The document provides an overview of the 2net system, including its product overview describing how biometric data flows from devices to the cloud platform, as well as its security and privacy features leveraging Qualcomm's expertise in network operations. Key aspects covered include the 2net hub, cloud platform, and end-to-end data flows, as well as Qualcomm's focus on proactive data protection, cybersecurity initiatives, and use of a premier enterprise wireless data platform.
The difference between Cybersecurity and Information SecurityPECB
Cybersecurity is a growing and rapidly changing field, and it is crucial that the central concepts that frame and define this increasingly pervasive field are understood by professionals who are involved and concerned with the security implications of information technology (IT).
• The evolution of Cybersecurity
• Protecting Digital Assets
• Difference between Cybersecurity and Information Security
• Cybersecurity Objectives
• Future of Cybersecurity
Presenter:
Hafiz Adnan is an IT GRC, Security Consultant and Lead Auditor and a PECB Certified Trainer with over 11 years of significant, progressive experience in Information Technology field, focusing on Information Security, IT Governance, ISO Standards Implementation & Compliance, IT Service Management, Risk Management, Information Security & IT Service Management Audits, Software Project Management and Process Improvement.
Link of the recorded session published on YouTube: https://youtu.be/BA670iVPi5c
Secure by Design - Security Design Principles for the Working ArchitectEoin Woods
As our world becomes digital, the systems we build must be secure by design. The security community has developed a well-understood set of principles used to build systems that are secure (or at least securable) by design, but this topic often isn’t included in the training of software developers. And when the principles are explained, they are often shrouded in the jargon of the security engineering community, so mainstream developers struggle to understand and apply them.
This talk explains why secure design matters and introduces 10 of the most important proven principles for designing secure systems, distilled from the wisdom of the security engineering community.
Presentation by Soumya Mondal, on "Information Security: Importance of having definded policy & process" at "Braindigit 9th National ICT Conference 2013" organized by Information Technology Society, Nepal at Alpha House, Kathmandu, Nepal on 26th January, 2013
The difference between Cybersecurity and Information SecurityPECB
Cybersecurity is a growing and rapidly changing field, and it is crucial that the central concepts that frame and define this increasingly pervasive field are understood by professionals who are involved and concerned with the security implications of information technology (IT).
• The evolution of Cybersecurity
• Protecting Digital Assets
• Difference between Cybersecurity and Information Security
• Cybersecurity Objectives
• Future of Cybersecurity
Presenter:
Hafiz Adnan is an IT GRC, Security Consultant and Lead Auditor and a PECB Certified Trainer with over 11 years of significant, progressive experience in Information Technology field, focusing on Information Security, IT Governance, ISO Standards Implementation & Compliance, IT Service Management, Risk Management, Information Security & IT Service Management Audits, Software Project Management and Process Improvement.
Link of the recorded session published on YouTube: https://youtu.be/BA670iVPi5c
Secure by Design - Security Design Principles for the Working ArchitectEoin Woods
As our world becomes digital, the systems we build must be secure by design. The security community has developed a well-understood set of principles used to build systems that are secure (or at least securable) by design, but this topic often isn’t included in the training of software developers. And when the principles are explained, they are often shrouded in the jargon of the security engineering community, so mainstream developers struggle to understand and apply them.
This talk explains why secure design matters and introduces 10 of the most important proven principles for designing secure systems, distilled from the wisdom of the security engineering community.
Presentation by Soumya Mondal, on "Information Security: Importance of having definded policy & process" at "Braindigit 9th National ICT Conference 2013" organized by Information Technology Society, Nepal at Alpha House, Kathmandu, Nepal on 26th January, 2013
Intrusion Detection System is a software that keeps monitoring system or network state for possible intrusion and alert the administrator, while IPS is capable of blocking such attacks. Together they constitute IDPS.
Presented at Executive Leaders Network CMO/DPO/CIO/CISO Event on October 06th.
"In the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough. Organizations must take proactive steps to prevent threats before they happen, and to recover if compromised. In this session, Darktrace unveil an ambitious new approach to security, with core engines powering AI technologies to prevent, detect, respond, and ultimately heal from attacks. Together, these engines combine to strengthen organizations’ security posture in a virtuous AI feedback ‘loop,’ which provides powerful end-to-end, bespoke, and self-learning solutions unique to each organization."
