Top Ten Challenges of Securing Smart Infrastructure

•

0 likes•115 views

Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

Niloufer Tamboly, presented Top Ten Challenges of Securing Smart Infrastructure at the New York Metro Joint Cyber Security Coalition 2020 Conference & Workshop on October 22, 2020.

Technology

Top Ten Challenges
of Securing Smart
Infrastructure
Niloufer Tamboly, CISSP, CCSP, CPA

I am Niloufer Tamboly
I am a risk management professional and help
companies manage risk, execute cybersecurity
strategy and accept risks appropriately based on
quantiﬁed risk appetite.
I am the organizer of the largest cybersecurity career
MeetUp group. Since 2012, I’ve coached IT
professionals transition to a career in cybersecurity.
Connect with me on LinkedIn!
2

Why Do I Care?
IDC's Worldwide Semiannual Smart
Cities Spending Guide: Worldwide
spending on technologies for smart cities
projects will grow to $135 billion by 2021
3

Can’t identify or predict
users environment
▸ Smart devices are ubiquitous so it
is difficult to identify or predict the
users environment.
9

Participants
10
People
The User
Shared Responsibility
Process
Vendor Diversity
Security Operations
Integrated Architecture
Systems
Resilient network

Smart Infrastructure May Not
Be Critical Instructure
▸ Identify the critical information and the infrastructure
because they may not be easily apparent.
11
10

Devices Are Mobile
▸ Due to the small form factor,
devices are mobile and not all
supporting infrastructure may
be secure.
12
9

Hardware Security
▸ Cost, Data, Life of Device
Considerations
▸ How much security can you expect
from a $10 device?
▸ What type of data is stored,
processed and transmitted?
14
7

Using Standards of Yesterday
▸ This includes mistakes made years ago, but were only
recently discovered or disclosed which can have big
implications in the future.
15
6

Evolving Threats
▸ New threats come up once a product
is released.
▸ Unknown unknowns
18
3

19
Sensor Security - Google Maps Fooled by Man Who
Used 99 Smartphones to Create a Fake Traﬃc Jam
2

Customer Engagement
▸ Educating the customer
and making them aware and
engaged for security
20
1

What Can We Do?
▸ Encourage users to participate
▸ Apply patches, ﬁrmware updates
timely
▸ Secure physical access to build a
defensive environment
21

Credits
Special thanks to all the people who made and released these
awesome resources for free:
▸ Presentation template by SlidesCarnival
▸ Illustrations by Sergei Tikhonov
▸ Photographs by Unsplash
22

What's hot

Success with enterprise Internet of Things (IoT) initiatives begins with strong partnerships between IT and operations technology (OT) organizations and identifying relevant use cases with measurable ROI. Next, choosing the right IoT architecture and technology requires determining the capabilities are needed at the edge and what are needed in the cloud and datacenter to minimize cost and enable analytics-driven action. This session will discusses the challenges involved with introducing sensors and smart devices into your network, including building infrastructure and analytics capabilities , and securing data and applications. Learn how Dell'S IoT-specific gateways, edge analytics software and infrastructure solutions provide flexible architecture options for multiple IoT use cases.

MT81 Keys to Successful Enterprise IoT Initiatives

Dell EMC World

Adapting for the Internet of Things

Tripwire

Understanding cyber resilience

Christophe Foulon, CISSP

SANS Critical Security Controls Summit London 2013

Wolfgang Kandek

Dell Solutions Tour 2014 Norge Florian Malecki, Product Marketing Director at Dell Silos of disconnected security information are killing your efficiency and effectiveness, making it more difficult than ever to be productive. These silos are cause by the layers of disjointed security tools and structure your organization has implemented. But Dell's approach to managing security is different. Attend this session to see how Dell's integrated approach knocks down security silos and brings solutions together to improve your efficiency and effectiveness.

