The document provides an overview of securing medical devices. It begins by outlining the objectives of understanding current device security, vulnerabilities, and considerations for securing systems. It then discusses what constitutes a medical device and why connectivity is important but introduces risks. Several risk scenarios are described, such as device hacking, data breaches, and DIY modifications. Specific examples of insulin pump and pacemaker hacks are given. The document then provides strategies for improving security, including identifying risks, using strong identities and cryptography, monitoring for issues, and securing various aspects of systems from the hardware to communications to applications. It acknowledges barriers to security but emphasizes doing as much as possible and understanding what is at stake.
Security for Healthcare Devices - Will Your Device Be Good Enough?Rio Valdes
Learn which elements must be considered when designing healthcare devices
Why security challenges for wearables are greater than for an endpoint in a fixed location
Elements to consider when adopting security-by-design product
Cybersecurity, FDA digital health requirements
Medical Wearables
Use Case Studies
According to Ponemon, only 51% of device makers say they follow guidance from the FDA to mitigate or reduce inherent security risks in medical devices, which creates additional security blind spots and increases the cyberattack surface for hospitals and healthcare systems.
Managing Next Generation Threats to Cyber SecurityPriyanka Aash
The emergence of next generation technology into the cyber security space has added complications and challenges on several levels. When we talk about next generation technologies we should mean those associated directly with artificial intelligence (AI) and associated components such as machine learning (ML). Unfortunately, many organizations opt to hype current generation products as next gen. In this workshop we will begin by exploring what we need to know about AI and its components. We will dispense with the marketing hype and get down to the facts. Then we will look in detail at a few available tools that truly are next gen - and what makes them next gen - followed by a discussion of where the adversary is going with AI, ML and other next gen technologies. We will wrap up with research from my upcoming book which discusses the collision between the law and cyber science. In this section we also will address some governance issues that you need to know
Logs from machines can tell security incidents but how can they be managed and analyzed properly. This presentation lays foundation of Big Data analytics using information security scenarios for example and also states the practical analytics from my experience.
This slide was presented in MiSSConf(SP1) June 18, 2016
This presentation was presented in OWASP Thailand Chapter Meeting 5/2019 (July 25). It is about how to design data architecture and secure software in order to protect organization from regulation's penalty causes by data breach. However, this slide is still incomplete and need more clarification, so it would be useful for those attended the meeting. Be careful for distribution.
Security for Healthcare Devices - Will Your Device Be Good Enough?Rio Valdes
Learn which elements must be considered when designing healthcare devices
Why security challenges for wearables are greater than for an endpoint in a fixed location
Elements to consider when adopting security-by-design product
Cybersecurity, FDA digital health requirements
Medical Wearables
Use Case Studies
According to Ponemon, only 51% of device makers say they follow guidance from the FDA to mitigate or reduce inherent security risks in medical devices, which creates additional security blind spots and increases the cyberattack surface for hospitals and healthcare systems.
Managing Next Generation Threats to Cyber SecurityPriyanka Aash
The emergence of next generation technology into the cyber security space has added complications and challenges on several levels. When we talk about next generation technologies we should mean those associated directly with artificial intelligence (AI) and associated components such as machine learning (ML). Unfortunately, many organizations opt to hype current generation products as next gen. In this workshop we will begin by exploring what we need to know about AI and its components. We will dispense with the marketing hype and get down to the facts. Then we will look in detail at a few available tools that truly are next gen - and what makes them next gen - followed by a discussion of where the adversary is going with AI, ML and other next gen technologies. We will wrap up with research from my upcoming book which discusses the collision between the law and cyber science. In this section we also will address some governance issues that you need to know
Logs from machines can tell security incidents but how can they be managed and analyzed properly. This presentation lays foundation of Big Data analytics using information security scenarios for example and also states the practical analytics from my experience.
This slide was presented in MiSSConf(SP1) June 18, 2016
This presentation was presented in OWASP Thailand Chapter Meeting 5/2019 (July 25). It is about how to design data architecture and secure software in order to protect organization from regulation's penalty causes by data breach. However, this slide is still incomplete and need more clarification, so it would be useful for those attended the meeting. Be careful for distribution.