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Threat modeling web application: a case studyAntonio Fontes
TAM is a security activity conducted early in the development lifecycle, when we only have ideas, early design specifications and no source code is produced yet. It helps identify major threats to your web application and their appropriate countermeasures.
This session focuses on an introduction to the threat modeling technique through a case study on an online newspaper platform.
Event: Confoo 2011 Montreal
This course provides an introduction to security for mobile applications. It walks through a basic threat model for a mobile application. This threat model is then used as a framework for making good decisions about designing and building applications as well as for testing the security of existing applications. Examples are provided for both iOS (iPhone and iPad) and Android platforms and sample code is provided to demonstrate mobile security assessment techniques.
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Jason Trost
2015 is turning out to be the most spectacular year of high profile compromises across almost every vertical and many companies are starting to consider new options to raise the bar for intrusion detection and incident response, including deploying honeypots.
In this workshop we will present an overview of the current state of the art of leveraging open source tools to build a novel intrusion detection system inside the enterprise. We will discuss the pros/cons and ins/outs of several major open source honeypots as well as how to manage and deploy these sensors using the Modern Honey Network, Splunk, as well as integration into other systems such as ArcSight. We will discuss real world deployments of honeypots, what worked and what didn't as well as recommendations for getting the most out of these non-convention network sensors.
Discussion of how security is in crisis but DevSecOps offers a new playbook and gives security a path to influence. Taking a look at the WAF space, we look at how Signal Sciences has created feedback between Dev and Ops and Security to create new value.
IoT security compliance framework is essential to ensure IoT security. Here is a complete iot security audit checklist for ensuring security of IoT Devices in real time. know more here : https://www.qwentic.com/blog/iot-security-compliance-checklist
Presentation to Nov 2015 "Chicago Security Intelligence with SIEM" meetup.
Overview of SIEM as part of Continuous Monitoring in the NIST CyberSecurity framework.
Got SIEM? Now what? Getting SIEM Work For YouAnton Chuvakin
Got SIEM? Now what? Making SIEM work for you!
Dr Anton Chuvakin
SANS 2010
Security Information and Event Management (SIEM) as well as log management tools have become more common across large organizations in recent years. SIEM and log management have also been a topic of hot debates. In fact, you organization might have purchased these tools already. However, many who acquired SIEM tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use." So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful. Attend this session to learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made.
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
A major challenge that many organizations faces, is how to address data privacy regulations such as CCPA, GDPR and other emerging regulations around the world, including data residency controls as well as enable data sharing in a secure and private fashion. We will present solutions that can reduce and remove the legal, risk and compliance processes normally associated with data sharing projects by allowing organizations to collaborate across divisions, with other organizations and across jurisdictions where data cannot be relocated or shared.
We will discuss secure multi-party computation where organizations want to securely share sensitive data without revealing their private inputs. We will review solutions that are driving faster time to insight by the use of different techniques for privacy-preserving computing including homomorphic encryption, k-anonymity and differential privacy. We will present best practices and how to control privacy and security throughout the data life cycle. We will also review industry standards, implementations, policy management and case studies for hybrid cloud and on-premises.
Intrusion Detection System is a software that keeps monitoring system or network state for possible intrusion and alert the administrator, while IPS is capable of blocking such attacks. Together they constitute IDPS.
Presented at Executive Leaders Network CMO/DPO/CIO/CISO Event on October 06th.
"In the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough. Organizations must take proactive steps to prevent threats before they happen, and to recover if compromised. In this session, Darktrace unveil an ambitious new approach to security, with core engines powering AI technologies to prevent, detect, respond, and ultimately heal from attacks. Together, these engines combine to strengthen organizations’ security posture in a virtuous AI feedback ‘loop,’ which provides powerful end-to-end, bespoke, and self-learning solutions unique to each organization."
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Threat modeling web application: a case studyAntonio Fontes
TAM is a security activity conducted early in the development lifecycle, when we only have ideas, early design specifications and no source code is produced yet. It helps identify major threats to your web application and their appropriate countermeasures.
