Data Science at Roche: From Exploration to Productionization - Frank BlockRising Media Ltd.
The excitement about the potential opportunities for leveraging data by means of advanced analytics is huge. But, the honeymoon between business and data science is over. Stakeholders want to see value generation from data science. At Roche Diagnostics the Data Science Lab was created. Its mission is to explore business opportunities for data science across the company and to deliver productive, algorithm based systems that create impact. In his keynote, Frank presented some examples of data science initiatives going from data exploration over predictive modelling to productionization. Some of the challenges encountered were addressed as well as the learnings.
We live in times of lightning-quick change. Cloud is now the engine of digital transformation, and digitization is transforming both business models and personal lifestyles. Companies have to adapt fast to seize the opportunities and meet new challenges.
PTC Kepware Delivers Industrial Data to Microsoft AzurePTC
Industrial IoT Solutions from Kepware Seamlessly Integrate with Microsoft Azure with the Help of OPC UA and MQTT Protocols
NEEDHAM, Mass. – May 4, 2017 –– PTC (NASDAQ: PTC) today announced that its Kepware® industrial connectivity software now integrates with Microsoft Azure. Utilizing open-source, standards-based communications, Kepware’s KEPServerEX® software moves data between industrial controls devices and the Azure cloud platform – allowing organizations to more effectively connect, monitor, and manage Internet of Things (IoT) assets across complex industrial environments.
A talk from the Life Track at AWE USA 2018 - the World's #1 XR Conference & Expo in Santa Clara, California May 30- June 1, 2018.
Cleveland Brown (Payscout): Payments in VR
A look at frictionless payment technologies for Virtual Reality.
http://AugmentedWorldExpo.com
Data Science at Roche: From Exploration to Productionization - Frank BlockRising Media Ltd.
The excitement about the potential opportunities for leveraging data by means of advanced analytics is huge. But, the honeymoon between business and data science is over. Stakeholders want to see value generation from data science. At Roche Diagnostics the Data Science Lab was created. Its mission is to explore business opportunities for data science across the company and to deliver productive, algorithm based systems that create impact. In his keynote, Frank presented some examples of data science initiatives going from data exploration over predictive modelling to productionization. Some of the challenges encountered were addressed as well as the learnings.
We live in times of lightning-quick change. Cloud is now the engine of digital transformation, and digitization is transforming both business models and personal lifestyles. Companies have to adapt fast to seize the opportunities and meet new challenges.
PTC Kepware Delivers Industrial Data to Microsoft AzurePTC
Industrial IoT Solutions from Kepware Seamlessly Integrate with Microsoft Azure with the Help of OPC UA and MQTT Protocols
NEEDHAM, Mass. – May 4, 2017 –– PTC (NASDAQ: PTC) today announced that its Kepware® industrial connectivity software now integrates with Microsoft Azure. Utilizing open-source, standards-based communications, Kepware’s KEPServerEX® software moves data between industrial controls devices and the Azure cloud platform – allowing organizations to more effectively connect, monitor, and manage Internet of Things (IoT) assets across complex industrial environments.
A talk from the Life Track at AWE USA 2018 - the World's #1 XR Conference & Expo in Santa Clara, California May 30- June 1, 2018.
Cleveland Brown (Payscout): Payments in VR
A look at frictionless payment technologies for Virtual Reality.
http://AugmentedWorldExpo.com
Internet of Industrial Things Presentation - Sophie Peachey - IoT Midlands Me...WMG, University of Warwick
Sophie Peachey, Director of Innovation & Insight at Axillium Research Ltd discusses a new funding opportunity through the Advanced Manufacturing Supply Chain Initiative in the area of the Internet of Things.
Digital transformation in the manufacturing industryBenji Harrison
Industry 4.0 is here. It is all about the fourth industrial revolution which is all set to transform the manufacturing process using advanced capabilities and IT solutions for manufacturing such as smart sensors and actuators. As a result, manufacturers are gaining benefits from increased visibility into operations, cost minimization, quicker production times and provide excellent customer support. The only way manufacturers can take a leap ahead of competitors and win market share and embrace the latest in growth-driven Industry 4.0 technologies. Right from Enterprise Mobility Solutions to emerging technologies, digital transformation is critical to building and executing growth strategies for manufacturing.
PTC (Nasdaq: PTC) today completed its acquisition of Axeda Corporation, a developer of solutions that securely connect machines and sensors to the cloud. Axeda's technology innovation, extensive customer base, and powerful partnerships directly complement the PTC ThingWorx business, and will accelerate PTC's ability to deliver best-in-class solutions to its customers in the Internet of Things era.
Transitioning from a Product to a Service Economy: the Power of IoT Technology in Innovation. Especially in the context of the Internet of Things, the search for business sustainability is pushing companies to become more efficient thought a strategic rethinking of business processes while the market is shifting from products to services. To truly transform the business model, organizations need to connect and collect actionable data from their assets and processes, and invest heavily in IT tools and resources. To make this happen, Eurotech has designed and implemented a M2M solution that dramatically simplifies the transformation of a business into a smart business - allowing the creation of new innovative services and processes that drive competitiveness also in mature markets.
Leveraging new technologies and embracing proven Enterprise IT best practice allow an effective encapsulation of the complexity of creating and maintaining distributed device infrastructures. This and a clear focus on a seamless IT/OT integration ensures fastest time-to-market and best TCO when basing new services and revenue streams on data coming from distributed devices and sensors in the field.
AWE USA 2018 Startup Pitch: Jonathan Reeves with ArvizioAugmentedWorldExpo
A startup pitch at AWE USA 2018 - the World's #1 XR Conference & Expo in Santa Clara, California May 30- June 1, 2018.
AWE USA 2018 Startup Pitch: Jonathan Reeves with Arvizio
Funds from around the world are represented at the event, looking to discover frontier technology and identify new investment opportunities.
http://AugmentedWorldExpo.com
An IoT13 presentation showcasing promising companies in the internet of things. Ken Foster, Thingworx, describes the Internet of things and M2M opportunity for his company and the evolution of the M2M market
IoT is growing its adoption across industries, mainly due to the cost-cutting and centralized plant monitoring and connectivity, geo-fencing, predictive maintenance, workforce productivity, workforce security and others.
AWS IoT edge-based software and cloud-based services enable industrial companies across industries—such as mining, energy and utilities, manufacturing, commercial agriculture, and oil and gas—to predict production issues, improve product quality, and remotely monitor operations. In this session, learn how AWS IoT empowers industrial companies to reason on top of operational data and improve productivity and efficiency.
Industrial Control Security USA Sacramento California Oct 6/7James Nesbitt
Industrial Control Cybersecurity USA October 6th and 7th
Sacramento California USA
Identify, protect, detect, respond and recover.
All stakeholders have a new responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure. Public and Private partnerships are paramount and information sharing on an international level a priority. We will be addressing key areas of vulnerability, threat detection, mitigation, and planning for the Energy and Water Sector.
Internet of Industrial Things Presentation - Sophie Peachey - IoT Midlands Me...WMG, University of Warwick
Sophie Peachey, Director of Innovation & Insight at Axillium Research Ltd discusses a new funding opportunity through the Advanced Manufacturing Supply Chain Initiative in the area of the Internet of Things.
