global FindingsSymantec
Symantec’s 2011 State of Security Survey explores the state of cybersecurity efforts in organizations of all sizes. For the second year in a row, IT said security is the leading business risk they face, ahead of traditional crime, natural disasters and terrorism. However, organizations are getting better at fighting the war against cybersecurity threats. While the majority of respondents suffered damages as a result of cyberattacks, more respondents reported a decline in the number and frequency of attacks compared to 2010.
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
Main points covered:
• Understanding the inverted economics of cyber security, the incentives for cyber crime and its effect on the growing threat
• Inefficiencies with the traditional approaches to cyber risk assessment and why we are not making more progress in enhancing cyber defenses
• Resetting roles and responsibilities regarding cyber security within organizations
• Developing empirical, cost-effective cyber risk assessments to meet the evolving threat
Our presenter for this webinar is Larry Clinton, the president of the Internet Security Alliance (ISA), a multi-sector association focused on Cybersecurity thought leadership, policy advocacy, and best practices. Mr. Clinton advises both industry and governments around the world. He has twice been listed on the Corporate 100 list of the most influential people in corporate governance. He is the author of The Cyber Risk Handbook for Corporate Boards. PWC has found the use of this Handbook improves cyber budgeting, cyber risk management and helps create a culture of security. The Handbook has been published in the US, Germany, the UK and Latin America. He is currently working on a version for the European Conference of Directors Associations as well as versions for Japan and India. Mr. Clinton also leads ISA, public policy work built around their publication “The Cyber Security Social Contract” which the NATO Center of Cyber Excellence in Estonia asked for a briefing on.
Recorded Webinar: https://www.youtube.com/watch?v=8qVtoqi37X8
Cyber crimes are on the rise and especially prevalent during the global pandemic where hackers leverage the vulnerabilities of organisations for new opportunities through technology.
Hospitals, for instance, are more likely to pay ransoms to restore access to their servers. Similarly, criminals may believe that corporations grappling with economic turmoil or logistical crises will be similarly easy to manipulate.
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
As the need for facility equipment and asset data grows, serious cybersecurity risk are revealed, including inadequate security architecture, lack of process and controls the use of contractors and vendors. We need to be able to to identify risks and develop mitigation strategy. This presentation will provide insights, answers and tips. It will identify the value of IT/OT integration in solving facilities cybersecurity threats.
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
With the exponential growth of data generation and collection stemming from new business models fueled by Big Data, cloud computing and the Internet of Things, we are potentially creating a cybercriminal's paradise where there are more opportunities than ever for that data to end up in the wrong hands. The biggest challenge in this interconnected world is merging data security with data value and productivity. If we are to realize the benefits promised by these new ways of doing business, we urgently need a data-centric strategy to protect the sensitive data flowing through these digital business systems. In this webinar, Ulf Mattsson explores these issues and provides solutions to bring together data insight and security to safely unlock the power of digital business.
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
With 2015 cybersecurity themes and realities nearly in the rearview mirror, “Cybersecurity – Securing your 2016 Audit Plan” will shift our outlook to looking forward into what cybersecurity predictions are being made for 2016, and what key topics and themes will drive 2016 audit planning in the cybersecurity area.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Cyber Security in Manufacturing
1. Internet of Things &
Cybersecurity In
Manufacturing
Northwest State Community College
Manufacturing Consortium
Thursday, April 28, 2016
1
2. Education
AA – Tiffin University
BA – Ohio Northern University
MA – Bowling Green State University
MA – George Washington University
Experience
Principal Founder, President & Chairman - CentraComm
CEO - Aardvark Inc.
Lynn R. Child
2
3. Education
AA, BA, BS, MBA – University of Findlay
DIA – University of Fairfax (In Progress)
Security Professional Certificate – National Defense University &
University of Fairfax
Certified Information Security Professional
Certified Six Sigma Blackbelt
Developed and taught first Information Security class in 1999
Co-designed Information Assurance Major at the University of
Findlay
Network & Security Architect – Fortune 1000 Global Manufacturer
Experience
Loren W. Wagner
Certifications
3
4. Agenda
• History
• Today’s Environment
• Hacker’s Exploits
• Security Overview In Manufacturing
• Challenges and Changing Expectations
• The Threat Landscape
• Cyber Hygiene: 8 Tips To Follow
• Invitation to the 15th Annual IA Forum
4
14. GE CEO Jeff Immelt on Industrial Internet
•In a best-case scenario, "predictive" analytics translates
into better products, better sales, happier customers,
better service agreements, and better company profits.