This session focuses on an introduction to the threat modeling technique through a case study on an online newspaper platform.
Event: Confoo 2011 Montreal
This course provides an introduction to security for mobile applications. It walks through a basic threat model for a mobile application. This threat model is then used as a framework for making good decisions about designing and building applications as well as for testing the security of existing applications. Examples are provided for both iOS (iPhone and iPad) and Android platforms and sample code is provided to demonstrate mobile security assessment techniques.
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Jason Trost
2015 is turning out to be the most spectacular year of high profile compromises across almost every vertical and many companies are starting to consider new options to raise the bar for intrusion detection and incident response, including deploying honeypots.
In this workshop we will present an overview of the current state of the art of leveraging open source tools to build a novel intrusion detection system inside the enterprise. We will discuss the pros/cons and ins/outs of several major open source honeypots as well as how to manage and deploy these sensors using the Modern Honey Network, Splunk, as well as integration into other systems such as ArcSight. We will discuss real world deployments of honeypots, what worked and what didn't as well as recommendations for getting the most out of these non-convention network sensors.
Discussion of how security is in crisis but DevSecOps offers a new playbook and gives security a path to influence. Taking a look at the WAF space, we look at how Signal Sciences has created feedback between Dev and Ops and Security to create new value.
IoT security compliance framework is essential to ensure IoT security. Here is a complete iot security audit checklist for ensuring security of IoT Devices in real time. know more here : https://www.qwentic.com/blog/iot-security-compliance-checklist
Presentation to Nov 2015 "Chicago Security Intelligence with SIEM" meetup.
Overview of SIEM as part of Continuous Monitoring in the NIST CyberSecurity framework.
Got SIEM? Now what? Getting SIEM Work For YouAnton Chuvakin
Got SIEM? Now what? Making SIEM work for you!
Dr Anton Chuvakin
SANS 2010
Security Information and Event Management (SIEM) as well as log management tools have become more common across large organizations in recent years. SIEM and log management have also been a topic of hot debates. In fact, you organization might have purchased these tools already. However, many who acquired SIEM tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use." So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful. Attend this session to learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made.
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
A major challenge that many organizations faces, is how to address data privacy regulations such as CCPA, GDPR and other emerging regulations around the world, including data residency controls as well as enable data sharing in a secure and private fashion. We will present solutions that can reduce and remove the legal, risk and compliance processes normally associated with data sharing projects by allowing organizations to collaborate across divisions, with other organizations and across jurisdictions where data cannot be relocated or shared.
We will discuss secure multi-party computation where organizations want to securely share sensitive data without revealing their private inputs. We will review solutions that are driving faster time to insight by the use of different techniques for privacy-preserving computing including homomorphic encryption, k-anonymity and differential privacy. We will present best practices and how to control privacy and security throughout the data life cycle. We will also review industry standards, implementations, policy management and case studies for hybrid cloud and on-premises.
This presentation is Outdated. You can see the updated version here: http://bit.ly/optarebrochure
Optare Solutions is a Systems Integrator delivering Consulting & Solutions for the Telecommunications Industry. More than 11 years of experience and a specialized team make us the right choice to deliver high quality projects, consulting and training.
As part of Biblefresh celebrations of the anniversary of the King James Bible this year, Wycliffe Bible Translators have run a series of evening classes, helping people to engage more with the Bible.
In November, Margaret Sim - a translation consultant working in Africa - spoke about irony and metaphor in the Bible, whether it's there and how we approach it. Her talk was entitled 'Does the Bible mean what it says?'
Education and policies for gifted students are based on past research and learning traditions. But are these ideas sufficient for anticipating and understanding what might come next for developing learners and ourselves? This session draws on futures (or “foresight”) studies to explore evolving contexts for understanding and supporting gifts, giftedness, and creative talent development in our rapidly shifting and complex environments.
workshop for UXPA DC on April 12, 2014, entitled "All this UX data! Now what?" Attendees learned how to deal with large amounts of user experience data from tests, and how to combine certain data to tell a succinct story.