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
Say incident response to 10 people and odds are you'll get 10 different opinions on how to do it right. When evaluating tools and procedures for enterprise Incident Response it's helpful to understand how to approach this in a way that will cause the adversary maximum pain. This talk will review the essential requirements for IR tools and procedures in a vendor / tool neutral approach. Find out the right questions to ask and the strategies to make sure you get the most out of your incident response team.
In this provocative and sometimes irreverent presentation, retired Brigadier General Greg Touhill, the United States government's first federal Chief Information Security Officer, will discuss why the legacy perimeter defense model has been overwhelmed and made obsolete by the advent of modern mobility and cloud computing. He'll demonstrate how to make the business case that the shift to the Zero Trust security strategy is now essential for businesses to survive and thrive in today's highly contested global digital economy.
Network Connected Medical Devices - A Case StudySophiaPalmira
In this session, we welcome Shankar Somasundaram, CEO of Asimily, Priyanka Upendra, Quality Compliance Director at Banner Health, and Carrie Whysall. Director of Managed Security Services at CynergisTek.
Together, they will discuss medical device security, covering all you need to know from medical device assessments to remediation efforts. Attendees will leave this session knowing how to apply what they have learned about medical device security in real life.
Overcoming the Challenges of Conducting a SRAMatt Moneypenny
On January, 25th, Etactics and Info GPS held a special webinar event, “Overcoming the Challenges of Conducting a Security Risk Analysis”, where they give you tips on how you can overcome the biggest and most common challenges when conducting a Security Risk Analysis. This event featured special guest Paul Hugenberg, InfoGPS Networks’ CEO, and J.P. Cervo, Etactics’ Regional Sales Manager.
As legislators continue to expand the scope of the laws governing information security, we will take a look at some of the new European-level laws in this area from an open source perspective, and consider their impact on OSS management practices. The session will focus on the General Data Protection Regulation, not only because it applies to everyone, but also because its requirements are in many ways the most detailed and prescriptive. During the session we will also touch on some industry-specific developments like the Network and Information Services Directive and the Electronic Identification Regulation. Dan will cover what the new laws say (and perhaps more importantly what they don’t say), how to go about applying them to your OSS management regime, and what you might need to think about changing as a result.
The Presentation is about the Basic Introduction to Cybersecurity that talks about introduction and what is security means. Also the presentation talks about CIA Triad i.e confidentiality, integrity and availability
The Incident Response Playbook for Android and iOSPriyanka Aash
What is your mobile device incident response plan? If you cannot answer that question, you should attend this session. The session will cover the challenges in mobile, how and why it is different from traditional incident response, and the building blocks you can use to craft your own mobile incident response plan.
(Source: RSA USA 2016-San Francisco)
We are all aware of the current risks when developing a connected product, especially with vehicles since much is at stake both from an information and safety perspective. In this workshop, we will learn how to build Security requirements, architect, design, test and produce Safety and Security critical components using a methodology that works in harmony both with Engineering and Security
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 shawn_merdinger
High level overview of current security issues in medical device security, what is being hacked by security researchers, who are the major security players, hacking predictions, FUD vs. Reality.
Are you ready for the next attack? Reviewing the SP Security ChecklistAPNIC
Are you ready for the next attack? Reviewing the SP Security Checklist, by Barry Green.
A presentation given at the APNIC 40 Opening Ceremony and Keynotes session on Tue, 8 Sep 2015.
Patching software is a constant challenge. The Equifax hack and subsequent FTC investigation has shown us that required patches aren’t limited to those published by commercial vendors. Open source updates are just as critical; tracing new vulnerabilities and updates to applications in which those components are used isn’t just a good practice, it’s a regulatory requirement.
A focused approach to managing open source risk is essential as the legal landscape quickly evolves, including requirements under the FTC Act, HIPAA, and the European Union’s General Data Protection Regulation (GDPR). Coupled with heightened regulatory enforcement, these requirements increase the pressures on companies to maintain data privacy and security. This session will cover common misconceptions about these requirements, and explain why open source management is essential to your overall security strategy.