•General Electric is rolling out a suite of Industrial
Internet tools for locomotive haulers to improve
efficiency. By GE's calculation, even a 1% gain could
translate into $2.8 billion in savings annually.
14
16. Rank Country Devices online Relative size
1 South Korea 37.9
2 Denmark 32.7
3 Switzerland 29.0
4 United States 24.9
5 Netherlands 24.7
6 Germany 22.4
7 Sweden 21.9
8 Spain 19.9
9 France 17.6
10 Portugal 16.2
11 Belgium 15.6
12 United Kingdom 13.0
13 Canada 11.6
14 Italy 10.2
15 Brazil 9.2
16 Japan 8.2
17 Australia 7.9
18 Mexico 6.8
19 Poland 6.3
20 China 6.2
21 Colombia 6.1
22 Russia 4.9
23 Turkey 2.3
24 India 0.6
16
Connected Society:
*Organisation_for_Economic_Co-operation_and_Development
Over 75 Billion
Connected
Devices by 2020!
List of countries by IoT devices online per 100 inhabitants
as published by the OECD* in 2015.
18. MIT coins the term “Hackers” related
to people who were typing up the
phone lines.
1983
The movie War Games is released and depicts a
young hacker nearly starting WWIII by accessing a
military supercomputer.
18
1963
19. 1995
The web takes off and famous hacker Kevin
Mitnick steals 20,000 credit card numbers leading
to a fear of e-commerce. Later caught by the FBI
by utilizing a “White Hacker”.
2006
Julian Assange becomes the new face of
hacking.
19
20. 2011
CIA, PBS, Gmail, the U.S.
Senate all are hacked.
Anonymous rises up as a
underground hacktivist
community. Year was coined
“The Year of the Hack.”
20
21. 21
2013
And then there was Edward
Snowden…the computer analyst
whistleblower who provided the
Guardian with top-secret NSA
documents leading to revelations about
US surveillance on phone and internet
communications.
22. 2014
A record 1 billion records were
compromised. Becomes the new “Year of
the Breach.”
Sony Entertainment Pictures Hacked.
22
24. 2016
Identity Theft Resource Center
(ITRC) indicates that there has been
a total of 155 data breaches recorded
through March 15. More than 4.3
million records have been exposed
since the beginning of the year.
24
26. Cybersecurity for Advanced
Manufacturing
• A broad cross section of contributors:
• National Institute of Standards & Technology
• Cisco
• Lockheed Martin
• Rockwell Automation
• Virginia Tech
• Boeing
• International Society of Automation
• Department of Defense
• The Langer Group
• Exxon Mobile
26
National Defense Industrial Association’s Manufacturing Division and Cyber Division
27. Cybersecurity for Advanced
Manufacturing
•Key findings:
•The threat is real and manufacturing companies are
targets
• Factory floor systems are a weak link in
safeguarding technical information
• Small Business manufacturers are not well
equipped to manage the risks
27
28. The Threat is Real and Manufacturing Companies
are Targets
• Motivations may be:
•Espionage
•Financial gain
•Disruption
•In an effort to compromise data
•Confidentiality
•Integrity
•Availability
28
CIA Triad
29. The Threat is Real…
•Confidentiality: Theft of technical data, including
critical national security information and valuable
commercial intellectual property.
•Integrity: Alteration of data, thereby altering
processes and products.
•Availability: Impairment or denial of process control,
thereby damaging or shutting down operations.
29
31. What’s Changed - Past
• ICS are long-lived lived investments
• 15+ year life cycle
• Discrete operating systems and network protocols
• Air gap
• Autonomous & proprietary
• Little tolerance for down time
• Real-time operation
• Critical safety implications
• System availability precedence over confidentiality
• Speed, functionality, reliability and safety
• Weak privilege management/access controls
31
34. What’s Changed - Present
• Competitive pressures driving the integration and
analysis of “big data”
• Converging information systems, engineering
information systems and manufacturing systems across
the supply chain.