Digital transformation in the manufacturing industryBenji Harrison
Industry 4.0 is here. It is all about the fourth industrial revolution which is all set to transform the manufacturing process using advanced capabilities and IT solutions for manufacturing such as smart sensors and actuators. As a result, manufacturers are gaining benefits from increased visibility into operations, cost minimization, quicker production times and provide excellent customer support. The only way manufacturers can take a leap ahead of competitors and win market share and embrace the latest in growth-driven Industry 4.0 technologies. Right from Enterprise Mobility Solutions to emerging technologies, digital transformation is critical to building and executing growth strategies for manufacturing.
PTC (Nasdaq: PTC) today completed its acquisition of Axeda Corporation, a developer of solutions that securely connect machines and sensors to the cloud. Axeda's technology innovation, extensive customer base, and powerful partnerships directly complement the PTC ThingWorx business, and will accelerate PTC's ability to deliver best-in-class solutions to its customers in the Internet of Things era.
Transitioning from a Product to a Service Economy: the Power of IoT Technology in Innovation. Especially in the context of the Internet of Things, the search for business sustainability is pushing companies to become more efficient thought a strategic rethinking of business processes while the market is shifting from products to services. To truly transform the business model, organizations need to connect and collect actionable data from their assets and processes, and invest heavily in IT tools and resources. To make this happen, Eurotech has designed and implemented a M2M solution that dramatically simplifies the transformation of a business into a smart business - allowing the creation of new innovative services and processes that drive competitiveness also in mature markets.
Leveraging new technologies and embracing proven Enterprise IT best practice allow an effective encapsulation of the complexity of creating and maintaining distributed device infrastructures. This and a clear focus on a seamless IT/OT integration ensures fastest time-to-market and best TCO when basing new services and revenue streams on data coming from distributed devices and sensors in the field.
AWE USA 2018 Startup Pitch: Jonathan Reeves with ArvizioAugmentedWorldExpo
A startup pitch at AWE USA 2018 - the World's #1 XR Conference & Expo in Santa Clara, California May 30- June 1, 2018.
AWE USA 2018 Startup Pitch: Jonathan Reeves with Arvizio
Funds from around the world are represented at the event, looking to discover frontier technology and identify new investment opportunities.
http://AugmentedWorldExpo.com
An IoT13 presentation showcasing promising companies in the internet of things. Ken Foster, Thingworx, describes the Internet of things and M2M opportunity for his company and the evolution of the M2M market
IoT is growing its adoption across industries, mainly due to the cost-cutting and centralized plant monitoring and connectivity, geo-fencing, predictive maintenance, workforce productivity, workforce security and others.
AWS IoT edge-based software and cloud-based services enable industrial companies across industries—such as mining, energy and utilities, manufacturing, commercial agriculture, and oil and gas—to predict production issues, improve product quality, and remotely monitor operations. In this session, learn how AWS IoT empowers industrial companies to reason on top of operational data and improve productivity and efficiency.
Industrial Control Security USA Sacramento California Oct 6/7James Nesbitt
Industrial Control Cybersecurity USA October 6th and 7th
Sacramento California USA
Identify, protect, detect, respond and recover.
All stakeholders have a new responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure. Public and Private partnerships are paramount and information sharing on an international level a priority. We will be addressing key areas of vulnerability, threat detection, mitigation, and planning for the Energy and Water Sector.
In this latest edition of Insights Success India's Leading Cyber Security Companies, celebrates the growth story by showcasing the exhilarating achievements of the Leaders in this space.
India's Leading Cyber Security Companies to Watch.pdfinsightssuccess2
This edition features a handful of the India's Leading Cyber Security Companies to Watch that are leading us into a better future
Read More: https://www.insightssuccess.in/indias-leading-cyber-security-companies-to-watch-june2023/
Learnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptxCompanySeceon
At Seceon, we boast a team of highly skilled Cybersecurity professionals with years of industry experience. Our experts possess deep knowledge and understanding of the ever-evolving cyber threat landscape, enabling us to offer strategic and tailored solutions to meet the unique security needs of each client. Call Us: +1 (978)-923-0040
The dynamicCISO Summit 7th Annual CISO Summit & Excellence Awards 2020 were held in Mumbai during 27-28 Feb 2020 at Hotel Leela. The summit was attended by over 220 senior #CISOs and other #cybersecurity professionals from across the country. In total there were 20 sessions held across two days and there were over 55 eminent experts and speakers who delivered the sessions.
The theme for this year security summit was Checkmate. The entire focus on applying intelligence, strategy and technology for better cyber-defense. The conference deliberated on how CISOs and Cybersecurity professionals can create a robust “Defense Mechanism” for a stronger, better, cybersecurity posture
The Most Trusted Cyber Threat Solution Providers in India 2023.pdfinsightssuccess2
Only a few cybersecurity companies in India are fighting
against the battalions and armies of cybercriminals from the
world over. To comprehend this scenario and give you the
story of their evolution and constant up-gradation with a
glimpse of their future strategies, we bring you Insights
Success's exclusive edition of The Most Trusted Cyber
Threat Solution Providers in India 2023.
The Most Trusted Cyber Threat Solution Providers in India.pdfinsightssuccess2
This edition features a handful of The Most Trusted Cyber Threat Solution Providers in India To Watch that are leading us into a better future
Read More: https://www.insightssuccess.in/the-most-trusted-cyber-threat-solution-providers-in-india-2023-june2023/
Final file fastest growing companies of 2020Mirror Review
Witnessing the great efforts made by companies, we bring our latest magazine issue, “The 10
Fastest Growing Companies of 2020.” In this issue, we have featured companies that are
thriving and growing in today's competitive business landscape while facing market
uncertainties and challenges. The companies are using their unique approach to deliver a
stellar customer experience as well as making sure that its products, services, and solutions
are helping its clients to address their business pain points
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
2. For more details about DSCI or this publication, contact us at
+91-11-26155070/71 or write to us at media@dsci.in
03 AISS 2014 - Snapshot
05 #SpecialConversation - DSCI Innovation Box
TABLE OF CONTENTS
01 Foreword
13 #SpecialConversation - Character of Secure Enterprise
20 #SpecialConversation - DCPP Honorary Certification
29 #SpecialConversation - Automotive Network
35 #SpecialConversation - Women in Security
36 Sponsors & Partners
37 DSCI Excellence Awards 2014
40 Looking Ahead
07 Security by Design in the Internet Age
10 Management of Security
15 Exploring Policies & Standards
18 Crossing the Divide - Innovation & Skills in Privacy
22 Ideals in Security & Intelligence
26 Addressing Threats in Critical Sectors
31 Driving Change in Combating Cybercrimes
33 Balancing Act of Internet Governance
Data Security Council of India (DSCI)
is engaged with the Indian IT-BPM industry, their clients
worldwide, BFSI, Telecom, e-commerce, energy and other
domestic sectors, industry associations, data protection
authorities, think tanks and government agencies in
different countries. It engages with governments on public
policy, conducts industry wide surveys and publishes
reports, organizes cyber security & data protection
awareness conferences, workshops, projects, interactions
and other necessary initiatives for outreach and public
advocacy. DSCI is focused on capacity building of Law
Enforcement Agencies for combating cybercrimes in the
country and towards this it operates several cyber labs
across India to train police officers, prosecutors and
judicial officers in cyber forensics.