Security for Healthcare Devices – Will Your Device Be Good Enough?Walt Maclay
The Concern: Devices in Healthcare
* Cybersecurity and privacy issues have been on the increase
Security for Wearables Is More Important
* FDA digital health requirements
Security by Design for Healthcare Devices
* How to start security by design and get it right
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
Say incident response to 10 people and odds are you'll get 10 different opinions on how to do it right. When evaluating tools and procedures for enterprise Incident Response it's helpful to understand how to approach this in a way that will cause the adversary maximum pain. This talk will review the essential requirements for IR tools and procedures in a vendor / tool neutral approach. Find out the right questions to ask and the strategies to make sure you get the most out of your incident response team.
In this provocative and sometimes irreverent presentation, retired Brigadier General Greg Touhill, the United States government's first federal Chief Information Security Officer, will discuss why the legacy perimeter defense model has been overwhelmed and made obsolete by the advent of modern mobility and cloud computing. He'll demonstrate how to make the business case that the shift to the Zero Trust security strategy is now essential for businesses to survive and thrive in today's highly contested global digital economy.
Network Connected Medical Devices - A Case StudySophiaPalmira
In this session, we welcome Shankar Somasundaram, CEO of Asimily, Priyanka Upendra, Quality Compliance Director at Banner Health, and Carrie Whysall. Director of Managed Security Services at CynergisTek.
Together, they will discuss medical device security, covering all you need to know from medical device assessments to remediation efforts. Attendees will leave this session knowing how to apply what they have learned about medical device security in real life.
Overcoming the Challenges of Conducting a SRAMatt Moneypenny
On January, 25th, Etactics and Info GPS held a special webinar event, “Overcoming the Challenges of Conducting a Security Risk Analysis”, where they give you tips on how you can overcome the biggest and most common challenges when conducting a Security Risk Analysis. This event featured special guest Paul Hugenberg, InfoGPS Networks’ CEO, and J.P. Cervo, Etactics’ Regional Sales Manager.
As legislators continue to expand the scope of the laws governing information security, we will take a look at some of the new European-level laws in this area from an open source perspective, and consider their impact on OSS management practices. The session will focus on the General Data Protection Regulation, not only because it applies to everyone, but also because its requirements are in many ways the most detailed and prescriptive. During the session we will also touch on some industry-specific developments like the Network and Information Services Directive and the Electronic Identification Regulation. Dan will cover what the new laws say (and perhaps more importantly what they don’t say), how to go about applying them to your OSS management regime, and what you might need to think about changing as a result.
The Presentation is about the Basic Introduction to Cybersecurity that talks about introduction and what is security means. Also the presentation talks about CIA Triad i.e confidentiality, integrity and availability
The Incident Response Playbook for Android and iOSPriyanka Aash
What is your mobile device incident response plan? If you cannot answer that question, you should attend this session. The session will cover the challenges in mobile, how and why it is different from traditional incident response, and the building blocks you can use to craft your own mobile incident response plan.
(Source: RSA USA 2016-San Francisco)
We are all aware of the current risks when developing a connected product, especially with vehicles since much is at stake both from an information and safety perspective. In this workshop, we will learn how to build Security requirements, architect, design, test and produce Safety and Security critical components using a methodology that works in harmony both with Engineering and Security
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 shawn_merdinger
High level overview of current security issues in medical device security, what is being hacked by security researchers, who are the major security players, hacking predictions, FUD vs. Reality.
Are you ready for the next attack? Reviewing the SP Security ChecklistAPNIC
Are you ready for the next attack? Reviewing the SP Security Checklist, by Barry Green.
A presentation given at the APNIC 40 Opening Ceremony and Keynotes session on Tue, 8 Sep 2015.
Patching software is a constant challenge. The Equifax hack and subsequent FTC investigation has shown us that required patches aren’t limited to those published by commercial vendors. Open source updates are just as critical; tracing new vulnerabilities and updates to applications in which those components are used isn’t just a good practice, it’s a regulatory requirement.
A focused approach to managing open source risk is essential as the legal landscape quickly evolves, including requirements under the FTC Act, HIPAA, and the European Union’s General Data Protection Regulation (GDPR). Coupled with heightened regulatory enforcement, these requirements increase the pressures on companies to maintain data privacy and security. This session will cover common misconceptions about these requirements, and explain why open source management is essential to your overall security strategy.