• Organizations need to respond quickly to market
changes
• Executives need timely and accurate information
• Production control systems – ICS – must feed this
information to the decision makers as soon as possible
• A distinct trend toward integration of IT and OT systems 34
37. What Has Changed - Future
• Integration of IT and OT
• Additional complexity
• Internet of Things
• Industrial Internet of Things
• Greater emphasis on ICS security practices
• Support for NIST Framework
• Cyber Security Framework for Critical
Infrastructure Protection
• Developing into a de facto standard?
37
42. Top Technology Challenges
• Top 5 Concerns*
• Emerging technologies & infrastructure changes
• Transformation, innovation, disruption
• IT security & privacy/cyber security
• Resource/staffing/skills challenges
• Infrastructure management
• Cloud computing/virtualization
*ISACA & Protivity 5th Annual IT Audit Benchmarking Survey with 1230 global participants
42
43. Regulatory Environment
•Security and Exchange Commission
• Risk Alert issued by the Office of Compliance Inspections
and Examinations September 2015. The alert was a result
of investigations of financial institutions but lays out what
the expectations would be when investigating a data
breach.
•Federal Trade Commission
• "It is not only appropriate, but critical, that the FTC has
the ability to take action on behalf of consumers when
companies fail to take reasonable steps to secure
sensitive consumer information” - FTC Chairwoman Edith
Ramirez
43
44. Advisors & Consultants
•National Association of Corporate Directors
• Cited benefits of a common cyber risk management language, so
that more efficient and precise discussions can be held up, down,
and across a company's management structure, with auditors,
and with supply chain partners.
•PricewaterhouseCoopers (PwC)
• Corporate officers and boards may have a fiduciary obligation to
comply with the guidelines (NIST CSF) and demonstrate due are
44
45. Legal Environment
• A U.S. appeals court
• Said the Federal Trade Commission has authority to regulate
corporate cyber security, and may pursue a lawsuit accusing
hotel operator Wyndham Worldwide Corp of failing to
properly safeguard consumers' information.
• Bloomberg BNA
• Cybersecurity today is not merely the responsibility of a
company’s IT group. As with any critical function within an
organization, governance over and management of
cybersecurity is an essential “best practice.” Good
governance not only helps companies make appropriate
strategic cybersecurity decisions, but studies have shown it
reduces the cost of a cyberattack.
45
46. Insurance
• Rationalizing Risk
• Insurance companies and other industry leaders
are pushing hard to make the NIST CFS more
pervasive. Companies like AIG, Apple, and Visa are
already onboard.
• The NIST CSF opens the door for the insurance
industry to capture, measure, and share risk
metrics, which could go a long way toward policy
underwriting and consistent premiums.
46
NIST CSF = National Institute of Standards & Technology Cyber Security Framework
47. Business Partners Expectations
• “The breach at Target Corp. that exposed credit card and PII
data on more than 70MM consumers began with a malware-
laced phishing attack sent to a third party vendor”
KrebsOnSecurity
• “PCI 3.0, HIPAA Omnibus, OCC, CFPB, FFIEC and the Federal
Reserve have changed the way organizations in many
industries need to think about IT & data supply chain risk
management”
• "If not managed effectively, the use of service providers may
expose financial institutions to regulatory action, financial
loss, litigation, and loss of reputation.“ Federal Reserve
47
49. Security Vulnerabilities
Recent studies show:
• As many as 85% of targeted attacks are preventable
• That 83.6% of vulnerabilities in ‘All’ products, and 84.6% of
vulnerabilities in products in the Top 50 portfolio have a
patch available on the day of disclosure
• In 2014, 76.9% of the vulnerabilities affecting the Top 50
applications affected non-Microsoft applications, such as
• Third-party programs, including Oracle Corp.'s Java and
Adobe Systems Inc.'s Flash and Reader applications
49
50. Be Aware of the Most Prevalent Tactics to “Hack”
Information
Spearfishing: An e-mail spoofing
fraud attempt that targets a
specific organization, seeking
unauthorized access to
confidential data. …conducted by
perpetrators out for financial gain,
trade secrets or military
information. Example of Social
Engineering.
50
51. Spearphishing Example: Business Email
Compromise Scam (BEC) or CEO Scam
•FBI states that there were over
17,000 reports from victims all over
the world from October of 2013 to
February of this year, accounting for
over $2.3 billion in losses for affected
companies.
