Presentation of the risk assessment solutions designed and implemented in projects participating in the H2020 IoT Security/Privacy cluster. Presentation from John Soldatos of SecureIoT H2020 project.
The document discusses several IoT reference architectures:
- RAMI 4.0 is a three-dimensional model for Industrie 4.0/IIoT systems that defines layers, lifecycle stages, and hierarchy levels.
- The Industrial Internet Consortium Reference Architecture (IIRA) specifies a common framework with business, usage, functional, and implementation viewpoints.
- The IIRA decomposes functional systems into five domains: control, operations, information, application, and business.
- The Industrial Internet Security Framework (IISF) aims to make IIoT systems trustworthy by addressing security, safety, reliability, and resilience.
The document discusses security fundamentals and classical ciphers. It defines computer and network security, and lists common security problems. It then covers security goals like authentication, access control, confidentiality and integrity. It discusses security services, mechanisms, and attacks. Finally, it provides examples of classical ciphers like the Shift Cipher, Substitution Cipher, Vigenere Cipher, Vernam Cipher, and Transposition Ciphers. It explains how to analyze and break some of these classical ciphers.
This document discusses security considerations for M2M and IoT systems. It notes that security must be implemented holistically across the entire architecture, including at the device, communication, and application layers. PKI is recommended for authentication. The document outlines various threats and motivations for attackers. It then describes Eurotech's Everyware IoT security elements, which include X.509 certificate management, encrypted and authenticated messaging using MQTT, tenant segregation, secure access to interfaces and consoles, a secure execution environment on devices and platforms, and remote management using VPN. Auditing and penetration testing are also performed.
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
IoT devices are proliferating throughout corporate networks raising concerns about security risks they may introduce. However, IoT technologies differ in many ways from most enterprise-ready technologies that currently exist. Understanding the risks that IoT represents and how to best quantify that risk can be a challenge for many security leaders. This webinar provides an overview of IoT architectures, how they differ from existing infrastructure devices, and how best to measure the risk IoT devices represent. It will expose attendees to concepts like Threat Modeling for IoT and provide additional references that will help build a successful IoT security assessment program.
This document provides an overview of IoT security. It begins with defining IoT and describing how physical objects are connected to the internet. It then discusses current IoT usage and forecasts significant future growth. The document outlines several IoT security risks and vulnerabilities, such as insecure interfaces, lack of encryption, and poor physical security. It recommends best practices for IoT security including implementing device and user authentication, access controls, encryption, and regular software updates. Overall the document introduces the topic of IoT security and some foundational aspects to address related risks.
IoT Systems provide powerful, flexible features for IT systems — tracking, monitoring, and other data sharing. Today’s IoT devices utilize microservices and APIs that make them easy to put into production. But securing them isn’t as easy.
This webinar will look at security risks of IoT devices, interfaces, and implementations. We’ll provide practical steps and checklists any DevOps team can use to make their IoT components as secure as possible. We’ll also cover some testing best practices that can be done pre- and post-production to verify security and resilience on an ongoing basis.
Security for iot and cloud aug 25b 2017Ulf Mattsson
The document discusses security considerations for Internet of Things (IoT) and cloud computing. It notes that by 2020, IoT security needs will account for 2% of total IoT project costs. Supply chain security will account for 15% of IoT security spending. The document also discusses how 95% of cloud security failures will be the customer's fault. It recommends using tools like cloud access security brokers and data-centric audit and protection strategies to help secure data in cloud environments.
The document discusses several IoT reference architectures:
- RAMI 4.0 is a three-dimensional model for Industrie 4.0/IIoT systems that defines layers, lifecycle stages, and hierarchy levels.
- The Industrial Internet Consortium Reference Architecture (IIRA) specifies a common framework with business, usage, functional, and implementation viewpoints.
- The IIRA decomposes functional systems into five domains: control, operations, information, application, and business.
- The Industrial Internet Security Framework (IISF) aims to make IIoT systems trustworthy by addressing security, safety, reliability, and resilience.
The document discusses security fundamentals and classical ciphers. It defines computer and network security, and lists common security problems. It then covers security goals like authentication, access control, confidentiality and integrity. It discusses security services, mechanisms, and attacks. Finally, it provides examples of classical ciphers like the Shift Cipher, Substitution Cipher, Vigenere Cipher, Vernam Cipher, and Transposition Ciphers. It explains how to analyze and break some of these classical ciphers.
This document discusses security considerations for M2M and IoT systems. It notes that security must be implemented holistically across the entire architecture, including at the device, communication, and application layers. PKI is recommended for authentication. The document outlines various threats and motivations for attackers. It then describes Eurotech's Everyware IoT security elements, which include X.509 certificate management, encrypted and authenticated messaging using MQTT, tenant segregation, secure access to interfaces and consoles, a secure execution environment on devices and platforms, and remote management using VPN. Auditing and penetration testing are also performed.
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
IoT devices are proliferating throughout corporate networks raising concerns about security risks they may introduce. However, IoT technologies differ in many ways from most enterprise-ready technologies that currently exist. Understanding the risks that IoT represents and how to best quantify that risk can be a challenge for many security leaders. This webinar provides an overview of IoT architectures, how they differ from existing infrastructure devices, and how best to measure the risk IoT devices represent. It will expose attendees to concepts like Threat Modeling for IoT and provide additional references that will help build a successful IoT security assessment program.
This document provides an overview of IoT security. It begins with defining IoT and describing how physical objects are connected to the internet. It then discusses current IoT usage and forecasts significant future growth. The document outlines several IoT security risks and vulnerabilities, such as insecure interfaces, lack of encryption, and poor physical security. It recommends best practices for IoT security including implementing device and user authentication, access controls, encryption, and regular software updates. Overall the document introduces the topic of IoT security and some foundational aspects to address related risks.
IoT Systems provide powerful, flexible features for IT systems — tracking, monitoring, and other data sharing. Today’s IoT devices utilize microservices and APIs that make them easy to put into production. But securing them isn’t as easy.
This webinar will look at security risks of IoT devices, interfaces, and implementations. We’ll provide practical steps and checklists any DevOps team can use to make their IoT components as secure as possible. We’ll also cover some testing best practices that can be done pre- and post-production to verify security and resilience on an ongoing basis.