Security for Healthcare Devices – Will Your Device Be Good Enough?Walt Maclay
The Concern: Devices in Healthcare
* Cybersecurity and privacy issues have been on the increase
Security for Wearables Is More Important
* FDA digital health requirements
Security by Design for Healthcare Devices
* How to start security by design and get it right
Talking about Application Security with Dev, QA and Ops. This presentation is based on my own personal experience with developers, deployments and the implementations of such systems. #nightmares
A presentation specifically designed for non-technical decision makers who would like to understand Cyber Security and GDPR better, and how to protect their businesses.
Avoid embarrassing press by designing secure IoT products with Misha SeltzerProduct of Things
These are the slides from Misha Seltzer's talk at Product of Things Conference in Tel Aviv on July 2018:
Who this talk is for: this talk is for product managers that want to avoid common design flaws that lead to easily hackable IoT devices.
After this workshop you will be able to:
Spot and eliminate security design flaws early
Know where you, as a PM, can get involved to improve your product's security
Learn from mistakes done by others, and not repeat them
What is covered:
RTOS as well as Linux-based IoT protection
Rules of thumb for basic IoT security
Unexpected areas from which security flaws might creep into your products.
In the land of IoT, with so many different companies/manufacturers competing for the same space, it's essential to have a good reputation. One embarrassingly hackable product can not only hurt sales but kill the company altogether.
In this talk, we'll go over a couple of cases of embarrassing IoT security flaws, learn how/where those mistakes were made, and what can you, as PMs, do not to repeat those mistakes.
IoT Systems provide powerful, flexible features for IT systems — tracking, monitoring, and other data sharing. Today’s IoT devices utilize microservices and APIs that make them easy to put into production. But securing them isn’t as easy.
This webinar will look at security risks of IoT devices, interfaces, and implementations. We’ll provide practical steps and checklists any DevOps team can use to make their IoT components as secure as possible. We’ll also cover some testing best practices that can be done pre- and post-production to verify security and resilience on an ongoing basis.
Medical Records on the Run: Protecting Patient Data with Device Control and...Lumension
Lumension presented alongside United Health Care System on how to protect electronic medical records by enforcing device control and data encryption policies.
Take the First Steps Toward Endpoint Security ProtectionVTECH SOLUTION
Endpoint security is the process of protecting networked devices, such as PCs, laptops, servers, and mobile devices, from unauthorized access. It usually consists of a combination of hardware, software, and user training.
This presentation is intended for the customer facing risk managers, sales staff, and IT staff of a medical device manufacturer and their medical doctors and IT hospital and clinical counterparts.
It is intended to give an overview and highlight process considerations for incident management and reporting of cybersecurity issues.
It is based on the technical paper published by Pam Gilmore and Valdez Ladd in the ISSA Journal in 2014.
In the new world of connected healthcare, medical device manufacturers are challenged with cybersecurity issues to comply with the new FDA regulations. We examine the 5 domain areas of cybersecurity which apply to IoT HealthCare Vendors/ Providers.
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
This webinar and presentation outlines the Infocyte HUNT threat detection and incident response platform, and how it enables state and local government organizations:
- Reduce risk across local, off-network, and cloud IT assets
- Expose and eliminate hidden cyber threats and vulnerabilities
- Streamline your overall security operations
- Achieve and maintain compliance
Using Infocyte, TIG can provide their customers with cost-effective, easy-to-manage, and on-demand cybersecurity consulting services (e.g. compromise assessments, incident response) and managed security services (e.g. managed detection and response).
Visit https://www.infocyte.com/ to learn more and request a demo, or request a cybersecurity risk assessment (Compromise Assessment) using the link below:
https://www.infocyte.com/free-compromise-assessment/
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...BBPMedia1
Grote partijen zijn al een tijdje onderweg met retail media. Ondertussen worden in dit domein ook de kansen zichtbaar voor andere spelers in de markt. Maar met die kansen ontstaan ook vragen: Zelf retail media worden of erop adverteren? In welke fase van de funnel past het en hoe integreer je het in een mediaplan? Wat is nu precies het verschil met marketplaces en Programmatic ads? In dit half uur beslechten we de dilemma's en krijg je antwoorden op wanneer het voor jou tijd is om de volgende stap te zetten.