Efficiency, effectiveness, productivity: Dell Connected Security in action

Kenneth de Brucq

Presented at this year European Identity and Cloud Conference 2012, Jim Taylor's Leveraging Identity to Manage Change and Complexity looks at controlling the risks and challenges of computing across multiple environments; providing users the appropriate access at the right time to the computing services they need to do their jobs; and ensuring computing is secure, compliant and portable. He discussed how identity, identity management and governance serve as the foundation for coping with an ever-changing IT environment, new business models, cloud models and more.

Leveraging Identity to Manage Change and Complexity

NetIQ

CyCon 3.0 presentation- February 15, 2020 Successful digital transformations don’t begin with technology, they begin with people. As organizations adopt DevOps and cloud and realize the increased release velocity, ensuring the security of software and systems at the same velocity is a necessity but doing so isn’t easy. In this talk you will learn about common security challenges in DevOps and cloud and the skills cybersecurity professionals need to solve these challenges.

Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...

Troy Marshall

Evolution security controls towards Cloud Services

Hugo Rodrigues

Tripwire Energy Working Group: Keynote w/Patrick Miller

Tripwire

Industrial Cybersecurity: Practical Tips for IT & OT Collaboration

Tripwire

Cloud security lessons learned and audit

Marc Vael

The Unisys Stealth suite of solutions uses identification, authentication, and encryption to provide security for endpoints, remote users, data centers, and data. The unique design of the solution enables Unisys to create undetectable authenticated user groups that appear invisible to the normal network, allowing critical information to be delivered in a secure network and enabling Unisys to effectively isolate, encrypt, and cloak networks. With its strong overall performance and demonstration of helping clients reduce risk, while also reducing complexity and cost, Unisys has earned Frost & Sullivan’s 2015 New Product Innovation Award.

Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...

Unisys Corporation

Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?

Codero

IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi

IBM Switzerland

Mobile Workspaces Go Where You Go [Infographic]

Citrix

Security Strategies for Success

Citrix

Not so long ago, the only way to access a new application was to install it from a floppy disk. Prehistory, huh? Now we have the Internet. Anytime. Anywhere. Everywhere: in the office, at home, in cafés, on the street, even on the beach. We live in a world where we are connected all the time. This influences our lifestyle, our interests and attitude, it changes the way we work. This means a whole new era for the software industry. And this era should be called “Cloud”.

Sleeping well with cloud services

Comarch_Services

ciso-platform-annual-summit-2013-Hp enterprise security overview

Priyanka Aash

Safety reliability and security lessons from defense for IoT

IoT613

Securing the Digital Economy: Reinventing the Internet

accenture

What's hot (20)

MT81 Keys to Successful Enterprise IoT Initiatives

Adapting for the Internet of Things

Understanding cyber resilience

SANS Critical Security Controls Summit London 2013

Efficiency, effectiveness, productivity: Dell Connected Security in action

Leveraging Identity to Manage Change and Complexity

Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...

Evolution security controls towards Cloud Services

Tripwire Energy Working Group: Keynote w/Patrick Miller

Industrial Cybersecurity: Practical Tips for IT & OT Collaboration

Cloud security lessons learned and audit

Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...

Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?

IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi

Mobile Workspaces Go Where You Go [Infographic]

Security Strategies for Success

Sleeping well with cloud services

ciso-platform-annual-summit-2013-Hp enterprise security overview

Safety reliability and security lessons from defense for IoT

Securing the Digital Economy: Reinventing the Internet

Similar to Top Ten Challenges of Securing Smart Infrastructure

The significance of the 7 Colors of Information Security

learntransformation0

Data is meant to roam, and contrary to popular opinion, better security is better business. But endpoints and users remain the key vulnerability to even the most robust security programs. In fact, 95% of all breaches occur at the endpoint, and organizations can still be susceptible to the latest viruses and malware. In this session you will learn how to protect your data on digital and physical workstations throughout the organization, wherever employees use it – at home, on the road, collaborating with partners, and more. Learn more at Dell.com/datasecurity

MT50 Data is the new currency: Protect it!

Dell EMC World

Delve Labs - Upcoming Security Challenges for the Internet of Things

Frederic Roy-Gobeil, CPA, CGA, M.Tax.