Security for iot and cloud aug 25b 2017Ulf Mattsson
The document discusses security considerations for Internet of Things (IoT) and cloud computing. It notes that by 2020, IoT security needs will account for 2% of total IoT project costs. Supply chain security will account for 15% of IoT security spending. The document also discusses how 95% of cloud security failures will be the customer's fault. It recommends using tools like cloud access security brokers and data-centric audit and protection strategies to help secure data in cloud environments.
This document discusses trends in security for the Industrial Internet-of-Things (IIoT) and Operational Technologies (OT). It begins with an introduction and overview of considered systems and security objectives. The document then examines the characteristics and current security status of IIoT and OT separately. For IIoT, it identifies needs for automated credential bootstrapping and highlights approaches being developed. For OT, it analyzes similarities and differences compared to IT security. The presentation concludes with a wrap-up of key takeaways and an outlook on this topic.
IoT Security Awareness Training : Tonex TrainingBryan Len
The document discusses an IoT security training course offered by Tonex. The 2-day course costs $1,899 and covers topics like IoT architecture, security standards, vulnerabilities, encryption, identity management, and best practices. It teaches how to secure IoT devices and infrastructure from threats. The course materials are continuously updated to reflect the latest industry trends and attacks.
Research presentation for IoT/M2M security
- Paper: Distributed Capability-based Access Control for the Internet of Things
- Security solution in open source IoT platform (OM2M, AllJoyn)
IoT security compliance framework is essential to ensure IoT security. Here is a complete iot security audit checklist for ensuring security of IoT Devices in real time. know more here : https://www.qwentic.com/blog/iot-security-compliance-checklist
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
As IoT insecurity creates vulnerabilities, policymakers become concerned about the health of the Internet. How can public policy address these concerns in a smart way, targeting their efforts to improve IoT security without imposing unnecessary costs across the Internet ecosystem or creating unintended effects? What is the role of government versus industry?
Jason Livingood
Vice President, Technology Policy & Standards, Comcast
https://www.cablelabs.com/informed/
The Internet of Things (IoT) offers many industries significant new opportunities, but it also exposes them and their customers to a host of security issues. Securing the IoT requires new ways of thinking that can defend the enterprise and its customers against attackers and privacy abuses.
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...team-WIBU
An attack to an Industrial Internet of Things (IIoT) system typically starts with an attack on one or more endpoints.
As defined by the Industrial Internet Consortium (IIC), an endpoint is a component that has an interface for network communication and it can be of various types, including a device endpoint or an endpoint that provides cloud connectivity.
Endpoints are the only place in an IIoT system where execution code is stored, started and updated and data is stored, modified or applied. In many cases, an attacker will, therefore, try to access the execution code and attack the weakest point in the devices’ security implementation, then modify or replace the execution code with malicious intent.
The IIC has recently presented an endpoint protection/security model and policy in its Industry Internet Security Framework (IISF) document. The technical report is an in-depth cross-industry-focused security framework reflecting thousands of hours of knowledge and experiences from security experts, collected, researched and evaluated for the benefit of all IIoT system deployments.
The document discusses security challenges with internet of things (IOT) networks. It defines IOT as the networking of everyday objects through the internet to send and receive data. Key IOT security issues include uncontrolled environments, mobility, and constrained resources. The document outlines various IOT security solutions such as centralized, protocol-based, delegation-based, and hardware-based approaches to provide confidentiality, integrity, and availability against attacks.
The session with highlight Intel’s vision for IoT Security and the fundamental building blocks and capabilities Intel and the ecosystem are providing to organizations to build security in from design through deployment and maintenance.
IoT stands for Internet of Things.The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
IoT Security Training covers The Internet of Things security and examines IoT conventions, potential dangers, vulnerabilities, misuse, information breaks, security system and alleviation. IoT security training, Internet of Things (IoT) devices Include: manufacturers, retailers in customer hardware, social insurance, processing plant production network stockrooms, transportation offices and numerous others.
Learn about:
IoT Principles: The Internet of Things Overview
Principles for Connected Devices
IoT Design Principles
Principles of IoT Security
IoT Attack Areas
IoT Vulnerabilities
IoT Firmware Analysis
IoT Software Weaknesses
IoT Security Verification, Validation and Testing
IoT Security Assessment on IoT devices
Assessing IoT devices attack surfaces
Evaluation of IoT device firmware analysis, attack surface
Vulnerabilities and exploiting the vulnerabilities
Course Topics Include:
Overview and analysis of IoT devices and IoT implementation use cases
IoT Architecture
IoT Architectural and Design Requirements
IoT Security Fundamentals
IoT Security Standards
NIST Framework: Cyber Physical Systems
IoT Governance and Risk Management
IoT Security Compliance and Audit
IoT Encryption and Key Management
IoT Identity and Access Management IoT Security Challenges
IoT Security in Critical Infrastructure
IoT Security in Personal infrastructure
IoT Vulnerabilities
Wireless Security applied to IoT
ZigBee and Bluetooth Security
LTE and Mobile Security
Cloud-based web interface security
Call us today at +1-972-665-9786. Learn more about this course audience, objectives, outlines, seminars, pricing , any other information. Visit our website link below.
IoT SecurityTraining, IoT Security Awareness 2019
https://www.tonex.com/training-courses/iot-security-training-iot-security-awareness/
The Industrial Internet is an internet of - things, machines, computers and people, enabling intelligent industrial operations using advanced data analytics for transformational business outcomes.
Industrial domain is expected to be largest consumer of IoT devices and systems in terms of value
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...Seungjoo Kim
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common Criteria @ ICCC 2019 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
SN-Security Architecture for Mobile Computing and IoTSukumar Nayak
The document provides an overview of security architecture for mobile computing and the Internet of Things. It discusses the growth trends in these areas and outlines some of the key components of a mobile security reference architecture, including mobile device management, identity and access management, data loss prevention, intrusion detection systems, and mobile application management. It also covers potential security vulnerabilities and factors to consider when designing a mobile security solution.
The growth of IoT is occurring at an incredible rate, justly raising alarms about IoT security and IoT privacy issues as we become increasingly reliant on these intelligent, interconnected devices in our lives and businesses. How are we to protect billions of devices from attacks and intrusions that could compromise our personal privacy, public safety, or business viability? Building an IoT solution involves securing sensors, devices, networks, cloud platforms, web applications, and mobile applications for diverse industries. This presentation examines the landscape of emerging security challenges posed by connected devices and offers a catalog of security deployment patterns that have been successfully used by some of the worlds most well known OEMs to deploy connected product fleets.