What is the TDS Return Filing Due Date for FY 2024-25.pdfseoforlegalpillers
It is crucial for the taxpayers to understand about the TDS Return Filing Due Date, so that they can fulfill your TDS obligations efficiently. Taxpayers can avoid penalties by sticking to the deadlines and by accurate filing of TDS. Timely filing of TDS will make sure about the availability of tax credits. You can also seek the professional guidance of experts like Legal Pillers for timely filing of the TDS Return.
Implicitly or explicitly all competing businesses employ a strategy to select a mix
of marketing resources. Formulating such competitive strategies fundamentally
involves recognizing relationships between elements of the marketing mix (e.g.,
price and product quality), as well as assessing competitive and market conditions
(i.e., industry structure in the language of economics).
[Note: This is a partial preview. To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
Sustainability has become an increasingly critical topic as the world recognizes the need to protect our planet and its resources for future generations. Sustainability means meeting our current needs without compromising the ability of future generations to meet theirs. It involves long-term planning and consideration of the consequences of our actions. The goal is to create strategies that ensure the long-term viability of People, Planet, and Profit.
Leading companies such as Nike, Toyota, and Siemens are prioritizing sustainable innovation in their business models, setting an example for others to follow. In this Sustainability training presentation, you will learn key concepts, principles, and practices of sustainability applicable across industries. This training aims to create awareness and educate employees, senior executives, consultants, and other key stakeholders, including investors, policymakers, and supply chain partners, on the importance and implementation of sustainability.
LEARNING OBJECTIVES
1. Develop a comprehensive understanding of the fundamental principles and concepts that form the foundation of sustainability within corporate environments.
2. Explore the sustainability implementation model, focusing on effective measures and reporting strategies to track and communicate sustainability efforts.
3. Identify and define best practices and critical success factors essential for achieving sustainability goals within organizations.
CONTENTS
1. Introduction and Key Concepts of Sustainability
2. Principles and Practices of Sustainability
3. Measures and Reporting in Sustainability
4. Sustainability Implementation & Best Practices
To download the complete presentation, visit: https://www.oeconsulting.com.sg/training-presentations
Digital Transformation and IT Strategy Toolkit and TemplatesAurelien Domont, MBA
This Digital Transformation and IT Strategy Toolkit was created by ex-McKinsey, Deloitte and BCG Management Consultants, after more than 5,000 hours of work. It is considered the world's best & most comprehensive Digital Transformation and IT Strategy Toolkit. It includes all the Frameworks, Best Practices & Templates required to successfully undertake the Digital Transformation of your organization and define a robust IT Strategy.
Editable Toolkit to help you reuse our content: 700 Powerpoint slides | 35 Excel sheets | 84 minutes of Video training
This PowerPoint presentation is only a small preview of our Toolkits. For more details, visit www.domontconsulting.com
Putting the SPARK into Virtual Training.pptxCynthia Clay
This 60-minute webinar, sponsored by Adobe, was delivered for the Training Mag Network. It explored the five elements of SPARK: Storytelling, Purpose, Action, Relationships, and Kudos. Knowing how to tell a well-structured story is key to building long-term memory. Stating a clear purpose that doesn't take away from the discovery learning process is critical. Ensuring that people move from theory to practical application is imperative. Creating strong social learning is the key to commitment and engagement. Validating and affirming participants' comments is the way to create a positive learning environment.
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
Skye Residences | Extended Stay Residences Near Toronto Airportmarketingjdass
Experience unparalleled EXTENDED STAY and comfort at Skye Residences located just minutes from Toronto Airport. Discover sophisticated accommodations tailored for discerning travelers.
Website Link :
https://skyeresidences.com/
https://skyeresidences.com/about-us/
https://skyeresidences.com/gallery/
https://skyeresidences.com/rooms/
https://skyeresidences.com/near-by-attractions/
https://skyeresidences.com/commute/
https://skyeresidences.com/contact/
https://skyeresidences.com/queen-suite-with-sofa-bed/
https://skyeresidences.com/queen-suite-with-sofa-bed-and-balcony/
https://skyeresidences.com/queen-suite-with-sofa-bed-accessible/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-king-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed-accessible/
#Skye Residences Etobicoke, #Skye Residences Near Toronto Airport, #Skye Residences Toronto, #Skye Hotel Toronto, #Skye Hotel Near Toronto Airport, #Hotel Near Toronto Airport, #Near Toronto Airport Accommodation, #Suites Near Toronto Airport, #Etobicoke Suites Near Airport, #Hotel Near Toronto Pearson International Airport, #Toronto Airport Suite Rentals, #Pearson Airport Hotel Suites
"𝑩𝑬𝑮𝑼𝑵 𝑾𝑰𝑻𝑯 𝑻𝑱 𝑰𝑺 𝑯𝑨𝑳𝑭 𝑫𝑶𝑵𝑬"
𝐓𝐉 𝐂𝐨𝐦𝐬 (𝐓𝐉 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬) is a professional event agency that includes experts in the event-organizing market in Vietnam, Korea, and ASEAN countries. We provide unlimited types of events from Music concerts, Fan meetings, and Culture festivals to Corporate events, Internal company events, Golf tournaments, MICE events, and Exhibitions.