Reconsidering talent development in a connective eraCarmen Tschofen
Nurturing unusual learners often requires unusual educational approaches. Connective and personal learning offers different ways of thinking about learning processes and intents, especially for those who seek– and thrive in– complexity. Conversely, gifted education theory, developed for the "edges," may offer insights into how new and "edge" theories such as connectivism and personal learning can benefit all learners.
Change Management Initiatives That Ensure Smooth Program Transition and Deliv...Chazey Partners
Developing and managing clear-cut, yet flexible change management program initiatives is essential to your Shared Services center’s short and long-term success.
By establishing strategic partnerships that encourage optimal communication and understanding between your faculty, departments, and stakeholders, change management can be effectively managed. By attending this session, you will learn how to:
Develop and maintain a flexible approach toward your change management programs – so to ensure continual improvement
Create the proper messaging, based upon your audience type and how to ensure message consistency
Develop and implement change management programs that will engage and excite your very diverse workforce
Incorporate a positive work environment that enhances work productivity and efficiency
Combining research on talent development, the development of expertise, and connectivist concepts such as complexity and learning networks, this presentation examines legacy assumptions about learning and suggests that new understandings might change our perceptions of what it means to be a "high ability learner."
I began an exploration of futures thinking and futures studies in 2005, and began a related, if undefined, study of learning as a form of cultural expression in 2006. This presentation was adapted and updated based on an early mash-up of these interests.
Smart Wearable medical Device and Implant For Patient Monitoring - GSLab.pdfGslab1
Healthcare | Internet Of ThingsThere is a revolution happening in the digital health space.
Special purpose remote monitoring and evidence-based
applications are on the rise. Our customer wanted to design
& develop an innovative medical device which would monitor
key health parameters of critical patients in real-time.
Great Software Laboratory was chosen to be a key product
development partner for our rich experience and expertise in
embedded systems, IoT and software engineering.
Diaspark healthcare offers software product development, compliance implementation and mobility services to healthcare software vendors (EMR/EHR/HIE/HIS/ Home Healthcare), life science companies and non-profits. Right from developing key EHR software modules spanning CPOE, Patient Portals, eRX(ePrescription), eMAR, Clinical DSS, labs to building healthcare mobile apps over iOS, Android, Blackberry that even interact with health devices, we work as an extended enterprise to software product vendors and life science companies.
The document outlines KMGs capabilities in the Health IT sector. Key Management Group (KMG) provides software services to Hospitals, Billing Companies, EMR Companies, Transcription Companies & Physicians. View more details at www.kmgus.com
DevOps for Highly Regulated EnvironmentsDevOps.com
Financial institutions, medical groups, governmental organizations, automotive companies… these types of entities all have unique and sometimes difficult-to-meet regulations. You may be required to have fine-grained auditability of your SDLC or maintain specific third-party integrations. Security models may be heightened, or certain types of compliance processes maintained. So how are we supposed to “do the DevOps” when we have so many things to worry about? In this webinar, we’ll explore some ways that you can adopt DevOps best practices and even (gasp!) thrive when building your DevOps and DevSecOps pipelines in highly-regulated industries.
Computer Software Assurance (CSA): Understanding the FDA’s New Draft GuidanceGreenlight Guru
Understand the FDA's new draft guidance on Computer Software Assurance (CSA).
This presentation originally aired during the 2022 Future of QMS Requirements Virtual Summit.
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
A great deal of attention in medical devices has shifted towards cybersecurity with the ratification of section 524B of the FD&C act. This new law enables the FDA to enforce cybersecurity controls in any medical device that is capable of networked communications or that has software. In this webinar we will recap the process for managing vulnerabilities, identify categories of vulnerabilities and solutions and more.