Internet

hetal001

Ten Expert Tips on Internet of Things Security

Dean Bonehill ♠Technology for Business♠

expert tips

Mcolisi Tineth Ngwenya

Cyber Security at CTX15, London

John Palfreyman

GR - Security Economics in IoT 150817- Rel.1

Clay Melugin

Cybersecurity is difficult. It is a serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk continue to mature and expand on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security. This presentation will discuss the emerging challenges as it analyzes the cause-and-effect relationships of factors driving the future of cybersecurity.

2014 the future evolution of cybersecurity

Matthew Rosenquist

Cyber attackers are better funded, more focused, and more successful than ever. Making matters worse, defenders have more IT territory to protect, including public cloud, virtual infrastructure, mobile, Internet of Things, and an expanding list of users, applications, and data. An evolution in security strategies is underway; shifting from a preventive approach to one that is more balanced across prevention, monitoring, and response. In this session, we delve into key innovations that enable a more effective defense and how RSA’s NetWitness suite is delivering many of these innovations.

MT 117 Key Innovations in Cybersecurity

Dell EMC World

ISACA smart security for smart devices

Marc Vael

Drivelock modern approach of it security & amp; encryption solution -whitep...

Arbp Worldwide

Information Technology Security Basics

Mohan Jadhav

Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise

SelectedPresentations

16231

James Grant

The Importance of Consolidating Your Infrastructure Security – by United Secu...

United Security Providers AG

It’s getting more complex to comply with new legislation and policies around data security. Meeting the high demands of end users that want Cloud and BYOD. In this session, you’ll get to see how Dell Dataprotection Protection & Encryption solution reduce encryption/security IT administrators work load and provide a transparent experience to their end-users, whilst reducing encryption complexity and cost.

Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...

Kenneth de Brucq

Security economics

Yansi Keim

This PowerPoint presentation delves into the critical role of technology in India and the growing risk of zero-day attacks. It highlights the significance of technology across various sectors, identifies the factors that make India vulnerable to cyber threats, discusses the potential consequences of these attacks, and outlines strategies for risk mitigation. The presentation underscores the urgency of protecting India's digital landscape and concludes with a call to action for strengthening cybersecurity measures.

Guarding Indias Digital Fortress The Vulnerability to Zero Day Attacks.pptx

ANA Cyber Security Forensic Pvt. Ltd.

The 5 most trusted cyber security companies to watch.

Merry D'souza

Similar to Top Ten Challenges of Securing Smart Infrastructure (20)

The significance of the 7 Colors of Information Security

MT50 Data is the new currency: Protect it!

Delve Labs - Upcoming Security Challenges for the Internet of Things

Internet

Ten Expert Tips on Internet of Things Security

expert tips

Cyber Security at CTX15, London

GR - Security Economics in IoT 150817- Rel.1

2014 the future evolution of cybersecurity

MT 117 Key Innovations in Cybersecurity

ISACA smart security for smart devices

Drivelock modern approach of it security & amp; encryption solution -whitep...

Information Technology Security Basics

Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise

16231

The Importance of Consolidating Your Infrastructure Security – by United Secu...

Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...

Security economics

Guarding Indias Digital Fortress The Vulnerability to Zero Day Attacks.pptx

The 5 most trusted cyber security companies to watch.

More from Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

Cybersecurity Careers - Step Up Skill Feb2023 (1).pdf

Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

How to Secure Your Small Business from Cyber Threats

Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

Title: How To Fix The Most Critical API Security Risks Description: Businesses are constantly looking for ways to improve their operations. One way to do this is by using APIs. APIs allow businesses to automate workflows, systems and applications. This can be helpful in many ways, but it can also be a source of security risks. If your business uses APIs, it is important to take precautions to protect them from cyberattacks. Learning Objectives: Importance of APIs in the digital ecosystem. Understand the top API Security risks. Practical tips to effectively secure APIs and workloads.