51
54. Be Aware of Other Prevalent Forms of Hacks
Malware
•Malicious software that interferes with
normal computer functions or sends
personal data about the user to
unauthorized parties over the Internet
or gains access to private computer
systems. Includes viruses, worms, Trojan
horses, etc.
54
55. Some Common and Prevalent Malware Includes:
•SpyWare – secretly gathers information about a
person or organization. Can take partial or full
control of computer without knowledge of user.
•AdWare – automatically renders advertisements
in order to generate revenue for its author. Pop-
ups are an example.
•RamsonWare – restricts access to your
computer system and demands a ransom be
paid to the creator of the malware in order for
the restriction to be removed. Forms include:
encrypted files, lock system/display message to
pay…
55
59. Malware/Spyware/RansomWare What To Do
• Do Not Click upon any Links within an SMS Message or Email
Message
• Do Not Download any Software from an Email Link
• Do Not Click upon any Links or Forwards within Social Media
• Go to the Authorized Marketplace for 3rd-party Applications
and Downloads
• Pay Particular Attention to Popular Game Applications – Hotbed
for Hackers
• Do Research with Trusted Names, i.e., Gartner, Information
Week, TechTarget, etc.
61. Tip #1: Think Before You Click
•As stated previously, beware of links and
downloads within:
•Email
•Web
•Text Message
•Social Media
•Other
61
62. Tip #2: Go to Authorized Marketplace for Downloads
62
• Marketplaces include:
• Apple
• Droid
• Google
• AWS
• Azure
• Other
63. Tip #3: Update/Patch Software Upon All Devices
•Device updates/patches are new instructions your
computer can use to communicate with devices
that are attached, like printers, sound systems, or
cameras. Often device patches are written to fix
known problems, add new functionality, increase
the performance of the attached device, or fix
security holes
•Examples: Adobe Reader, Java Script, Microsoft
Operating System, Anti-Virus, etc.
64. Tip #4: Practice Password Management
• Password manager software is used by individuals to
organize and encrypt many personal passwords. This is also
referred to as a password wallet.
• Rule of thumb: Use “Strong Passwords”
• Upper case letters
• Lower case letters
• Number
• Symbol
• Longer Passwords are Safer
• Change Regularly
Examples
Get2NoUWell#
TriKnot2Cry@Work
Ate4hotDogs!
Tks4$2Eat
65. Tip #5: Change Default Passwords
65
Systems and Software generate general passwords
that allow companies to enter a system or
software with the requirement that these
passwords should be changed upon receipt.
Often, companies do not actually take the time to
do this. Major concern as hackers know these
basic passwords and can easily exploit these
systems and/or software.
66. Tip #6: Create Dedicated Email
Accounts
•Establish “Specialized Accounts” that You Use
For:
•Online purchases
•Responding to inquiries
•Taking surveys
•Personal use
•Business use
•Other
67. Tip #7: Consider End-User Security
Training
67
•In-House Training
•Consulting
•Online Training
•Hybrid Training
68. Tip #8: Don’t Surf With Administrator Accounts
•Use a normal user account to log onto your
computer
•Administrator rights allow privileged access,
which allows malware to install programs or
make unauthorized changes to your
computer
68
69. 8 Security Tips for Manufacturing & You
Go to Authorized Marketplace for Downloads
Update/Patch Software Upon your Devices
Practice Password Management
Change Default Passwords
Create Separate Email Accounts
69
70. Security Tips for Your Associates & You
Consider End-User Security Training
Don’t Surf With Administrator Accounts
Think Before You Click
If It Feels Wrong, It Probably Is!
70
71. A Challenge to Your Manufacturing Associates & You
Prepare your Manufacturing Associates for the Reality of a Connected Society:
- Read and Research Continuously
- Utilize Case Studies
- Utilize Table Top Exercises
- Seek Out Industry Speakers
- Attend Relevant Events and Webinars
- Be Willing to Watch, Learn, & Listen from Each Other!