MongoDB IoT City Tour EINDHOVEN: IoT in Healthcare: by, Microsoft & BarcoMongoDB
Kurt Pattyn, Software Architect at Barco
Pieter Moulaert, Team Leader at Barco
Dick Dijkstra, Technical Specialist Azure at Microsoft
MediCal QAWeb is an online software service developed by Barco for monitoring image quality and uptime of medical display systems in hospitals all over the world. The service is the first of its kind and offers proactive alerts of quality issues, automatic issue solving, centralized asset and Quality Assurance reporting and much more. The next version of MediCal QAWeb is under development and will use MongoDB and Node.js. The system will be built on Microsoft’s Internet of Things building blocks running on the Azure platform. In this presentation, Barco and Microsoft will explain how the Internet of Things has provided new services and revenue opportunities for them and for their customers by building solutions that until recently were unimaginable. They will explain the technology and architectural design choices made in order to guarantee that the platform which connects several tens of thousands of devices today can scale to support their growing customer needs long into the future.
SafetyDrugs is a Pharmacovigilance Software for the management of adverse events from drugs, devices and clinical trials compliant with ICH, EMA and FDA rules.
Business Intelligence and Signal Detection modules can be added to perform drilldown analysis.
Easy to install and very user-friendly, Software validation documents set provided.
Transforming GE Healthcare with Data Platform StrategyDatabricks
Data and Analytics is foundational to the success of GE Healthcare’s digital transformation and market competitiveness. This use case focuses on a heavy platform transformation that GE Healthcare drove in the last year to move from an On prem legacy data platforming strategy to a cloud native and completely services oriented strategy. This was a huge effort for an 18Bn company and executed in the middle of the pandemic. It enables GE Healthcare to leap frog in the enterprise data analytics strategy.
A presentation by Tracy Rausch, CEO of DocBox and Chip Block of Evolver Inc. on medical device security & patient monitoring. Presented at The Security of Things Forum on Sept. 10, 2015.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
4. Low Energy
2net
Cloud
Pla-orm
Home
Hub
Sample
Scenario
Bill’s
blood
pressure
reading
is
collected
over
short-‐
range
radio,
and
wirelessly
communicated
over
3G
by
his
2net
Home
Hub
to
the
2net
Cloud
Pla@orm,
to
be
delivered
to
his
doctor
thru
2net’s
Customers/Partners.
2net
Customers/
PartnersCellular
3G
2net Use-Case
4
6. Qualcomm Life Ecosystem
Note:
Both
the
2net
Hub
and
PlaUorm
are
(1)
FDA
listed
Class
I
MDDS
(US)
(2)
CE
registered,
Class
I
listed
MDD
under
EU
DirecIve
93/42/EEC
(Europe)
(3)
Class
I
listed
CMDCAS
(Canada).
6
9. 2net Hub : High level Data Flows
1
2
4
6
3
5
Legend
2
Biometric
data
flow
Device
command
flow
Data
flow
step
number
2net
Service
Pla-orm/
Cloud
2net
Hub
2net
Customer
Pla-orm
/Cloud
9
10. High Level System Design
Hub
Cellular
Data
Network
2net
Service
Platform
Internet
Dashboard
Visualization/
Analysis
Customer
data
handling
2net
Connect
Server
Biometric
data
10
1. Captures
the
biometric
measurement
data
from
health
care
and
fitness
data
from
customer
or
collaborator
wireless
devices
2. Stores
the
biometric
measurement
data
in
a
secure
system
3. Delivers
the
data
to
integrated
portals/databases
11. Carrier
Network
Data
Connectivity
Plan
• Customer
application
InternetDevice Agents
Hub Software
Customer
Interface
Cellular
Carrier
Portal
Customer
Care
(Tier 2/3)
Device Agents
Pharma
Fitness
Medical
USE
Consumer
and/or
Payer
Billing
Provisioning
Carrier
Transaction
Billing
Device Agents
Hub App
Software
Firmware/OS
Customer 1
Contract Manufacturer
Venture Corp
(Singapore/Malaysia)
Hub
Design
…
Internet
Buy
Hubs
Relationships
(Carriers,
OEMs,
Licensees,
CM/ODMs etc.)
• TransacIons
• Data
Storage,
Databases
2net End-to-End (E2E) Architecture
HUB PLATFORM
San
Diego,
USA
OTHER
CUSTOMERS/PARTNERS
CUSTOMER/PARTNER
Hub Software
Hub
Configurations
Hub Config
File (Authorization)
Home
11
12. Biometric Data Flow : End-to-End
TransacIon
Storage
(Encrypted)
Device
Customer
Portal
Decrypt
Server
Adapter
Device
specific
“Agents”
(DAs)are
installed
on
the
2net
hub.