Public Advocacy, Thought Leadership, Awareness and
Outreach and Capacity Building are the key words with
which DSCI continues to promote and enhance trust in
India as a secure global sourcing hub, and promotes cyber
security and data protection in the country.
4. AISS 2014 - A SNAPSHOT
On December 11 & 12, 2014, in Mumbai, the
9th
NASSCOM-DSCI Annual Information Security
Summit (AISS) - one of the most coveted flagship
events of DSCI, was held.
Inaugurated by R Chandrashekar, President,
NASSCOM, the coming together of key
stakeholders, prestigious organizations and
eminent leaders for two days from diverse
sectors, led to engaging discussions on policy,
technology, business in the domain of security,
privacy, Internet governance and numerous
other key themes.
Every year, AISS’ broad agenda in security and
privacy is reflective of the high-relevance and
increasing interest levels of professionals from
different verticals, levels and categories of work.
ANNUAL INFORMATION
SECURITY SUMMIT 2014
December 10-11| The Leela, Mumbai
9th
NASSCOM-DSCI
PARTICIPANTS
600
SESSIONS
52
WORKSHOP
6
ROUNDTABLES
2
SPEAKERS
123
KEYNOTE
ADDRESSES
11
BREAKFAST
MEETS
3
PARTICIPANTS
AWARDS
INITIATIVES & PROGRAMSINTERACTIVE DISCUSSIONS
ROUNDTABLES EXHIBITIONS
LEADERS
WORKSHOPS
+
5. Burgess Cooper, Sr. Vice President & CTSO, Vodafone India
Manish Tiwari, CSA, Microsoft
Sandeep Singhal, Co-Founder & MD, Nexus Venture Partners
Subhash Subramaniam, CISO, ICICI Bank
PROCESS PARTNER
10ORGANIZATIONS
SHORTLISTED
JURY PANEL COMPOSITION
#SpecialConversation
WINNER
Product: CLOUD GRC
Shanmugavel Sankaran
Chief Nixer
FixNix Inc.
2nd
Runner-up
Product: SAVP
Srinivas Rao
Co-Founder & CEO
AUJAS
“We are proud that our
Security Analytics and
Visualization Platform (SAVP) has
been recognized as one of the best in
class information security product by
DSCI Innovation Box. This is a great
initiative by DSCI to recognize the most
innovative and outstanding
information security
products.”
2nd
Runner-up
Product: 1MOBILITY
Smita Yedekar
Co-founder & CEO
1Mobility
"We thank DSCI for
this initiative of Innovation
Box.It is a great platform for
security product companies to
showcase their innovation.
It is very encouraging and rewarding to
be recognized as one of the 'Most
Innovative Product Idea of the Year
2014' 1Mobility is here to make a
difference in the enterprise mobility
space and an endorsement
from DSCI is an honour.”
1st
Runner-up
Product: S2PAY
Nirmal Juthani
President
Net Vigil Software Pvt. Ltd.
"Being the 1st runner-up
in the 'Most Innovative Product
Idea of the Year', recognizes the
exemplary innovation exhibited by
S2Pay - Safe to Pay in bringing strong
security with ease of use in the mobile
payment industry. We thank DSCI,
for this initiative, as it brings a lot
of credibility and sustainable
value to the business."
Whatthewinnerssaid...
@AISS2014
Encouraging Innovation in Cyber Security Product Development
The Indian cyber security industry is riding high on the wave of entrepreneurial traction in
the niche domain of cyber security product development. With the aim to encourage
innovation, recognize avant-garde ideas, scale and strengthen early stage support to
emerging organizations in the cyber security domain, DSCI launched ‘DSCI Innovation
Box’. Under this initiative, DSCI recognized and rewards organizations which came up
with the most innovative product idea that addresses real risks, builds resilience and
increases trustworthiness in user organizations.
"FixNix is very glad to be winning the
first Innovation Box Award from DSCI
as the 'Most Innovative Product Idea
of the Year' award. This is going to be
a stepping stone for many innovative
companies in the country."
6. Securing Future of
Smart Cities
Industrialization of Internet -
Billion Threat Possibilities?
AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy07
SECURITY BY DESIGN IN
THE INTERNET AGE
The new wave of productivity will connect brilliant machines and people. This revolution is
expected to break technology silos, improve machine to machine communications and
bring the the physical and digital worlds together. This process will be digitally recorded and
added to respective profiles, and is referred to as "Industrialization of the Internet". Many
industrial houses, engaged historically in manufacturing, are enthusiastically joining this
revolution. Machines, people and data are envisaged to foster this innovation by making
them and their interfaces, Internet enabled. As per one estimate, Industrial Internet will add
USD 10 to 15 trillion to global GDP. There are already 10 billion devices connected to the
Internet; another 40 billion will be added by 2020. Sensors, software and big data analytics
are realizing the many envisaged possibilities of this revolution.
The concept of smart cities is built around interconnection of grids, channels and devices
through which data-essential to make the city liveable and sustainable, is collected, relayed
and analyzed. Such architecture thrives on the accuracy and precision of a magnitude of
devices capable of acting independently to make smart decisions, for example, balancing
electricity supply with load during non-peak hours.
The major challenges in such an environment are ensuring the availability and building
systems to guarantee against attempts of denial of service attacks, establishing trust and
assurance between systems, application and devices. Coupled with the Internet of things –
where all devices and machines around us can communicate with each other, this makes for
ample ground for malicious agents and attackers to thrive on. By creating a “system of
systems”, the underlying complexity and dependencies have increased manifold. Thus it is
essential to establish mechanisms, which will increase cyber resilience of the various
elements in the smart city architecture while creating systems which are self-monitoring,
self-protecting and self-healing. Disruption, degradation, manipulation, denial and
destruction of these devices by security attacks will create long lasting kinetic impact.
Privacy will be another big causality as association with devices used by humans will now be
digitally recorded and added to their respective profile.
• The growth of devices capable of
communicating with other devices and
making intelligent decisions on their own,
will be astounding in the coming few years.
Already, there are several million such
machine-to-machine networks which exist
globally.
• Internet enabled billion devices will be
active agents in many future transactions.
The current surface and circle of influence
of the Internet will expand multifold. Many
conventional, contemporary and future
systems will use Internet as means to talk to
these devices.
• The emergence of smart cities and
smart grids will provide ample ground for
realizing the full range of benefits of such
machine-to-machine communication and
intelligence. This interconnect will lead to
amalgamation of the factory or production
center, the supply line, communications and
user facing devices as a single line of
service.
• Such interaction of cyber and physical
systems will be aided by data gathered by
an array of sensors and probes, which
collect real time information and help in
monitoring, regulating and controlling the
city, and in provisioning services for
residents. Such data also enables residents
to monitor their usage of resources, and to
effectively utilize services of utilities and
other essentials in daily life.
• The infrastructure inside a smart city will
need to be designed with security as a
primary functionality, given the impact of
compromise of such infrastructure. Due to
the underlying dependence on data from
other systems, availability will emerge as a
key security concern.
• Given the user-centric nature of smart
cities, availability will also be critical from an
end-user perspective. Typically in a
cyber-system, DDoS attacks are prevalent;
in a cyber-physical system a denial of
service attack may be catastrophic.
Adequate monitoring and response
mechanisms must be put into practice for a
smart city to secure itself from potential
threats.