𝐓𝐉 𝐂𝐨𝐦𝐬 provides unlimited package services including such as Event organizing, Event planning, Event production, Manpower, PR marketing, Design 2D/3D, VIP protocols, Interpreter agency, etc.
Sports events - Golf competitions/billiards competitions/company sports events: dynamic and challenging
⭐ 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐝 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬:
➢ 2024 BAEKHYUN [Lonsdaleite] IN HO CHI MINH
➢ SUPER JUNIOR-L.S.S. THE SHOW : Th3ee Guys in HO CHI MINH
➢FreenBecky 1st Fan Meeting in Vietnam
➢CHILDREN ART EXHIBITION 2024: BEYOND BARRIERS
➢ WOW K-Music Festival 2023
➢ Winner [CROSS] Tour in HCM
➢ Super Show 9 in HCM with Super Junior
➢ HCMC - Gyeongsangbuk-do Culture and Tourism Festival
➢ Korean Vietnam Partnership - Fair with LG
➢ Korean President visits Samsung Electronics R&D Center
➢ Vietnam Food Expo with Lotte Wellfood
"𝐄𝐯𝐞𝐫𝐲 𝐞𝐯𝐞𝐧𝐭 𝐢𝐬 𝐚 𝐬𝐭𝐨𝐫𝐲, 𝐚 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐣𝐨𝐮𝐫𝐧𝐞𝐲. 𝐖𝐞 𝐚𝐥𝐰𝐚𝐲𝐬 𝐛𝐞𝐥𝐢𝐞𝐯𝐞 𝐭𝐡𝐚𝐭 𝐬𝐡𝐨𝐫𝐭𝐥𝐲 𝐲𝐨𝐮 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐚 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐨𝐮𝐫 𝐬𝐭𝐨𝐫𝐢𝐞𝐬."
Unveiling the Secrets How Does Generative AI Work.pdfSam H
At its core, generative artificial intelligence relies on the concept of generative models, which serve as engines that churn out entirely new data resembling their training data. It is like a sculptor who has studied so many forms found in nature and then uses this knowledge to create sculptures from his imagination that have never been seen before anywhere else. If taken to cyberspace, gans work almost the same way.
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...BBPMedia1
Marvin neemt je in deze presentatie mee in de voordelen van non-endemic advertising op retail media netwerken. Hij brengt ook de uitdagingen in beeld die de markt op dit moment heeft op het gebied van retail media voor niet-leveranciers.
Retail media wordt gezien als het nieuwe advertising-medium en ook mediabureaus richten massaal retail media-afdelingen op. Merken die niet in de betreffende winkel liggen staan ook nog niet in de rij om op de retail media netwerken te adverteren. Marvin belicht de uitdagingen die er zijn om echt aansluiting te vinden op die markt van non-endemic advertising.
2. Objectives
That this session is most informative 45 minutes since lunch today.
That attendees walk away:
● understanding the current state of medical device security (how we got here)
● knowing the key points of vulnerability in a medical device system
● with a punch-list of considerations and decision points for securing a
medical device system
And maybe to scare you a little. Then make you feel a bit better.
4. What do we mean by medical device?
Something that detects, treats or cures a
medical condition.
● Fitness and general health monitoring
● Clinic/hospital equipment
● Therapy monitoring and administration
We’re focused on medically-critical portable
monitors, therapy, and implantable devices.
5. What do we mean by medical device?
● The physical device
● Data systems/services that receive, transmit, or store device related data
● Secondary devices used for programming the physical device
● Mobile and web applications used to display or manipulate device data
6. Pop Quiz - What's the most effective strategy for
keeping a medical device secure?