Security and Privacy Big Challenges in Internet of thingsIRJET Journal
This document discusses security and privacy challenges with Internet of Things (IoT) systems. It notes that IoT provides broad functionality but also raises important challenges regarding privacy and security. Some key issues discussed include insufficient authentication, lack of transport encryption, insecure interfaces, default credentials, lack of secure coding practices, and privacy concerns regarding personal data collection. The document recommends approaches to address these challenges, such as base device analysis, network traffic verification, secure code reviews, and end-to-end penetration testing.
IoT Security Imperative: Stop your Fridge from Sending you SpamAmit Rohatgi
The document discusses the security challenges posed by the growing Internet of Things (IoT). It notes that consumer devices like refrigerators and TVs have already been hacked and used to send spam. The speaker discusses how incorrect perceptions of security and privacy risks could undermine planning for the IoT. Examples are given showing how compromised devices were used in the Target data breach to steal credit card numbers. The need for standardized security practices across the diverse array of IoT devices and systems is discussed.
IoT and IIoT - Security Challenges and Innovative ApproachesShashi Kiran
This document discusses IoT and IIoT security challenges and innovative approaches. It presents information on current and future IoT trends, security spending projections, examples of IoT-related botnets in 2016-2017, top IoT security concerns, differences between traditional IT security and IoT security, and approaches to securing the "thing stack". Examples include building management systems, an IoT integration platform, securing radio communications in enterprises, and an IoT validation environment. The key messages are that security is the top barrier to IoT/IIoT, visibility into devices is critical for security, and security approaches must be tailored to specific use cases.
Embedded computing is everywhere. It is in our car engines, refrigerators, and even in the singing greeting cards we send. With improvements in wireless technology, these systems are starting to talk with each other, and they are appearing in places like our shoes and wrists to monitor our athletic activity or health. This emerging Internet of Everything (IoE) has tremendous potential to improve our lives. But like any powerful technology, it also has a dark side: it will observe and implement many of our actions. Security in the IoE is likely to be even more critical than general Internet security. After reviewing some of the challenges in creating a secure IoE, Horowitz will describe a new research program at Stanford to address this issue.
Asset owners today want to understand how investments made in people, process, or technology are progressing the maturity of their ICS security programs to validate those investments. Whether asset owners are spending one dollar, one million dollars, or one hour of their time, understanding which investments are actually improving the overall ICS security posture and reducing risk is essential to determine where to spend valuable (and sometimes limited) resources.
The NIST Cybersecurity Framework helps asset owners measure security control maturity in both IT and OT domains, and can be useful to help understand whether certain ICS security investments are working or not. This talk will break down all five NIST CSF functions and dive into specific forward thinking use cases used to help jumpstart many of Forescout's industry leading customers.
My Presentation on Career Opportunities in Cyber Security presented at the North Cap University during the course inauguration ceremony, where I talked about different career paths to get into the cyber security domain.
This document discusses trends in security for the Industrial Internet-of-Things (IIoT) and Operational Technologies (OT). It begins with an introduction and overview of considered systems and security objectives. The document then examines the characteristics and current security status of IIoT and OT separately. For IIoT, it identifies needs for automated credential bootstrapping and highlights approaches being developed. For OT, it analyzes similarities and differences compared to IT security. The presentation concludes with a wrap-up of key takeaways and an outlook on this topic.
IoT Security Awareness Training : Tonex TrainingBryan Len
The document discusses an IoT security training course offered by Tonex. The 2-day course costs $1,899 and covers topics like IoT architecture, security standards, vulnerabilities, encryption, identity management, and best practices. It teaches how to secure IoT devices and infrastructure from threats. The course materials are continuously updated to reflect the latest industry trends and attacks.
Research presentation for IoT/M2M security
- Paper: Distributed Capability-based Access Control for the Internet of Things
- Security solution in open source IoT platform (OM2M, AllJoyn)
IoT security compliance framework is essential to ensure IoT security. Here is a complete iot security audit checklist for ensuring security of IoT Devices in real time. know more here : https://www.qwentic.com/blog/iot-security-compliance-checklist
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
As IoT insecurity creates vulnerabilities, policymakers become concerned about the health of the Internet. How can public policy address these concerns in a smart way, targeting their efforts to improve IoT security without imposing unnecessary costs across the Internet ecosystem or creating unintended effects? What is the role of government versus industry?
Jason Livingood
Vice President, Technology Policy & Standards, Comcast
https://www.cablelabs.com/informed/
The Internet of Things (IoT) offers many industries significant new opportunities, but it also exposes them and their customers to a host of security issues. Securing the IoT requires new ways of thinking that can defend the enterprise and its customers against attackers and privacy abuses.
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...team-WIBU
An attack to an Industrial Internet of Things (IIoT) system typically starts with an attack on one or more endpoints.
As defined by the Industrial Internet Consortium (IIC), an endpoint is a component that has an interface for network communication and it can be of various types, including a device endpoint or an endpoint that provides cloud connectivity.
Endpoints are the only place in an IIoT system where execution code is stored, started and updated and data is stored, modified or applied. In many cases, an attacker will, therefore, try to access the execution code and attack the weakest point in the devices’ security implementation, then modify or replace the execution code with malicious intent.
The IIC has recently presented an endpoint protection/security model and policy in its Industry Internet Security Framework (IISF) document. The technical report is an in-depth cross-industry-focused security framework reflecting thousands of hours of knowledge and experiences from security experts, collected, researched and evaluated for the benefit of all IIoT system deployments.
The document discusses security challenges with internet of things (IOT) networks. It defines IOT as the networking of everyday objects through the internet to send and receive data. Key IOT security issues include uncontrolled environments, mobility, and constrained resources. The document outlines various IOT security solutions such as centralized, protocol-based, delegation-based, and hardware-based approaches to provide confidentiality, integrity, and availability against attacks.
The session with highlight Intel’s vision for IoT Security and the fundamental building blocks and capabilities Intel and the ecosystem are providing to organizations to build security in from design through deployment and maintenance.
IoT stands for Internet of Things.The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
IoT Security Training covers The Internet of Things security and examines IoT conventions, potential dangers, vulnerabilities, misuse, information breaks, security system and alleviation. IoT security training, Internet of Things (IoT) devices Include: manufacturers, retailers in customer hardware, social insurance, processing plant production network stockrooms, transportation offices and numerous others.