These
agents
iniIate
data
transfers
from
the
devices
using
short-‐range
radios
(BT,
BTLE,
Wi-‐Fi,
etc.).
Data
is
uploaded
to
the
2net
Cloud
PlaUorm
over
the
cellular
network.
The
data
is
transmieed
over
authenIcated
SSL
connecIons.
Internet
Device
TransacIons
2net
Cloud
Pla-orm
Device
data
is
decrypted
and
transmieed
to
the
customer.
Thru
Server
Adapters
(SAs),
including
non-‐standard
interfaces)
…
2net
CUSTOMERS
12
2net Hub
Encrypted
Hub Software
Radio Manager
Device Agent
For
data
delivery,
the
2net
Cloud
stores
the
encrypted
data
for
transmission
to
the
customers.
Cellular
Data
Network
14. FRB
Feature
Request
Board
ES
Engineering
Sample
FC
Feature
Complete
CS
Commercial
Sample
CPL
Customer
Product
Line
14
Qualcomm Product Security Initiative
15. Deliver
world-‐class
cyber
security
and
risk
management
capabiliIes
Qualcomm
IT
:
InformaIon
Security
and
Risk
Management
Overview
Align
cyber
risk
profile
with
desired
level
Informa=on
Deliver
security
capabiliIes
to
advance
Company
business
strategy
Promote
responsible
security
behavior
consistent
with
Company
policies
and
values
15
16. Monitoring & Response
" Advanced security monitoring for attacks, data theft, policy violations, and
vulnerabilities
" Subjective analysis, triage, and coordination
Threat Management
" Intelligence and counter intelligence gathering, analysis, and sharing inside and
outside the company
" Proactively address threat trends
" Hunter-killer
Application Security
" Secure coding practices, training and testing
Cyber
Security
and
Threat
Management
16
17. Focus
on
ProacIve
Data
ProtecIon
Business
Security
Engineering
" Partner
with
engineering
and
business
leaders
to
manage
cyber
risk
profiles,
including
improvements
to
technical
and
administraIve
processes
" Drive
security-‐related
business
knowledge
into
IT
pracIces
Security
Architecture
" Strategic
development,
direcIon
segng,
evangelizing,
and
knowledge
transfer
of
enterprise
security
architecture
standards,
policies,
concepts,
and
roadmaps
" Oien
assigned
as
security
SMEs
on
non-‐security
driven
projects
" Special
projects
ex.
predicIve
analyIcs
Compliance
" Support
compliance
with
laws,
regulaIons,
industry
standards
(ex:
ISO,
ITAR,
Privacy,
PCI,
HIPAA),
and
contractual
requirements
" Contract
reviews
with
Legal
and
Procurement
17
18. Education and Awareness
" Educate employees and increase their cyber security awareness through
development and maintenance of the Company security awareness program
Policies and Guidelines
" Partner, develop, and maintain:
" Corporate cyber policies (ex. E-media, CCI, Conduct)
" Internal cyber security standards such as hardening and logging requirements
Focus on Proactive Data Protection contd.