• Security threat vectors will also find
these new possibilities lucrative.
Heterogeneity and diversity of the devices
exposed to Internet will also lead to
discovery of several vulnerabilities and
many new modes for compromising
security.
• Kinetic possibilities of compromised
machine-to-machine network: abnormal
machine behavior leading to disruptions,
long lasting denial of service, physical
destruction, loss of human life etc.
Outcomes
AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy 08
7. Breached! How can you Still Maintain Trust?
SecOps in the Age of Psyops, Devops &
Shadow IT
Cyber Insurance - How Actuarial Science
Works for Cyber Security
Data Security - Critical for Building and
Protecting Brand
MANAGEMENT OF SECURITY
Managing affairs of security is becoming increasingly complex. Threats are constantly
evolving, so are the ways they penetrate, techniques they use and the impact they cause.
Out of the many dimensions that one needs to encounter to manage security, four vital
ones are mentioned below:
• Security Operations (SecOps) in the day of PsyOps, DevOps and Shadow IT– Evaluating
challenges of managing security operations in cloud-centric IT operations and how to
manage security of business led IT procurement
• Data security and brand protection– Delving into evolving relations between data
security and brand value of the organization.
• Breached – and the continuity of trust- Deliberations on how trust can be maintained as
the most critical aspect of managing security and what organizations can better do when
there is a breach of trust.
• Cyber insurance– Discussions on how an organization can recover from the cost and
liabilities it potentially faces, arising from security compromises and breaches.
AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy09
• Security by Design – is it really possible
to put security into the design of services
and application, as eventually someone will
come across vulnerability or hack. Having
appropriate compensating controls,
incident identification and response
mechanisms are the need of the hour.
• Pervasive security which cannot be
broken may never be realized; hence,
organizations need to identify their crown
jewels and build layers of security around it.
In addition, the organization must also be
prepared to manage and remediate any
attacks at any given instance.
• Mechanisms for cyber-physical devices
to receive regular firmware, software,
security etc. updates in a timely manner
also need to be evolved and thoroughly
tested. Such updates may need to be
administered over the air (OTA), since most
devices will essentially rely on a wireless
network for connectivity.
• Protecting the privacy of end users as
systems, will be another important concern.
This will now be privy to several attributes of
a person’s life. A person’s entire life will be
digitized - from lifestyle to preferences.
Criminal usage of such information will be
highly impactful and create difficulties for
law enforcement agencies who are typically
equipped to manage crimes in the physical
world.
Outcomes
AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy 10
8. • Participation in drill exercises must
become a regular exercise for
organizations. However, they must be done
across organizations – beyond VAPT. For
checking security preparedness, these
exercises need to be done by business - not
security teams
• Technology partners should be included
early on in the event of a breach. Forensics
should also be pre-incident, to develop
capability on how to proceed in such an
event. Organizations should have subject
matter experts in forensics to ensure trails
are being well-captured, there is correlation
of logs and that there are devices for
intelligence and analytics
• The incident of JP Morgan shows
precisely how vulnerable companies are
today to cyber threat. Having spent 250
million USD on security annually and then
having a breach is clearly a major concern.
The unfortunate, yet avoidable incident led
to a loss of worth USD 75 million of a
customer’s personally identifiable
information.
• Mapping and quantifying risks is a
herculean task in cyber security. In cases of
general insurance, we usually can recognise
the risk factors and threats, and estimate an
expected loss from those threats. However,
in cases of cyber insurance, it is difficult to
identify threats and the quantum of loss
they can cause since threats emanate from
anywhere in the world and from any
medium
• In India, whether it is an IT company,
BPM, bank or a telecom company - all have
a major threat of cyberattacks. While many
already have an insurance, others are
looking for it. Many IT companies dealing
with data of foreign clients have contractual
mandates to buy cyber insurance. In the
banking sector, BBB policy that existed
previously was overridden by computer
crime insurance policy which encompasses
operational risks and IT and non-IT risks, but
did not cover all aspects. Hence, the
indispensable need of cyber insurance has
emerged
• In case of IT/BPM, cyber insurance has
two verticals. The first vertical deals with
liability of the company on loss of a
customer’s data and it is termed as third
party insurance cover. The second regards
the money spent on forensics and
reputation losses which is also called first
party cover
• The premium calculated of the
insurance depends upon a range of factors
like organizational size, the kind of data it
uses, the countries to which clients belong
and the technology used by the company.
For a giant organization, the premium is
more as compared to a small organisation.
Also, if a company deals with personally
identifiable information then the risk factor
increases and consequently the premium
too
Outcomes
• Cloud moves IT operations out of the
control of IT, wherein operations are
completely revitalized. This could possibly
introduce indiscipline in the way operations
are performed. Resultantly, organizations
need to take their own decisions, including
to the extent they allow giving away controls
over operations such as Development &
Maintenance (DevOps). Thus, security
needs to evolve itself to design a framework
for securing transformation to cloud
enabled operations
• Increasingly, organizations cannot
afford to ignore the trend of Shadow IT.
However, their focus should rather be on
leveraging it for maximum profits while
simultaneously aligning it with business and
security objectives. Organizations should
innovate on how they can impose security
on such transformations, which are
breaking traditional security systems
• Breaches lead to ramifications at a high
level and have the potential to negatively
impact the brand image of an organization.
In the modern business world, brand image
is viewed as an important asset and
companies take utmost care to protect
them. Security of data is now gradually
acquiring its space in building the brand by
protecting it
• Telecom, Banking and IT organizations
are increasingly deploying privacy policies
and positioning them as a differentiator in
the market. Until now, security was
considered as a cost centre. However,
increasing association of security, and
privacy along with the brand image of the
organization, adds new dimensions to
dialogues on return of investment
• In spite of implementing foremost
security controls, and deploying superlative
security technology – the prospect that
organizations will get breached, is high.
Organizations often find it difficult to
discover if they have been breached, they
are getting breached or find loopholes
which can lead to a breach. Black swan’
incidents have happened and will continue
in the digital world
• ‘Prevention and detection’ and ‘recovery
and response’ should become key
components of security. Among the
necessities for an organization, is a well
prepared ‘plan of action’; a framework to
detect, determine and contain breach,
besides developing an integrated approach.
Both internal and external collaboration
should be charted carefully to be
incorporated in any such plan
• Active awareness, for end-users to be
educated should be built on. These can be
in the form of simulated attacks and
demonstrations of potential business
impacts of a breach
Outcomes
AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy11 AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy 12
9. CHARACTER OF SECURE ENTERPRISE
Digital economy is a double edged sword. With the increase in number of internet users,
cyber threats are also witnessing increase. A total of 71,780 breaches were reported in
2013 globally. Technology is advancing at a rapid pace and the dark side of it is becoming
more prominent. Hackers are getting more sophisticated and attacks are becoming
sharper and difficult to detect.