Learn about:
IoT Principles: The Internet of Things Overview
Principles for Connected Devices
IoT Design Principles
Principles of IoT Security
IoT Attack Areas
IoT Vulnerabilities
IoT Firmware Analysis
IoT Software Weaknesses
IoT Security Verification, Validation and Testing
IoT Security Assessment on IoT devices
Assessing IoT devices attack surfaces
Evaluation of IoT device firmware analysis, attack surface
Vulnerabilities and exploiting the vulnerabilities
Course Topics Include:
Overview and analysis of IoT devices and IoT implementation use cases
IoT Architecture
IoT Architectural and Design Requirements
IoT Security Fundamentals
IoT Security Standards
NIST Framework: Cyber Physical Systems
IoT Governance and Risk Management
IoT Security Compliance and Audit
IoT Encryption and Key Management
IoT Identity and Access Management IoT Security Challenges
IoT Security in Critical Infrastructure
IoT Security in Personal infrastructure
IoT Vulnerabilities
Wireless Security applied to IoT
ZigBee and Bluetooth Security
LTE and Mobile Security
Cloud-based web interface security
Call us today at +1-972-665-9786. Learn more about this course audience, objectives, outlines, seminars, pricing , any other information. Visit our website link below.
IoT SecurityTraining, IoT Security Awareness 2019
https://www.tonex.com/training-courses/iot-security-training-iot-security-awareness/
The Industrial Internet is an internet of - things, machines, computers and people, enabling intelligent industrial operations using advanced data analytics for transformational business outcomes.
Industrial domain is expected to be largest consumer of IoT devices and systems in terms of value
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...Seungjoo Kim
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common Criteria @ ICCC 2019 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
SN-Security Architecture for Mobile Computing and IoTSukumar Nayak
The document provides an overview of security architecture for mobile computing and the Internet of Things. It discusses the growth trends in these areas and outlines some of the key components of a mobile security reference architecture, including mobile device management, identity and access management, data loss prevention, intrusion detection systems, and mobile application management. It also covers potential security vulnerabilities and factors to consider when designing a mobile security solution.
The growth of IoT is occurring at an incredible rate, justly raising alarms about IoT security and IoT privacy issues as we become increasingly reliant on these intelligent, interconnected devices in our lives and businesses. How are we to protect billions of devices from attacks and intrusions that could compromise our personal privacy, public safety, or business viability? Building an IoT solution involves securing sensors, devices, networks, cloud platforms, web applications, and mobile applications for diverse industries. This presentation examines the landscape of emerging security challenges posed by connected devices and offers a catalog of security deployment patterns that have been successfully used by some of the worlds most well known OEMs to deploy connected product fleets.
Security and Privacy Big Challenges in Internet of thingsIRJET Journal
This document discusses security and privacy challenges with Internet of Things (IoT) systems. It notes that IoT provides broad functionality but also raises important challenges regarding privacy and security. Some key issues discussed include insufficient authentication, lack of transport encryption, insecure interfaces, default credentials, lack of secure coding practices, and privacy concerns regarding personal data collection. The document recommends approaches to address these challenges, such as base device analysis, network traffic verification, secure code reviews, and end-to-end penetration testing.
IoT Security Imperative: Stop your Fridge from Sending you SpamAmit Rohatgi
The document discusses the security challenges posed by the growing Internet of Things (IoT). It notes that consumer devices like refrigerators and TVs have already been hacked and used to send spam. The speaker discusses how incorrect perceptions of security and privacy risks could undermine planning for the IoT. Examples are given showing how compromised devices were used in the Target data breach to steal credit card numbers. The need for standardized security practices across the diverse array of IoT devices and systems is discussed.
IoT and IIoT - Security Challenges and Innovative ApproachesShashi Kiran
This document discusses IoT and IIoT security challenges and innovative approaches. It presents information on current and future IoT trends, security spending projections, examples of IoT-related botnets in 2016-2017, top IoT security concerns, differences between traditional IT security and IoT security, and approaches to securing the "thing stack". Examples include building management systems, an IoT integration platform, securing radio communications in enterprises, and an IoT validation environment. The key messages are that security is the top barrier to IoT/IIoT, visibility into devices is critical for security, and security approaches must be tailored to specific use cases.
Embedded computing is everywhere. It is in our car engines, refrigerators, and even in the singing greeting cards we send. With improvements in wireless technology, these systems are starting to talk with each other, and they are appearing in places like our shoes and wrists to monitor our athletic activity or health. This emerging Internet of Everything (IoE) has tremendous potential to improve our lives. But like any powerful technology, it also has a dark side: it will observe and implement many of our actions. Security in the IoE is likely to be even more critical than general Internet security. After reviewing some of the challenges in creating a secure IoE, Horowitz will describe a new research program at Stanford to address this issue.
Asset owners today want to understand how investments made in people, process, or technology are progressing the maturity of their ICS security programs to validate those investments. Whether asset owners are spending one dollar, one million dollars, or one hour of their time, understanding which investments are actually improving the overall ICS security posture and reducing risk is essential to determine where to spend valuable (and sometimes limited) resources.
The NIST Cybersecurity Framework helps asset owners measure security control maturity in both IT and OT domains, and can be useful to help understand whether certain ICS security investments are working or not. This talk will break down all five NIST CSF functions and dive into specific forward thinking use cases used to help jumpstart many of Forescout's industry leading customers.
My Presentation on Career Opportunities in Cyber Security presented at the North Cap University during the course inauguration ceremony, where I talked about different career paths to get into the cyber security domain.
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfKranthi Aragonda
This document provides an overview of Microsoft Sentinel, a cloud-native SIEM and SOAR solution. It discusses what SOAR is, important SOAR capabilities like security orchestration and automation. It also covers the benefits of SOAR like faster incident detection and boosting analyst productivity. The document then explains how Microsoft Sentinel collects data at cloud scale, responds to incidents with automation, and detects threats using analytics. It describes features like data connectors, workbooks, hunting, notebooks and certifications related to Microsoft Sentinel.
"How to Get Started with DevSecOps," presented by CYBRIC VP of Engineering Andrei Bezdedeanu at IT/Dev Connections 2018. Collaboration between development and security teams is key to DevSecOps transformation and involves both cultural and technological shifts. The challenges associated with adoption can be addressed by empowering developers with the appropriate security tools and processes, automation and orchestration. This presentation outlines enabling this transformation and the resulting benefits, including the delivery of more secure applications, lower cost of managing your security posture and full visibility into application and enterprise risks. www.cybric.io
Information systems in the digital age are complex and expansive, with attack vectors coming in from every angle. This makes analyzing risk challenging, but more critical than ever.