71
73. • 2016 TIC Business Survey Results
• End-User Security Training
• Social Engineering Pitfalls
• Social Media Do’s & Don’ts
• System Settings: Going Back to Basics
• Cloud Security/Mobile BYOD – Microsoft:
Office 365, Azure, & Security
• Student Company & Internship
Interaction
• Interactive Q & A Throughout the Day
2016 Information Assurance
Forum Topics
73
74. Registration Opens August 1
www.IAForum.net
$35 Chamber Members | $45 Non-Chamber Members | $10 Students
Breakfast and Lunch Provided
Wednesday October 26th 8:45 am – 5:00 pm
Winebrenner Auditorium, Winebrenner Seminary
The University of Findlay Campus
950 North Main Street, Findlay, OH 45840
74
75. Presentation References & Other Resources
Connected Society/Internet of Things:
https://en.wikipedia.org/wiki/Internet _of_Things
The Horizon Report-2015 Higher Education (Emerging Technologies):
http://www.ictliteracy.info/rf.pdf/Horizon-report-2015.pdf
Over 75 Billion Devices Connected by 2020:
http://www.businessinsider.com/75-billion-devices-will-be-connected-to-
the-internet-by-2020-2013-10
World’s Biggest Data Breaches:
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-
breaches-hacks/
Jeep Car Gets Hacked: http://www.wired.com/2015/07/hackers-remotely-
kill-jeep-highway
Spearfishing: http://searchsecurity.techtarget.com/definition/spear-phishing
75
76. MalWare: http://whatis.techtarget.com/glossary/Malware
GrrCon Security Summit & Hacker Conference: http://grrcon.com
IAForum.net: http://IAForum.net
Why the Internet of Things is Big Business:
http://harvardmagazine.com/2015/07/why-the-internet-of-things-is-big-
business
NIST Cybersecurity Framework: http://www.nist.gov/cyberframework/
Online Trust Alliance: https://otalliance.org/initiatives/internet-things
End-User Security Training: http://www.KnowBe4.com
Societal Impact of a Connected Life Over the Next 5 Years:
http://www.gsma.com/connectedliving/wp-
content/uploads/2013/02/GSMA-Connected-Life-PwC_Feb-2013.pdf
Behind GE's Vision For The Industrial Internet Of Things:
http://www.fastcompany.com/3031272/can-jeff-immelt-really-make-the-
world-1-better 76
Presentation References & Other Resources
77. Top IT Trends in 2015: http://www.entrepreneur.com.ph/technology/top-
it-trends-for-businesses-in-2015-and-how-to-prepare-for-those?ref=tag
IoT in Manufacturing:
http://4dm7pi3anfms2bn7sk7u16h1.wpengine.netdna-cdn.com/wp-
content/uploads/2015/02/Internet-Of-Things-Manufacturing.jpg
RIPE - Robust Industrial Control Systems Planning and Evaluation:
http://www.langner.com/en/wp-content/uploads/2014/10/A-RIPE-
Implementation-of-the-NIST-CSF.pdf
CYBERSECURITY FOR ADVANCED MANUFACTURING:
http://www.ise.vt.edu/ResearchFacilities/Centers/CenterPages/CPSSMFG/f
iles/cyber_security_AM.pdf
The Internet of Things Will Make Manufacturing Smarter:
http://www.industryweek.com/manufacturing-smarter?page=2
77
Presentation References & Other Resources
78. Cybersecurity and Privacy in 2015: http://www.bna.com/
cybersecurity-privacy-2015-m17179934502/
The State of Cyber Insurance:
http://www.networkworld.com/article/3005213/security/the-state-of-cyber-
insurance.html
Improving Third Party Risk Management with Cyber Threat Intelligence:
http://www.isaca.org/chapters11/Western-New-
York/Events/Documents/2015-April/CT02-3RD-Party-Cybersecurity-
NMenz.pdf
FBI reminds companies to watch out for business email compromise scams:
https://www.consumeraffairs.com/news/
fbi-reminds-companies-to-watch-out-for-business-email-compromise-scams-
040816.html
78
Presentation References & Other Resources
79. Thank you for the Honor & Privilege of
Sharing Information Regarding
“IoT & Manufacturing”
Lynn R. Child, President & Chairman, CentraComm
www.CentraComm.net
Direct: 419-421-1284 | Lchild@CentraComm.net
Loren W. Wagner, Information Assurance Professional
Adjunct Senior Lecturer, University of FIndlay
Cell: 419-722-2990 | Wagner@Findlay.edu
Find this presentation at: http://www.slideshare.net/CentraComm/ 79