MOVE TOWARDS
DIGITAL INDIA
MAJOR THREATS KEY MEASURES
#SpecialConversation
India has 200 mn
internet users and
this number is
expected to rise
significantly
Government
planning Digital
India campaign
Connecting all
panchayats of India
Launch of
100 smart cities
With advent of IoT
and M2M , increase
in devices, data
and threats
Simultaneous
increase in security
threats and privacy
concerns
Growing users
Increase in data
More
vulnerabilities
Higher possibility
of damage
Establishment of
Dedicated CoE
Capability
improvement of
law enforcement
agencies
Incorporation of
security & privacy in
IoT platform design
Capacity Building in
cyber security in
India
REALISE IMPORTANCE OF SECURITY AT BOARD
LEVEL IN ORGANISATIONS
Maximum breaches occur due to disgruntled employees
Management-driven, top-down approach driven required in cyber
security
Require adequate budget allocation
HOLISTIC FRAMEWORK FOR SECURITY
Enhanced collaboration between various industry verticals
Contribution by every industry body to make a safe cyber space
Skill development initiatives by the government
TECHNOLOGY RELEVANCE
Today, attacks sharper & diverse
Current technology inadequate for protection
New, improved products required in security domain
KEY OUTCOMES
1 2 3
10. Mass Surveillance - Answer Lies in
Cryptography?
Indian Security Market - Where It Stands
and Has Snowden Made any Impact?
Innovation, Trade, Market & Security -
Role of Standards
Role of India in Global Cyberspace
EXPLORING POLICIES AND
STANDARDS
The global cyberspace has been expanding at a fast and unrestrained pace. Economies
around the globe have either become fully integrated into the global cyberspace or are in
that process. Given this scenario, overall cyber security of the nation becomes one of its
primary concerns. Diverse policies and standards have existed for a while now and have
played a vital role in harmonizing trade and transactions of various kinds between nations,
economies and individuals. Globally, there has been an increasing trendin work being done
in this respect on policy and standards making, and innovation. Furthermore, in the recent
past, revelations about mass surveillance have led the emergence of global voices
highlighting privacy protection of individuals, businesses and sovereign interests of nations.
It is becoming important to understand and identify ways to ensure safeguards against
mass surveillance.Cryptography in this regard promises to play a crucial role.
The scenario is no different in India, where similar factors are driving cyber security and
privacy protection. The issue facing India is whether the country has done or is doing
adequately in the policy and standards development space. What is India’s role in global
cyberspace and has it done sufficiently enough to meet the ever increasing expectations of
all stakeholders including the global community? When one deliberates on India’s stance on
cyberspace, a prominent point observed is often the lack of synergy between various
government bodies, departments and industry players. In this regard, it is vital to assess the
steps India can take as an effective and powerful player in the constantly evolving
cyberspace regime.
• The cyber security industry in India has
witnessed growth of around 18% in last year
and is expected to witness a more robust
growth in the high double digits, over the
next few years. This could surpass the
growth rate of 25% next year. Factors
contributing to this growth include
increased importance of security in
organizations and penetration in
boardroom level discussions
• Security is now becoming less prone to
budget cuts, particularly in the era of ‘open’
networks and institutional ‘spying’. This
trend has been particularly noticeable after
the Snowden revelations, and the world is
witnessing an era where global buyers are
willing to experiment and innovate, in order
to obtain the most secure product. Some
countries are more optimist of purchasing
quality products from non-first world
countries as a consequence of the Snowden
revelations
• Government as a policy maker and one
of the largest buyer in the country, plays a
very crucial role in creating a conducive
environment for emerging companies to
establish and grow, thereby affecting
growth of the overall security industry. This
necessitates an increase in security
awareness in government departments
during procurement of products and
services and as should be reflected in the
RFPs
• Keeping a track of citizens’ activities for
internal security purposes is not a new
phenomenon. However, involvement of
intelligence agencies, backed by
governments for mass surveillance, has
created an atmosphere of conflict among
nations. A resultant, trust deficit created by
such revelations demand focused attention
by individuals to safeguard their personal
data; businesses to take actions to maintain
trust of clients and countries to increase
their control over cyberspace to preserve
sovereign interest and strengthen national
security
• Owing to the order less and chaotic
nature of global cyberspace, vulnerabilities
have expanded and created an extremely
precarious environment for cyberspace
stakeholders. The multidimensional
cyberspace model makes it imperative for
world economies to have clearly articulated
cyber policies, which seem to be the sole
way to ensure cyber security, as seen as a
crucial component of national security
• Lack of clarity on policy issues pertaining
to cyberspace has prevented India from
reaching the heights it is capable of. This
emanates from lack of coordination among
departments, ministries and industry
bodies. Multiple departments need to
engage to create synergy within the country
that fosters a well-coordinated initiative
Outcomes
AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy15 AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy 16
11. Innovation & Boundaries of Privacy -
How Rules & Regulations are catching up
Building the Privacy Profession in India
CROSSING THE DIVIDE -
INNOVATION & SKILLS IN
PRIVACY
In modern history, privacy can be classified into two different ages: Pre and Post Snowden
revelations. Globalization, evolving data lifecycle, criticality of data and technology
advancements have brought forth new challenges and risks including those related to data
privacy protection.
Technology innovation unveils unprecedented opportunities with the superior ability to -
collect data, enhance data processing capabilities, increase intermingling of personal, social
and commercial technologies; increase availability of digitally recorded context, thrust on
context processing capability; evolve techniques of intuitive management of information,
prevalent use of sensors and their integration, increase use of recording and wearable
devices and use augmentation technologies. However, along with opportunities, it raises
key privacy concerns about the purpose of collecting data, its use for non-core purposes,
crossing of ethical boundaries, possible harm resulting from the use of data, large number
of entities that are involved in data processing and even abilities of the countries to provide
privacy protection where data is stored or processed.
Businesses, on the other hand, are increasingly relying on social and cloud computing, lean
management techniques, complex ICT supply chains, heavy outsourcing, business analytics
and deploying contextual computing. In addition, laws surrounding privacy are evolving and
need to catch up with the growing expectations around privacy. An increased demand for
greater privacy has also raised the need of privacy professionals and experts not only in
private organizations, but also in government departments. This raises a relevant question
on how soon the growing demand of privacy professionals will be supplied with adequate
and skilled workforce.
• Ascertaining the strengths and
weaknesses of India is the first step towards
accomplishment of the ambitious dream of
a strong and robust Digital India. Here,
underrepresentation of India at various
cybersecurity forums need to be bolstered
through multitude of initiatives. The three
key international bodies’ viz. ICANN, ITU and
UN should witness enthusiastic response
from India in the near future
• International trade and commerce is
heavily dependent upon standards. On the
one hand they help companies mitigate
risks, harmonize operations and create a
conducive environment. On the other,
standards may also act as non -trade
barriers thereby hindering trade. Hence,
standardization has become a vital business
strategy for technology companies. In view
of multiplicity of technology, organizational
focus on standards has increased manifold
• One needs to take cognizance of the fact
that there are geographical differences and
varied local requirements which makes
establishing consensus in standards
formulation an arduous task. Highlighting
local requirements internationally is
important for any country
• India has been lagging behind in
standardization activities. Discussion with
experts and negotiation with stakeholders
might fast track standardization
endeavours in the country. It would be
erroneous to think of standardization being
limited to developed countries. Emerging
economies too need to pursue the agenda
aggressively or else they would be left out
Outcomes
AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy17 AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy 18
13. Security Intelligence - Situational,
Collective, Actionable & Integrative
IDEALS IN SECURITY
ANALYTICS & INTELLIGENCE
There has been considerable investment in the country on Security Information and Event
Management (SIEM) solution, and this is viewed as an important step towards making
security more responsive and actionable. Security intelligence is capturing attention of
security technology providers and is being discussed widely. However, there is still a
pertinent question of its actual usability. Intelligence information works only if presented at
the right time and at the right level. The intelligence should also be able to generate desired
actions, which means it should be aware of Policy Decision Points (PDP) as well as Policy
Enforcement Points (PEP). Most of the times organizations fail to define PDPs and PEPs.