There is a need to better understand the dynamics of modern IT systems, security controls that protect them, and best practices for adherence to today’s GRC requirements.
These slides are from our webinar covering topics like:
· Threats, vulnerabilities, weaknesses – why their difference matters
· How vulnerability scanning can help (and hinder) your efforts
· Security engineering and the system development lifecycle
· High impact activities - application risk rating and threat modeling
Developing a Multi-Layered Defense for Your Systems and Data
Confidence in the security of your IBM i systems and data requires a solid understanding of potential vulnerabilities, the most effective best practices, and technologies that minimize the possibility of a data breach. We’ve grouped important security best practices and technologies into overlapping layers that provide multiple lines of defense. The ultimate goal is to always have another layer of security to thwart a would-be intruder.
Whether you are a systems security officer or an IBM i system administrator, you don’t want to miss this opportunity to learn about IBM i security best practices.
We’ll discuss:
• Common IBM i security vulnerabilities
• Configuring the security capabilities of the IBM i
• Implementing network security, access control, cryptography and more
Fundamental Best Practices in Secure IoT Product DevelopmentMark Szewczul, CISSP
The document provides guidance on best practices for secure IoT product development. It discusses the top 5 security considerations which include implementing secure firmware updates, authentication and encryption on product interfaces, independent security assessments, securing companion mobile apps/gateways, and implementing a secure root of trust. It also highlights lessons learned from privacy and security issues with IoT products like baby monitors, fitness trackers, medical devices, drones, critical infrastructure systems, and autonomous vehicles. Recommendations provided include adopting a security-by-design approach, threat modeling products, implementing secure development processes, and incorporating privacy principles.
Link to Youtube video: https://youtu.be/OJMqMWnxlT8
You can contact me at abhimanyu.bhogwan@gmail.com
My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/
Threat Modeling(system+ enterprise)
What is Threat Modeling?
Why do we need Threat Modeling?
6 Most Common Threat Modeling Misconceptions
Threat Modelling Overview
6 important components of a DevSecOps approach
DevSecOps Security Best Practices
Threat Modeling Approaches
Threat Modeling Methodologies for IT Purposes
STRIDE
Threat Modelling Detailed Flow
System Characterization
Create an Architecture Overview
Decomposing your Application
Decomposing DFD’s and Threat-Element Relationship
Identify possible attack scenarios mapped to S.T.R.I.D.E. model
Identifying Security Controls
Identify possible threats
Report to Developers and Security team
DREAD Scoring
My Opinion on implementing Threat Modeling at enterprise level
Azure Operation Management Suite - security and complianceAsaf Nakash
Today’s IT Security and Operations teams are tasked with managing highly complex, hybrid-cloud, cross-platform systems which are increasingly vulnerable to a growing number of sophisticated cyber-attacks. With this, IT Operations teams have a requirement to identify any threats to their environment as soon as possible to mitigate damages, as well as continue to cost-effectively meet SLAs.
SecureIoT participated in ETSI IoT Week 2018 at the Challenging IoT Security & Privacy Workshop, Session 1 - Overview and Accomplishment of the H2020 IoT Security/Privacy Cluster Projects. SecureIoT was also happy to present the H2020 IoT projects of Security/Privacy cluster.
This is the presentation made from John Soldatos of SecureIoT H2020 project.
Are you new to Black Duck or open source security? Do you need a refresher? Understanding the fundamentals of open source security is critical to keeping your data and organization safe. During this session, we'll share best practices from the world's leading experts to help you establish a foundation for success.
This document discusses vulnerability management and cybersecurity risks. It identifies various risks like staff risks, technology risks, and operational risks. It also discusses risk management frameworks and programs. Key aspects of vulnerability management are identified like asset identification, threat assessment, impact evaluation, and risk response. Common vulnerabilities are also listed. The document emphasizes that risk assessment and management is important to protect organizational assets and should be an ongoing process.
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
This document discusses building a cyber security operations center (CSOC). It covers the need for a CSOC, its core components including security information and event management (SIEM), and integrating components like monitoring, alerting, and reporting. Key aspects that are important for a successful CSOC are people, processes, and technology. The roles and skills required for people in the CSOC and training needs are outlined. Developing standardized processes, procedures and workflows that align with frameworks like ISO are also discussed.
The document discusses managed security services offered by ESDS including security operations centers (SOC) that provide monitoring, analytics, and incident response. It describes three SOC solutions - Eagle Eye for monitoring, Security Insight for assessments, and Total Secure for integrated services. The document also overview eNlight web application firewall and web VPN solutions, highlighting their features such as protecting against OWASP threats and providing granular access control. It argues that managed security services can enhance organizations' security posture through monitoring, alerting and rapid deployment capabilities.
This document provides an overview of key topics in information security:
- It discusses the challenges of implementing information security programs and outlines the importance of processes over products.
- An Information Security Management System (ISMS) is presented as the foundation for establishing security policies, procedures, and responsibilities.
- Authentication and provisioning systems are described as ways to centrally manage user identities and access across applications.
- The importance of vulnerability assessment, policy compliance, and log monitoring tools is highlighted to help detect threats, ensure compliance, and aid auditing.
- Endpoint security, access control, and data leakage prevention are outlined as methods to enforce security policies across networked devices and sensitive data.
This document contains a presentation on cloud security. It discusses how security approaches need to change to adapt to virtualized and cloud environments. Traditional security methods of provisioning separate security for each server need to change to more automated and workload-aware approaches. The presentation discusses how security can be provisioned automatically during resource provisioning. It also discusses how security capabilities can be managed efficiently at scale through continuous monitoring and vulnerability mitigation techniques. The presentation argues that securing data centers and extending their security to public clouds requires optimizing security to reduce the impact on resources. It outlines shared responsibilities between cloud providers and customers to ensure security. The presentation emphasizes that incident response still requires capabilities like digital forensics to fully investigate security compromises in virtual and
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
This webinar and presentation outlines the Infocyte HUNT threat detection and incident response platform, and how it enables state and local government organizations:
- Reduce risk across local, off-network, and cloud IT assets
- Expose and eliminate hidden cyber threats and vulnerabilities
- Streamline your overall security operations
- Achieve and maintain compliance
Using Infocyte, TIG can provide their customers with cost-effective, easy-to-manage, and on-demand cybersecurity consulting services (e.g. compromise assessments, incident response) and managed security services (e.g. managed detection and response).