Don’t connect it.
Good luck with that!
7. Why connect devices?
● Improve patient outcomes
● Upgrade products using same hardware
● Resolve issues with firmware/software
● Reduce recall costs
● Answer FDA concerns
● Business process improvement
8. Why connect devices?
It may not be optional any longer.
...
The FDA wants medical devices to have mandatory monitoring and built-in
update mechanisms.
FDA Guidance Changes
FDA Medical Device Safety Action Plan
9. Who benefits?
● Manufacturers - Upgrade products using same hardware,
Reduce recall costs, Answer FDA concerns, Business process
improvement
● Patients - Improve patient outcomes
● Clinicians - Improve patient outcomes
● Insurers - Business process improvement
10. Who is at risk?
Patients take on the majority of the risk.
12. What are some risk scenarios?
● Device hacking
● Personal data breaches
● DIY Device Mods
13. How real are these concerns?
They’re real, but don’t take my word for it.
14. Medical Device Hacks - Pacemaker
In 2008 an IEEE paper outlined a wireless vulnerability with implantable
cardioverter defibrillator (ICD).
● Unencrypted wireless communication
● Reverse engineered command protocol
● Intercepted patient data
● Capable of disrupting heart function
IEEE Pacemaker hack story
Dick Cheney Terrorist Threat
15. Medical Device Hacks - Insulin Pump
In October 2016, Johnson & Johnson went public warning their patients of a
potential health risk caused by a cyber security vulnerability.
● First manufacturer disclosure of this type
● Unencrypted wireless communication
● Potential for creating insulin overdose
● Access to patient data
● Similar vulnerabilities discovered in other big players
J & J Insulin Pump Vulnerability
16. Barnaby Jack
Renowned hacker among industry experts for his influence in the medical and
financial security fields.
● Demonstrated hacking an insulin pump from a distance of up to 90 metres
using the high-gain antenna
● Demonstrated the ability to assassinate a victim
by hacking their pacemaker.
● Developed software that allowed him to remotely
send an electric shock to pacemakers within
a 50-foot radius
17. Data Privacy Breaches
● Majority come from healthcare providers
○ In 2017, 477 healthcare breaches reported to (HHS)
○ Affected over 5 million patient records
● Hacking has become the predominant cause of major breaches
● Connected devices create a new vector for data
hacking
18. DIY Device Mods
Dana Lewis hacked into her Continuous Glucose Monitor and collected data
which was in turn used to directly control her insulin pump.
● Creating an artificial pancreas
● Utilized unprotected data transmissions
● Developed a closed-loop therapy not approved by
the FDA at the time
● Created #OpenAPS and #DIYPS
Making an Artificial Pancreas
20. DIY Device Mods
Just a few weeks ago the vulnerability in the Nintendo Switch’s Tegra X1
bootROM. I know, I know, this is not a medical device, but it illustrates an
interesting problem.
● Vulnerability in the hardware layer itself
● Likely unresolvable via software or firmware updates
● Imagine what the FDA’s response to a similar issue
in a connected medical device….
Nintendo Switch Exploit
21. FDA Guidance Arrived Late
“There's a fairly significant fleet of devices that have back-door vulnerabilities
built in”
“As we learn more, we want to incrementally raise the expectations for the
security of devices”
“It is important to us that manufacturers build security and develop a program
through the lifetime of the device for maintenance”
Modern Healthcare, January 2018
22. So where can we go from here?
1. Identify the specific risks for a given system
23. So where can we go from here?
1. Identify the specific risks for a given system
2. Everything needs an identity (devices, servers, software, people)
24. So where can we go from here?
1. Identify the specific risks for a given system
2. Everything needs an identity (devices, servers, software, people)
3. Expose the minimum data/control
25. So where can we go from here?
1. Identify the specific risks for a given system
2. Everything needs an identity (devices, servers, software, people)
3. Expose the minimum data/control
4. Leverage modern cryptography
26. So where can we go from here?
1. Identify the specific risks for a given system
2. Everything needs an identity (devices, servers, software, people)
3. Expose the minimum data/control
4. Leverage modern cryptography
5. Verify firmware/software authenticity
27. So where can we go from here?
1. Identify the specific risks for a given system
2. Everything needs an identity (devices, servers, software, people)
3. Expose the minimum data/control
4. Leverage modern cryptography
5. Verify firmware/software authenticity
6. Monitor, track and react
30. Points of Vulnerability
● Physical device
● Communication
● Data at rest
● Firmware/software exploits
● Web or mobile applications
● Humans!