Drive of flexibility on the one hand, which stems from pressure of anytime and anywhere
access; adoption of mobility and BYOD; and liberating access to increased outsourcing
partners - makes the context of security, complex. So does the ability to provide intelligence
on them. On the other hand, drive of consolidation, cost optimization and agility offered by
virtualization and cloud computing dispense multiple new possibilities that security decision
making has to deal with. Collecting relevant and contextual information from all possibilities
and delivering that to take a decision for security, is a daunting challenge. External threat
vectors exploit these possibilities, in different ways, trials and patterns. While information
about them is available in the security market ecosystem providing key intelligence to take
actions, this may not be timely and specific.
Amutha
Arunachalam
Arun Kumar
Anand
Arup
Chatterjee
Ajit
Menon
Akhilesh
Tuteja Amit Karir
Burgess
Cooper
Hemant
Kumar
Baljinder
Singh
Maria
Bellarmine P
Jaganathan
Thirumalachary
Lucius Lobo
Shivangi
Nadkarni
Megha
Madnani
PVS
Murthy
Sivarama
Krishnan
Srinivas
Poosarla
Subhash
Subramaniam
Vishal Salvi
Venkatesh
Subramaniam
Vishal Jain
Ashalatha
Govind
Ajit
Mathew
Kersi
Tavadia
Seema
Bangera
Sunil
Varkey
Vakul
Sharma
DCPPDSCI Certified Privacy Professional
AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy 22
15. • Organizations are confronted with
managing soaring severity and
sophistication of threats emanating from
multiple sources. Information potentially
helpful for security decision-making and
enforcement of actions remains largely
unutilized, uncovering many weaknesses
and vulnerabilities
• While organizations require proactive
insights on threats and intelligence to avoid
false alarms, they struggle in finding a right
balance between both, a reliable and
efficient means of protecting business
information
• Many organizations rely on SIEM
solutions; however, theseare still known as
hard to deploy, complex to manage over
time, and limited in their ability to detect
security incidents
• As sources of data, which may be
analyzed for building robust security, are
almost limitless, the requirement for
security management is going to go well
beyond traditional SIEM. Security
capabilities which can transition security
infrastructures into intelligence-driven
systems, incorporating big data capabilities
are the need of the hour
• Thus, in addition to building context
over ‘’who, what, where, why and how”,
context-aware and adaptive Intelligence,
which takes into account real-time threat
information, levels of relative trust, as well
as risk based on the assets being accessed
and used, is required
• Next-generation security intelligence
technologies are emerging which are more
adaptive by being context and content
aware, and augment internal threat analysis
with external threat intelligence feeds from
as many sources as possible. They allow
creation of security architecture to capture,
normalize, analyze and share information
by using scalable tools and managing big
data capabilities
Outcomes
DDoS Threat to Financial and
E-commerce Sectors
Deconstructing Malware
Targeting Critical Sector
Embedded Software Security
ADDRESSING THREAT
ENVIRONMENT IN CRITICAL
SECTORS
With a significantly high penetration of cyber technologies in the numerous facets of daily
life, there is aa pressing need to effectively secure such technologies. Various studies have
reported, that the threat landscape is worsening, with the evolution and adoption of cyber
technologies and their applications. For example, almost all traditional instrumentation
systems are today connected to IT systems – while this enables information to be used in a
more significant manner, new security threats and risks also emerge.
With merging of technologies in different domains, increasing automation and merging of IT
technologies with mechanical and other operating technologies - the thrust on embedded
system is also increasing. Wide use of embedded systems at industrial scale and adoption
of robotics is now a reality. Consequently, this signals new avenues for the perpetrators to
exploit vulnerabilities and penetrate the systems. The increasingly dominant role of
embedded systems in consumer, shop floors, infrastructure, utilities and machine floors,
raises some pertinent security issues which need to be addressed by the stakeholders.
AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy25 AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy 26
16. • Given the magnitude and scale of
operations and the complexity involved,
decisions to prioritize protection of systems
within the organizations is paramount,
considering the impact of compromise.
Additionally, alignment of efforts and
resources in a strategic manner is required
to tackle issues in an effective way.
• As the role of embedded software is to
program and execute many mechanical and
motored actions, and it is increasingly
getting interfaced with information
technology, a compromise of security can
lead to a serious kinetic impact. Defence
and other critical sectors use embedded
software and chipsets for various critical
operations which makes the security of
embedded software paramount
• Secure embedded software
development beginning from the
requirement phase to the maintenance
phase is extremely crucial for addressing
security requirements. It is necessary that
root-cause analysis of any possibility should
be identified at the beginning i.e. in the
requirement phase itself. Moreover, for
effective deployment of security measures,
training and awareness of the people
handling the systems is also extremely
important.
Outcomes
• Organizations should develop their own
‘on premise’ capabilities to tackle evolving
cyber threats. Cyber threats require
enhanced preparedness from the industry
and more advancements in technologies.
Activities such as scenario testing, mock
drills on one’s Infrastructure, simulation
exercises, incident response strategy and
demonstrations need to be conducted
more frequently in a structured way to
mitigate future threats, even if this requires
increased investments
• Service providers should be more
vigilant in addressing needs and interests of
their clients. The approach to ensure
security needs to go beyond the classical
pipe cleaning and scrubbing centers.
Service providers need keep a closer watch
onthe information highway and take deeper
interest in behavioral analysis. In selected
sectors in India, such as telecom, the major
chunk of responsibility lies on ISPs for
safeguarding organizations against DDoS
attacks
• Collaborative information sharing
amongst relevant stakeholders plays a key
role in improvising attempts of
organizations towards mitigating threats.
Organizations, in matters of security and
data protection, need to rise above
competition and collaborate with each
other. Attacks or breaches should be viewed
comprehensively at the industry-level,
rather than individual firms. Stakeholders
should find creative ways to incentivize
information sharing amongst the industry
• While it helps to maintain and
periodically update an incident response
mechanism, it is imperative that a certain
level of dynamism and flexibility is available
for the organization to effectively counter
evolving threats
• The impact of malware on critical
infrastructure is profound and may lead to
widespread turmoil, impacting thousands
of lives in a single instance. Malware may be
classified as static or dynamic – while the
former is designed with predictable
behavior and may be simpler to weed out,
the latter is highly contagious and is
designed to evade the security construct
and infiltrate systems, remaining dormant
for weeks and triggered only at specific
instances
• Response to any malware detected,
must be holistic in nature. The security team
must conduct a thorough analysis to not
only identify damage but also methods
through which the malware has been
planted. While systems and solutions may
be present, focus on user awareness and
compliance must also be maintained. While
preventive measures may not always be
effective, it is essential that basic security
hygiene is maintained for all systems,
irrespective of the system being connected
to the internet.