Visit https://www.infocyte.com/ to learn more and request a demo, or request a cybersecurity risk assessment (Compromise Assessment) using the link below:
https://www.infocyte.com/free-compromise-assessment/
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay.
In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.
This 2-day training course from Tonex focuses on applying cyber security principles to embedded systems. It covers fundamentals of both cyber security and embedded systems, analyzing vulnerabilities in embedded systems, and techniques for securely implementing and defending embedded systems. The course teaches how to examine, exploit, and harden real embedded devices and operating systems. It is designed for engineers, developers, and security professionals working with embedded technologies.
Similar to Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects (20)
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
Most important New features of Oracle 23c for DBAs and Developers. You can get more idea from my youtube channel video from https://youtu.be/XvL5WtaC20A
Microservice Teams - How the cloud changes the way we workSven Peters
A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams?
Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.
The Rising Future of CPaaS in the Middle East 2024Yara Milbes
Explore "The Rising Future of CPaaS in the Middle East in 2024" with this comprehensive PPT presentation. Discover how Communication Platforms as a Service (CPaaS) is transforming communication across various sectors in the Middle East.
Unveiling the Advantages of Agile Software Development.pdfbrainerhub1
Learn about Agile Software Development's advantages. Simplify your workflow to spur quicker innovation. Jump right in! We have also discussed the advantages.
Project Management: The Role of Project Dashboards.pdfKarya Keeper
Project management is a crucial aspect of any organization, ensuring that projects are completed efficiently and effectively. One of the key tools used in project management is the project dashboard, which provides a comprehensive view of project progress and performance. In this article, we will explore the role of project dashboards in project management, highlighting their key features and benefits.
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
Malibou Pitch Deck For Its €3M Seed Roundsjcobrien
French start-up Malibou raised a €3 million Seed Round to develop its payroll and human resources
management platform for VSEs and SMEs. The financing round was led by investors Breega, Y Combinator, and FCVC.
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...XfilesPro
Wondering how X-Sign gained popularity in a quick time span? This eSign functionality of XfilesPro DocuPrime has many advancements to offer for Salesforce users. Explore them now!
INTRODUCTION TO AI CLASSICAL THEORY TARGETED EXAMPLESanfaltahir1010
Image: Include an image that represents the concept of precision, such as a AI helix or a futuristic healthcare
setting.
Objective: Provide a foundational understanding of precision medicine and its departure from traditional
approaches
Role of theory: Discuss how genomics, the study of an organism's complete set of AI ,
plays a crucial role in precision medicine.
Customizing treatment plans: Highlight how genetic information is used to customize
treatment plans based on an individual's genetic makeup.
Examples: Provide real-world examples of successful application of AI such as genetic
therapies or targeted treatments.
Importance of molecular diagnostics: Explain the role of molecular diagnostics in identifying
molecular and genetic markers associated with diseases.
Biomarker testing: Showcase how biomarker testing aids in creating personalized treatment plans.
Content:
• Ethical issues: Examine ethical concerns related to precision medicine, such as privacy, consent, and
potential misuse of genetic information.
• Regulations and guidelines: Present examples of ethical guidelines and regulations in place to safeguard
patient rights.
• Visuals: Include images or icons representing ethical considerations.
Content:
• Ethical issues: Examine ethical concerns related to precision medicine, such as privacy, consent, and
potential misuse of genetic information.
• Regulations and guidelines: Present examples of ethical guidelines and regulations in place to safeguard
patient rights.
• Visuals: Include images or icons representing ethical considerations.
Content:
• Ethical issues: Examine ethical concerns related to precision medicine, such as privacy, consent, and
potential misuse of genetic information.
• Regulations and guidelines: Present examples of ethical guidelines and regulations in place to safeguard
patient rights.
• Visuals: Include images or icons representing ethical considerations.
Real-world case study: Present a detailed case study showcasing the success of precision
medicine in a specific medical scenario.
Patient's journey: Discuss the patient's journey, treatment plan, and outcomes.
Impact: Emphasize the transformative effect of precision medicine on the individual's
health.
Objective: Ground the presentation in a real-world example, highlighting the practical
application and success of precision medicine.
Data challenges: Address the challenges associated with managing large sets of patient data in precision
medicine.
Technological solutions: Discuss technological innovations and solutions for handling and analyzing vast
datasets.
Visuals: Include graphics representing data management challenges and technological solutions.
Objective: Acknowledge the data-related challenges in precision medicine and highlight innovative solutions.
Data challenges: Address the challenges associated with managing large sets of patient data in precision
medicine.
Technological solutions: Discuss technological innovations and solutions
How Can Hiring A Mobile App Development Company Help Your Business Grow?ToXSL Technologies
ToXSL Technologies is an award-winning Mobile App Development Company in Dubai that helps businesses reshape their digital possibilities with custom app services. As a top app development company in Dubai, we offer highly engaging iOS & Android app solutions. https://rb.gy/necdnt
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
Consistent toolbox talks are critical for maintaining workplace safety, as they provide regular opportunities to address specific hazards and reinforce safe practices.
These brief, focused sessions ensure that safety is a continual conversation rather than a one-time event, which helps keep safety protocols fresh in employees' minds. Studies have shown that shorter, more frequent training sessions are more effective for retention and behavior change compared to longer, infrequent sessions.
Engaging workers regularly, toolbox talks promote a culture of safety, empower employees to voice concerns, and ultimately reduce the likelihood of accidents and injuries on site.
The traditional method of conducting safety talks with paper documents and lengthy meetings is not only time-consuming but also less effective. Manual tracking of attendance and compliance is prone to errors and inconsistencies, leading to gaps in safety communication and potential non-compliance with OSHA regulations. Switching to a digital solution like Safelyio offers significant advantages.
Safelyio automates the delivery and documentation of safety talks, ensuring consistency and accessibility. The microlearning approach breaks down complex safety protocols into manageable, bite-sized pieces, making it easier for employees to absorb and retain information.