18
19. Leveraging Qualcomm’s Unmatched Expertise
• OperaIng
for
over
25
years
• 4
con=nents,
40
countries,
8
dedicated
Network
Opera=ons
Centers
• Helping
over
10,000
businesses
manage
millions
of
mission
criIcal
devices
A Premier Enterprise Wireless Data Platform
19
20. End-‐to-‐end
SoluIon
Leverages
Qualcomm’s
Network
OperaIons
Center
§ Device integration
support
§ QCL built device agents
for each medical device
§ Test and Validation with
each medical device
§ Integration to device
logistics partners
§ Device design
§ Development
§ Certifications
§ Adaptive for future
med device
integration
§ Global roadmap
§ Test and validation
§ CM selection,
onboarding
§ ISO 13485
§ FDA-Listed Class I
Device (MDDS)
§ CE registered, Class I
MDD (Europe)
§ Integration to device
logistics partners
§ International Operators
§ Global data plans
§ Integration to NOC
§ Technical knowledge of
respective architectures
§ Reliable delivery of data
to the customer
applications through a
single simple interface
§ Two-way device
communication
§ OTA updates,
provisioning, device
agent pushes
§ PCI compliant data
centers
§ Designed for HIPAA
compliance, privacy and
security
§ Access to healthcare
data platform for “mix
and match” of devices
and applications
§ 3rd party apps
§ 2net portal
§ Web services
§ FDA-Listed Class 1
Device (MDDS)
§ CE registered, Class I
MDD (Europe)
§ Activation &
provisioning
§ OTA software updates
and agent mgmt
§ Device management,
version control, CM
§ Network management
§ Active network
monitoring
§ Timely enterprise
support
§ Direct carrier
engineering support
§ Fraud detection, Carrier
billing reconciliation
§ End-to-end enterprise
management of
message delivery
§ Reliability, Redundancy
Medical Devices Hub Networks
Network
Management
Data Management
Customer
Applications
20
21. QCL – 2netTM – Security and Privacy Highlights
On
Hub
Biometric
data
encrypIon
:
Advanced
EncrypIon
Standard
(AES)
128
Cellular
Network
Private
Network
(APN)
Transport
Layer
(Over
Cellular
and
Internet)
Secure
Sockets
Layer
(SSL)
via
heps
(MulIple
cerIficate
authoriIes)
Server/Database
Rack/Servers
in
secure
area
Oracle
naIve
(if
needed)
Data
Integrity
Security
Hash
Algorithm
(SHA)-‐256
Hash
for
every
Hub
to
2netTM
Service
PlaUorm
(SP)/Cloud
transmission
Cloud
Data-‐center
Controls
Located
in
ISO
27001
cerIfied
and
PCI
compliant
datacenters
(excluding
UK)
HIPAA
Security
Rule
Compliance
Checklist
Underlying
Protocols
TCP/IP
UMTS
Multi-Level Controls
Upper
ApplicaIon
Layers
XML
1EEE
11073/
HTTPS
SSL
TCP/IP
UMTS
21
22. Service Security
Database,
OLTP
Customer
Services
Hub
Communications
-‐
data
-‐
SMS
Hubapp
and
DA
software
2net
Service
Platform
Data
Posting
Data
SA
REST
Services
2net
Customer
Data
handling
Firmware
Android
HUBAPPDA
Encryption
AES128
HTTPS
SSL
Private APN
UMTS/EDGE/GPRS
Cellular
END TO END
DATA
INTEGRITY:
Secure
Hash
Algo
SHA-256
Server system certifications:
·∙
Located in ISO 27001 certified and PCI compliant
datacenters (excluding UK)
·∙
Limited physical and logical access to servers
·∙
Firewall, Intrusion Detection Systems, Audit logging
·∙
HIPAA Security Rule Compliance Checklist
Decryption
HTTPS
Internet (SSL)
22
23. Service Security
Component
Security
Hub
–
Data
encrypIon
with
Advanced
EncrypIon
Standard
(AES)
128
Over-‐the-‐Air
(OTA)
and
Internet
–
Private
cellular
data
network
(Private
APN)
–
Secure
Sockets
Layer
(SSL)
via
HTTPS
(mulIple
cerIficate
authoriIes)
SP
Server,
Database
and
Cloud
–
Limited
physical
and
logical
access
to
servers
–
Located
in
ISO
27001
cerIfied
and
PCI
compliant
datacenters
(excluding
UK)
–
Firewall,
Intrusion
DetecIon
Systems,
Audit
logging
–
HIPAA
Security
Rule
Compliance
Checklist
–
Oracle
naIve
database
security
(if
required)
Data
Integrity
–
Security
Hash
Algorithm
(SHA)-‐256
hash
for
every
hub
to
Service
PlaUorm/Cloud
transmission
Underlying
Protocols
–
Internet
transacIons
over
TCP/IP
–
Wireless
link
between
hub
and
cellular
carrier
uses
UMTS
or
EDGE/GPRS
23