Outcomes
AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy27 AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy 28
17. #SpecialConversation
AUTOMOTIVE NETWORK
1 Adaptive cruise control
2 Electronic brake system mk60e
3 Sensor cluster
4 Gateway data tranmitter
5 Force feedback accelerator petal
6 Door control unit
7 Sunroof control unit
8 Reversible seatbelt pretensioner
9 Seat control unit
10 Brakes
11 Closing velocity sensor
12 Side satellites
13 Upfront sensor
14 Airbag control unit
Ref: Aa1car.com
Safety
7,261 deaths/year (US)
5.8 million crashes/year (US)
Direct economic cost of
$230.6 billion
Leading cause of death for
ages 4 - 34
Your vehicle can ‘see’
vehicles you can't
Your vehicle informs
you of roadway
conditions and hazards
that you can't see
Your vehicle knows the
speed and location of
approaching vehicles
Productivity concerns
Traffic congestion & 87.2
billion annual drain on the
U.S. economy
4.2 billion lost hours
2.8 billion gallons of wasted
fuel
Know where every vehicle
was in real time
See complete traffic patterns
Know real-time options on
all roads, transit, and
parking along your route
NEED
INNOVATION
Augmented reality dashboard
CONNECTED
CARS
Location-based advertising
Enforcing rules
Car pooling
Vehicle maintenance Self-driven
Dynamic insurance
Parking management
Road pricing
Penstreetmap Create open-source maps by collecting GPS
data from users
Trapster Constantly updated database of the locations
of police speed traps
Zipcar Largest car-sharing scheme. Shares 6,000 vehicles
ODB II Apps Car health monitoring, car safety, warranty and
maintenance warnings and scheduling
By 2045, it will be impossible for a driver to impact another vehicle or
drive off the road without the serious intention of doing so -
Ref: http://www.economist.com/node/13725743
Dedicated short range communications
Two way, short-to-medium range wireless communications capability
SAE J2735 standard
TECHNOLOGY STANDARDS
DSRC
Wireless access in vehicular environments
IEEE 1609 standard
WAVE
Vehicle to Vehicle communicationV2V
Vehicle to Infrastructure communicationV2I
Vehicle to Vehicle communicationV2D
Controlled Area Network (CAN) & CAN busCAN
Onboard diagnosticsOBD 2
TECHNOLOGY ECOSYSTEM
Information collection
Information processing
wireless
communication
Wired & wireless
Communication
Local
Main transportation
information center
Control
Unit
Antenna
Local
Radio frequency
communication
Navigation
Hi-pass terminal
Kiosk
PDF mobile
phone
PC
Bus Stop
VMS system
Radio frequency
communication
Information delivery
POSSIBILITIES
Traffic and
incidents
Geocoding &
POI search
Driving route
recommandations
Mobile
applications
Traffic
cameras Fuel prices EV services
Parking
availability
Weather
Vehicle data Flights &
queue times
N
W E
S
Ref: www.inrix.com
INNOVATION
Area
of
Work
Crash scenario framework
Interoperability
Transit vehicle applications
Driver issues
Benefits assessment
Commercial vehicle
applications
Application development
Vehicle to vehicle
policy issues
FUNDAMENTALS
18. Cyber Laws and Social Media
Global Cybercrimes - Need of
Converging Corporate and
LEA Capabilities
DRIVING CHANGE IN
COMBATING CYBERCRIMES
The world over, geographical disparity has become an outdated concern, given the ever
prevalent expansion of modern information and communication technologies. Increasingly,
cybercriminals today are empowered with a position to gather voluminous amounts of
intelligence about their targets and subsequently execute theirplans. The level of
sophistication in cyber-attacks have changed dramatically over the last two decades mainly
due to the rise of interest usage by organized criminal groups in fraudulent and malicious
activities in cyberspace. The overwhelming availability of materials and knowledge facilitate
their perpetration. Globally, the number of cases reported show no signs abating. Major
cases that drew attention worldwide were related to corporate espionage, large scale heist
and cyber breach.
Recent technological innovations in the domains of Social Media, Mobile, Analytics and
Cloud, have made the adoption of technology comparatively simpler and cheaper. The
usage of social media does not necessitate a user to be tethered to a computer anymore;
almost all social media platforms/networks provide access viamobiles, tablets and other
devices. They allow users to ‘network’ or assimilate to bring forth their thoughts on various
topics of interest to them.
In addition, there have been numerous discussions around section 66A of the Information
Technology (IT) (Amendment) Act 2008. These involve particular terms used in section 66A,
which may be interpreted in different ways. Experts also argue that 66A violates the
fundamental right of freedom of speech and expression provided under the Indian
constitution.The liability of the service providers in such cases is also another vital topic for
debate. In this light, social media service providers are recognized as intermediaries and
liability is fixed for various acts and omissions under the laws.
• There are about 70-80% of cases
registered by the police, lying dormant for
want of information from service providers
located outside India
• Letters Rogatoryare forwarded within
the ambit of Mutual Legal Assistance Treaty
(MLAT), Memorandum of Understanding
(MoU)/Arrangement etc. existing between
India and requested country or on basis of
reciprocity in cases where no such treaty
and MoU exists
• Before making a proposal to the
Ministry of Home Affairs, the concerned
Investigating Agency may examine the
matter in detail to find out if it is absolutely
necessary to get investigation conducted
abroad for taking the case to a logical
conclusion. The provisions of the MLAT,
MoU, Arrangement or International
Convention as well as requirement of the
law of requested country such as principle
of dual criminality, assurance of reciprocity
etc., may be studied with view to determine
that such a request would fall within the
parameters of legal requirements of the
requested country
• The process for letters rogatory is more
time-consuming and unpredictable than
that for MLATs. This is largely because the
enforcement of letters rogatory is a matter
of comity between courts, rather than being
treaty-based
• In the absence of any precedent
judgments under Section 66A of
Information IT (Amendment) Act 2008 (IT
Act) , the section is susceptible to different
interpretations. Repealing the entire section
may lead to difficulties for the real victims of
defamatory mails or offensive
communications. Legislature should come
out with rules or guidelines to amend
section 66A of the IT Act in line with the
fundamental rights guaranteed under the
Constitution of India
Outcomes
AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy31 AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy 32
19. • The IG ecosystem has been in flux, more
so after the National Telecommunications
and Information Administration (NTIA)
announcement last year to transition its
oversight over Internet Assigned Numbers
Authority (IANA) functions performed by
Internet Corporation for Assigned Names
and Numbers (ICANN). Efforts continue at
all perceived levels for coming up with a
sound proposal for stabilizing the IG
ecosystem, acceptable to all stakeholders –
governments, industry, civil society,
technical community etc. For the
stakeholder community from India to get its
‘righteous place’ in IG ecosystem, it should
actively participate at all important forums
• Net Neutrality (NN) debates have come
to the forefront and are being debated in
major geographies across the globe. There
have been instances where the principle of
NN appears to be breached. Balancing
innovation with business ethics is one issue
that everyone is striving to solve. In India,
TRAI is working on a consultation paper on
NN that aims to discuss pros and cons of
formulating, adopting, implementing and
enforcing NN principle in the Indian context
• With new age technology, rapid increase
in the number of devices that connect over
the Internet has led to exhaustion (almost)
of IPv4 address space. If IPv4 NAT (Network
Addresses Translation) continues to be
used, it may pose a serious threat to the
network and devices, hence IPv6 adoption
must be actively pursued. Another
challenge that NAT poses related to perfect
attribution
• IPsec protocol that protects data,
integrity and confidentiality of the system, is
integrated in IPv6 but not in IPv4 and hence
is more vulnerable. Also, IPv6 has stateless
address auto configuration in which the IP
address is automatically configured using
neighbour discovery protocol. Session
Border controllers are deployed in Voice
over Internet Protocol (VoIP) networks to
exert control over the signaling and usually
in setting up, conducting, and tearing down
telephone calls or other interactive media
communications. It can be used to check call
denial and spoofing attacks which are
prevalent in video and multimedia calls and
messages
• Institutional mechanisms should be
established in India to develop and promote
a framework for security of 4G and IPv6
devices like in the U.S., where NIST, FISMA
etc. work in the direction to adopt
frameworks for protecting their networks.