31. How do we start eliminating all this risk?
Start with a solid foundation based on modern security patterns.
32. Public Key Infrastructure
● The foundation of a secure architecture
● Utilize strong cryptography - long keys
● All systems own and never share their keys
● Protect the certificate authorities
● Have a plan for certificate life-cycles - keep ‘em short
● Leverage certificate expiration and revocation practices
● Key up-to-date on cipher suites and key algorithms
33. Identity, Identity, Identity
● Everything in your platform needs an identity
● Leverage cryptographic identities for devices and infrastructure
● Establish trust between parties within your system
● Control access inter-system access
● Create a data chain of custody
● Detect bad actors and isolate or eliminate access
34. Securing the Hardware
● Utilize a hardware based security modules / coprocessor (HSM, TPM)
● Trusted Execution Environments
● Digitally sign and encrypt the firmware/software
● Validate firmware/software on boot (Secure Boot)
● Protect data storage
● Tamper protection
● Disable JTAG or similar programming interfaces (remove, blow fuse, etc)
35. Securing Wireless - Bluetooth
● Never operated with plain text data packets
● BLE 4.2 if possible - allows strong encryption and key exchange (ECDH)
● Use secure connections
● Use the strongest possible pairing method the hardware supports to avoid
MITM attacks - Out of Band, Numeric Comparison - Something called “Just
Works” probably isn’t gonna cut it.
● Consider additional encryption at the software and/or firmware layer
36. Communication - Wired/Cellular/WIFI
(MQTT, AMQP, HTTP, etc)
● Never operate with plain text data packets
● Use TLS 1.2 or greater on all connections
● Consider Mutual TLS (mTLS) where possible
● Consider VPN Tunnelling for low powered embedded systems
● Secure your networks
37. Code Signing
● Developer utilizes certificate from a code signing authority
● Signing firmware/software
○ Generate one way hash of binaries
○ Encrypt hash with code signing identity private key
● Distribute binaries with certificate and hash
● Verification process
○ Decrypt provided hash
○ Generate one way hash of binaries
○ Compare decrypted and generate hashes
38. Firmware/Software Updates
● Periodically update firmware/software
● Resolve defects and/or security flaws
● Provide a secure mechanism to transfer firmware/software to device
● Leverage a secure boot mechanism to establish binary trust
● Provide a “no brick” mechanism to update
39. Data at Rest
● Sensitive data should be encrypted at rest
- Required for HIPAA compliance
● Prefer higher-layer encryption if possible
● Applies to all aspects of the architecture
40. Securing Mobile and Web Applications
● Use modern authentication solutions such as OAuth or OpenID
● Keep session lengths short
● Leverage biometric security
● Consider multi-factor authentication
● Critically consider which data to show
● Proxy devices and their software require extra care
Do you pass the phone-left-at-the-coffeeshop test?
41. Device Management
● Take inventory of devices
● Monitor usage and traffic patterns
● Manage firmware/software versions
● Use the data collected to detect and diagnose potential security problems
42. Whoa! - Do I need ALL of this?
It is not possible to do everything perfect, and you aren’t alone.
44. What’s in your way?
● Operational needs
● Budget
● Hardware
● User Experience
45. What’s in your way?
“We have to get to market and we don’t have time for all these
security changes.”
46. What’s in your way?
“These extra security modules won’t fit in our per-unit budget.”
47. What’s in your way?
“Our wireless module only supports BLE 4.0 and can’t sacrifice
battery life for extra encryption.”
48. What’s in your way?
“We can’t require our users to do some complex pairing process.”
49. Game Plan
1. Understand your specific risks
2. Evaluate the strategies and patterns that best apply within your constraints
3. Do as much as you possibly can
4. Never forget what’s at stake
52. Blockchain? - because we know someone will ask
If a public distributed ledger makes sense to secure your identities and audit your
devices, then… maybe.
● Identities
● Audit trails
● Access management