This method minimizes disruptions to work schedules, eliminates the hassle of paperwork, and ensures that all safety communications are tracked and recorded accurately. Ultimately, using a digital platform like Safelyio enhances engagement, compliance, and overall safety performance on site. https://safelyio.com/
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
1. H2020 IoT Security/Privacy Cluster
Projects: Overview of Risk Assessment
Solutions
H2020 IOT Security/Privacy Cluster , May 2019
All the presented projects have received funding from the
European Union’s Horizon 2020 research and innovation
programme
2. Cluster Projects that Focus on Risk Assessment: Overview of Approaches (1)
Brain-IoT
• Risk assessment as a means of setting
security objectives & driving requirements
CHARIOT
• Simulation tool for risk assessment, risk
mitigation and data generation
ENACT
• Continuous & Adaptive IoT Risk Assessment
integrated with DevOps
3. Cluster Projects that Focus on Risk Assessment: Overview of Approaches (2)
IoT Crawler
• Analysis of threats and relevant risks in the
context of IoT Search & Crawling
SecureIoT
• Data-driven risk assessment i.e. advanced
data analytics for risk assessment & scoring
SerIoT
• Policy Based Framework for Risk Mitigation
4. Cluster Projects that Focus on Risk Assessment: Overview of Approaches
RA Area / Project Brain-IoT IoTCrawler SecureIoT CHARIOT ENACT SerIoT
Asset Modelling X X X X X X
Threat Modelling X X X X X X
Threat Databases &
Knowledge Bases
X X X
Threats & Assets Mapping X X
Data Analytics & AI for Risk
Assessment
X
Risk Driven Security
Requirements
X X
Risk Simulation & Calculation X
Risk Visualization X X
Risk Mitigation X
Specification of IoT Threats for
Search and Crawling
X
5. Brain-IoT: Model-Based Framework for Dependable Sensing & Actuation in
Intelligent Decentralized IoT Systems
Objectives, Scope, Validation
• Interoperability & Dynamic
Platforms Federations (Shared
Semantic Models linked
dynamically to IoT devices)
• Smart Cooperative Behaviours
based on AI features
• Dynamic AAA
• Embedded Privacy & Privacy
Control
• Dynamic Commissioning &
Reconfiguration (edge/cloud
deployment & balancing)
• Validation Settings: Robotics,
Critical Water Infrastructures,
H2020 LSP Projects (Smart Cities,
Healthcare, Wearables..)
www.brain-iot.eu
6. Scope of Risk Assessment in Brain-IoT
Scope: Systems Managed by Brain-IoT (not external systems)
•IoT Devices & Platforms in Brain-IoT Use Cases
Iterative Methodology
•Assets identification
•Threats identification , based on common threats databases (EBIOS, OWASP, etc.).
•Security objectives are derived from the threats, to identify security level targeted for each environment.
•Security technical requirements are built to counter the threats
7. Identification of Assets, Threats & Vulnerabilities
Asset Identification
• Different Types of
Assets
• Software (e.g., an
operating system)
• Hardware (e.g., a
sensor, CPU,
memory, etc.)
• Data (e.g., sensor
status transmitted
over a network,
robot location in
memory, etc.)
• Each asset has an
Identifier and is
classified based on
its role & Impact on
the System
Threats and
Vulnerabilities
Identification
• EBIOS Methodology
• Eight main
categories
• Physical damage
• Natural events
• Loss of essential
services
• Disturbance due to
radiation
• Compromise of
information
• Technical failures
• Unauthorized
actions
• Compromise of
functions
9. Security Objectives
Security Objectives
• Derived from threats
• Guideline to counter the identified threats and to satisfy the
security principle
• Should cover the full list of threats for each asset
• Could be classified in terms of Integrity, Confidentiality, and
Availability
10. Security Requirements
Security Requirements
• Final step of the methodology: Technical requirement
identification.
• Each security objective should lead to the implementation of
one or more technical requirements
• Requirement list used as input for the technical design definition
11. CHARIOT: Cognitive Heterogeneous Architecture for Industrial IoT
www.chariotproject.eu
Objectives, Scope, Validation
• Methodological Framework for the Design
and Operation of Safety Critical Systems
(safety as cross-cutting concern)
• Open Cognitive IoT Architecture and
Platform for safety critical systems and IoT
systems interaction in a secure manner
• Runtime IoT Privacy, Security and Safety
Supervision Engine (IPSE)
• Privacy Engine based on PKI and
Blockchain technologies
• Firmware Security integrity checking
• IoT Safety Supervision Engine (ISSE)
• Analytics Prediction and Dashboard
• Validation: Trenitalia (Italy) & Athens
International Airport (Greece), IBM Campus
(Ireland)
12. CHARIOT: Scope of Risk Assessment Work
Risk Assessment and Mitigation
• Various standards are part of
CHARIOT’s design and methodology for
use cases in different sectors (e.g., IEC
62443 for railway, CANSO Guide for
Aviation)
• A Simulation Tool developed to
facilitate design and enable data
collection, while boosting risk
assessment
CHARIOT
Simulator
•Privacy, security,
safety threat
vulnerability
analysis
•Predict IoT
devices anomalies
and malfunctions
•Score risk when
something is not
behaving as
expected •Provide
mitigation plans
and
recommendations
Show & Illustrate
bottlenecks
14. ENACT: Development, Operation, and Quality Assurance of Trustworthy
Smart IoT Systems
Objectives, Scope, Validation
• Enablers for continuous
development and operation of
trustworthy IoT systems
• Risk-driven and agile
development and delivery
• Continuous evolution to keep
the smart IoT system
trustworthy despite internal
threats
• Address security, privacy, safety,
resilience, and reliability.
• Deal with software updates,
new security strategies, new
user profiles, policies changes.
• Validation: Rail, Healthcare,
Smart Building
CODE
BUILD TEST
RELEASE &
DEPLOY
OPERATE
Risk-Driven
Design Planning
Language to specify
Devicesbehavior
& securitybehavior
Automated deployment
of Smart IoT systems
and securitymechanisms
Simulation and Test environment for
Smart IoT applications.
Simulate and test securitymechanisms.
Security, robustnessand context monitoring
and root-cause analysis
Dynamicadaptation
in open contexts
& actuation conflicts
handling
Secure and context-
aware orchestration
of sensors, actuators
and software services.
Actuation conflict
identification
https://www.enact-project.eu
15. Risk Management Objectives & Approach in ENACT
RA Scope in ENACT
• Concepts and tools for agile context-
aware and risk-driven decision support
and selection of resources
• Enable application developers and
operators to support continuous
delivery of trustworthy smart IoT
systems.