Government should mandate regulations
on risk assessment, audit plans for security
and promote security seals and
certifications. Also, steps to revise
curriculum to bridge current gaps between
education and awareness should be
initiated. Moreover, industry standards
should reduce in order to develop and a
better workforce which securesthenation
from cyber threats
Outcomes
State of Internet - What Benefits
Us - Continuity of Present or
Inventing New Order?
IPv6, 4G & IoT - Role of Telecom
Network to Secure the Revolution
BALANCING ACT IN
INTERNET GOVERNANCE
It is no surprise that around a quarter of our population is connected to the Internet. And in
this digital economy, the number of mobile Internet users surpass those using broadband.
Additionally, in the developing world, 31% of the population is online, compared to 77% in
the developed world. And by 2020, more than 20 billion devices are expected to ‘talk to each
other’ over the Internet. Meanwhile, as the world debates on methods to increase Internet
penetration and usage for various services - issues on the use of an open, just and equitable
Internet also emerge. As the Internet governance (IG) ecosystem continues to evolve, with
a lot of action recently, the direction it is taking is still unclear. Given this, a number of
questions arise - what all bodies are emerging in the IG ecosystem? What happens after the
IANA transition deadline lapse? How is the ‘accountability’ charter going to be defined for
stakeholders? Increasingly, global debates on how should principle of Network Neutrality
(or Net Neutrality or NN) be enforced is getting relevant. Should Telecom Service Providers
(TSPs)/ Network Service Provider (NSPs)/ Internet service providers (ISPs) treat all data on
the Internet equally, or can they better provide special services based on source,
destination, content, site, platform, application, protocol etc. ,by charging separate fee for
different services? With enormous data being generated and analysed, what should be the
role of organizations to secure the data?
With the increase in number of IP addresses and fraud detection, blocking of rogue devices
is becoming difficult as they have more space to migrate. Another cause of concern is
securing voice calls and multimedia messages as a lot of call denial and spoofing attacks are
prevalent. In this regard, how should convergence of IPv6, 4G and IoT be handled?
AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy33 AISS 2014 - Strengthening Perspectives on Cyber Security & Privacy 34
20. WOMEN SECURITY LEADERS
World has witnessed and acknowledged the enormous potential of women leaders in
every field. However in comparison to other business domains , the number of women
leaders in cyber security discouraging. This underrepresentation of women in the
emergent and critical field of cyber security is a matter of great concern
WHAT WOMEN THINK
Po
ints of discussi
on
Women perceive “success”
not just as something
measured by certain metric
(such as salary), but also as
reflecting recognition for
both innovative and visionary
functions and routine
preventive tasks essential to
information security
Lack of women security
leaders is due to lack of
education ecosystem in
the domain
Innovative measures
required to reach out to
future professionals and
create awareness with
an aim to create an
indifferent ecosystem
for men and women to
join the domain
OPPORTUNITIES
With increased jobs and
centrality of cyber security
in company operations,
women’s advancement to
executive and managerial
positions will witness
increased opportunities
Currently, the US
government has responded
to this issue by providing
grants to attract and train
women in cybersecurity at
the university level
Industry needs skilled
professionals whether
women or men
Field is emerging and a
reason why presence of
women are less in the this
domain
Numbers are increasing
as more women become
CIOs and CISOs in India
#SpecialConversation
Platinum Sponsors
Compliance & Security
Workshop Partner
DSCI Excellence Awards
Sponsor
Dsci Security Leader
Of The Year
Associate Cum Badge
& Landyard Sponsor
Associate Sponsors Analytics Workshop
Partner Exhibitors
Exhibitors
Exhibitors
Process
Partner
Design Partner Media Partner Community Partner
Webcast
PartnerOIS Media Partner
SPONSORS & PARTNERS
Gold Sponsors
Silver Sponsors
21. NOMINATIONS FOR CORPORATE SEGMENT
//////////////////////
///////////////////////
EXCELLENCE CORPORATE SEGMENT
LAW ENFORCEMENT SEGMENT
CELEBRATING EXCELLENCE OF THE CHANGE AGENTS!
In line with the objective to raise the level of security and privacy of IT-BPM service
providers and thereby assuring their clients and other stakeholders that India is a
secure destination for global sourcing, DSCI rolled out the fourth edition of the
DSCI Excellence Awards for corporate and law enforcement segments.
New Categories in the Corporate Segment - Security in the Energy Sector, Privacy in the
Outsourcing Sector and Security Product of the Year
A great success, DSCI received 102 nominations for 15 categories in the corporate
segment - the highest since the institution of the awards, whereas 26 nominations were
received in the law enforcement segment. An analysis based on the nominations was
presented and was well-received by the industry.
Winners in the Corporate Segment
Bank
Kotak Mahindra
Bank Ltd.
Telecom
Bharti Airtel Ltd.
e-Governance
UIDAI
e-Commerce
Make My Trip India
Pvt. Ltd.
IT Services- SME
Broadridge Financial
Solutions
BPM- Large
WNS Global Service
Pvt. Ltd.
BPM- SME
VFS Global
Services Pvt. Ltd.
Energy Sector
Organization
Reliance Industries Ltd.
IT Services- Large
Tata Consultancy
Services Ltd.
Outsourcing Sector
Infosys India Ltd.
Domestic Sector
Vodafone India Ltd.
DSCI Excellence Award for Security in Organization
DSCI Excellence Award for Privacy in Organization
Winners in Law Enforcement Segment
Emerging Information
Security Product Company
Data Resolve Technologies Pvt. Ltd.
Security Product
of the Year
REL-ID (Uniken)
Security Leader of the Year
(IT- Sector)
Madhu K (Polaris Financial Technologies Ltd.)
Security Leader of the Year
(BPM- Sector)
Baljinder Singh (EXL Services)
India Cyber Cop of the Year
P Chowdhary
Police Inspector, (Kolkata Police)
Capacity Building of Law
Enforcement Agencies
(Maharashtra Police)
Privacy Leader of
the Year
Burgess Cooper
(Vodafone India Ltd.)
Security Leader of the Year
(Telecom Sector)
Burgess Cooper
(Vodafone India Ltd.)
Security Leader of the Year
(e-Commerce Sector)
Bharat Panchal
(National Payment Corporation of India)
Process Partner
DSCI Excellence
Awards Sponsor
DSCI Excellence Awards
Sponsor- Security
Leader of the Year
Media Partner Online Information
Security Media
Partner
DSCI Excellence Award for Security Product and Companies
DSCI Excellence Industry Leader Awards