• Framework & Methodologies: OCTAVE,
OWASP CORAS for likelihood and
impact analysis
RA Functionalities
• Detect risks (System Level &
Component Level)
• Produce mitigation actions - directly
actionable by DevOps teams
• Classifies mitigation actions in order to
understand the impact on the DevOps
process
• Provide a current risk status report for
legislation compliance
16. Baseline and Progress
Extensions to MUSA
• Support any types of risk, defined within the catalogue or defined by the user.
• Enable creation & evaluation of non-functional risks.
• Integration with the DevOps cycle - Monitor the risk mitigation status though evidence collectors
• Open data Risks catalogue for IoT space
• The full functionality provided in ENACT will be released as open-source under MIT license.
MUSA Risk Assessment
Seamless & Impactless Risk Management for
DevOps team
Support IoT and Edge:
• Consider software and hardware components
• IoT security, privacy, resilience,
& non-functional risks
Baseline Planned Progress
ENACT Risk
Management
17. Main Innovations in Risk Assessment
Adaptability
• Completely adaptable to
each customer’s problem
and process
• Adapts to architecture or
process changes
Dashboards &
Visualization
• Dashboards for
continuous process
management adapted
to different roles
• Risk warning
visualization connected
to project management
• Automatically raise
awareness on risks
related to changes in
the schedule
Continuous Risk Control
• Novel mechanisms to
define risks and
mitigations related to a
process.
• Likelihood and impact of
potential risks
associated to the
project will be
continuously calculated
depending on actual
process execution.
18. IoTCrawler: Search Engine for the Internet of Things
Objectives, Scope, Validation
• Search engines that support crawling,
discovery and integration of IoT data.
• Adaptive and dynamic solutions for
resource ranking and selection.
• Distributed crawling and indexing
mechanisms to enable near real-time
discovery and search of massive real
world (IoT) data streams in a secure and
privacy- and trust-aware framework.
• Enablers for security-, privacy and trust-
aware discovery and access to IoT
resources in constrained IoT
environments
• New applications and services that rely
on ad-hoc and dynamic data/service
query and access.
• Validation: Smart City, Social IoT, Smart
Energy, Industry 4.0
https://iotcrawler.eu/
Security,Privacy&Trust
IoT Resources: sensors and actuators
Use cases
Machine initiated semantic sear ch
IoT discovery
Context management
Monitoring & fault recovery
Multi-criteria ranking
Adaptive indexing
Edge
broker
Edge
broker
Edge
broker
Cloud
broker
Distributed
IoT framework
Dynamic
crawling
Search
Dataanalysis
API
Smart city Social IoT
Smart
energy
Industry
4.0
19. Repositories of Threats used in IoTCrawler
IoTCrawler specifies a library of threats
derived from existing repositories and
ontologies
Threat
Modelling in
IoTCrawler
IoTSec Ontology: Comprises Repository
threats for IoT
IoTSec
Paper on Threat Analysis for M2M
Communications
ETSI’s Threat
Analysis
20. IoTCrawler: Types of Threats Analyzed & Modelled
Types
of
Threats
IoT Devices
Threats
Communication
Threats
Platform
Threats
M2M Threats
21. SecureIoT: Predictive Security for IoT Platforms and Networks of
Smart Objects
Objectives, Scope, Validation
• End-to-End Security
Monitoring for Predictive
(AI-based Security)
• Security Interoperability
across IoT Platforms
• Cross-Platform & Cross-
Vertical
• Validation: Socially
Assistive Robots, Smart
Manufacturing, Connected
Car & Self-Driving
https://secureiot.eu/
IoT Systems
(Platforms &
Devices)
Field
Network
Field
Device
Edge
Cloud
App Intelligent
(Context-
Aware)
Data
Collection
Actuation &
Automation
Open APIs
IoT Security
Template
Extraction
(Analytics)
Template
Execution
Engine
(e.g., Rule
Engine)
Global Storage
(Cloud)
SecureIoT
Database+ Assets
Registry
IoT Security Templates
Database
Templates
Contextualization
Engine
IoT Security
Knowledge Base
Security Policy
Enforcement Point
Risk
Assessment
Compliance
Auditing
Developers’
Support
Developers’
Support
WP4
Open APIs
WP5
WP3
22. SecureIoT: Functional Architecture (Logical View)
SecureIoT Architecture
• Data Driven Architecture for SECaaS Services
• Risk Assessment is one of the SECaaS Services
• Risk Assessment leverages processing & analytics over security information derived from various
probes
23. Risk Assessment Workflow SecureIoT Platform
Main Elements of
SecureIoT Risk
Assessment Approach
• System
• Asset
• Abuse Case
• Risk Model
• Indicators
• Mitigation Measures
26. Role of IoT Security Knowledge Base in Risk Assessment
Official sources IoT assets
Risk assessment
service
Template
execution engine
Human end-user
API
Visual tools
CyberThreat Intelligence
crawler
Assets aggregator
Knowledge Base DBs
27. SerIoT: Secure & Safe Internet of Things
Objectives, Scope, Validation
• Design a Cognitive Packet Network
that interconnects distributed IoT
subsystems based on SDN
technology
• Use “Smart Packets” (SP) to search
for secure multi-hop routes having
good quality of service & energy
efficiency.
• Use Random Neural Networks for
routing decisions and overall
network performance
improvements – “Security Aware”
routing
• Validation: ITS & Smart Cities,
Surveillance, Flexible
Manufacturing, Food Chain
https://seriot-project.eu
28. Scope of Risk Assessment Work in IoT
Policy based Framework for data usage and risk
prevention
• Enable risk identification and minimization based on
appropriate policies
Risk Analysis & Mitigation based on cross-layer data
collection & analytics
• Empowered by interoperability and resulting in increased
intelligence
Validation in LL (Smart Transport)
• E.g., Risk Mitigation in Road ITS Scenarios
29. Possible Synergies & Joint Activities
Synergies
on Risk
Assessme
nt
Alignment & Reuse
of Asset Modelling
Approaches
Exchange of Threat
Models, Asset
Models etc.
Joint Whitepaper on
Risk Modelling &
Assessment for IoT
Catalogue of
Different Standards
(ENISA, IEC 62433)
and Methodologies
(e.g., EBIOS,
OCTAVE, CORAS etc)
Examples
• IoTCrawler threats as
input to SecureIoT
Knowledge base
• Common Database of
Assets, Threats and
Vulnerabilities
• Brain-IoT methodology
used to drive Security
Requirements in SecureIoT
Use Cases
• CHARIoT Simulator could
generate datasets to
shared with other projects