How To Fix The Most Critical API Security Risks.pdf

Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

QR code is being leveraged for fraud and degrades public trust when some bad actors weaponize technology like using email for phishing or deploying ransomware or calling users to intercept one-time passwords. Once users are scammed or know people who tell them about the scams, there is a distrust created for the technology which results in distrust towards its use. We rely on technology like emails, one time passwords, QR codes, and others for efficiently delivering service to our customers, securing them, reducing cost in this presentation we are going to learn how to drive digital trust one code at a time.

Drive Digital Trust One Code At A Time

Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

CyberCorps: Scholarship for Service Program

Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

IT Audit Career Path

Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

How To Become An IT Security Risk Analyst

Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

Cybersecurity Careers For Students

Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

Top cloud security certifications 2019

Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

Need For Hardware Security Controls in IoT

Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

5 Ways To Improve Cissp Exam Score Without Studying

Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

More from Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE (11)

Cybersecurity Careers - Step Up Skill Feb2023 (1).pdf

How to Secure Your Small Business from Cyber Threats

How To Fix The Most Critical API Security Risks.pdf

Drive Digital Trust One Code At A Time

CyberCorps: Scholarship for Service Program

IT Audit Career Path

How To Become An IT Security Risk Analyst

Cybersecurity Careers For Students

Top cloud security certifications 2019

Need For Hardware Security Controls in IoT

5 Ways To Improve Cissp Exam Score Without Studying

Recently uploaded

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

Speed Wins: From Kafka to APIs in Minutes

confluent

The Future of Platform Engineering

Jemma Hussein Allen

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

Bits & Pixels using AI for Good.........

Alison B. Lowndes

Welcome to UiPath Test Automation using UiPath Test Suite series part 2. In this session, we will cover API test automation along with a web automation demo. Topics covered: Test Automation introduction API Example of API automation Web automation demonstration Speaker Pathrudu Chintakayala, Associate Technical Architect @Yash and UiPath MVP Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Test Automation using UiPath Test Suite series, part 2

DianaGray10

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

Quantum Computing: Current Landscape and the Future Role of APIs

Vlad Stirbu

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.

Search and Society: Reimagining Information Access for Radical Futures

Bhaskar Mitra

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

JMeter webinar - integration with InfluxDB and Grafana

RTTS

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

ODC, Data Fabric and Architecture User Group

CatarinaPereira64715

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Abida Shariff

Recently uploaded (20)

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Speed Wins: From Kafka to APIs in Minutes

The Future of Platform Engineering

Essentials of Automations: Optimizing FME Workflows with Parameters

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

Accelerate your Kubernetes clusters with Varnish Caching

Bits & Pixels using AI for Good.........

UiPath Test Automation using UiPath Test Suite series, part 2

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

Quantum Computing: Current Landscape and the Future Role of APIs

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Search and Society: Reimagining Information Access for Radical Futures

JMeter webinar - integration with InfluxDB and Grafana

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

ODC, Data Fabric and Architecture User Group

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Top Ten Challenges of Securing Smart Infrastructure

1. Top Ten Challenges of Securing Smart Infrastructure Niloufer Tamboly, CISSP, CCSP, CPA

2. I am Niloufer Tamboly I am a risk management professional and help companies manage risk, execute cybersecurity strategy and accept risks appropriately based on quantiﬁed risk appetite. I am the organizer of the largest cybersecurity career MeetUp group. Since 2012, I’ve coached IT professionals transition to a career in cybersecurity. Connect with me on LinkedIn! 2

3. Why Do I Care? IDC's Worldwide Semiannual Smart Cities Spending Guide: Worldwide spending on technologies for smart cities projects will grow to $135 billion by 2021 3

4. What is smart infrastructure?

8. Usability, not Security, is the focus 8

9. Can’t identify or predict users environment ▸ Smart devices are ubiquitous so it is difficult to identify or predict the users environment. 9

10. Participants 10 People The User Shared Responsibility Process Vendor Diversity Security Operations Integrated Architecture Systems Resilient network

11. Smart Infrastructure May Not Be Critical Instructure ▸ Identify the critical information and the infrastructure because they may not be easily apparent. 11 10

12. Devices Are Mobile ▸ Due to the small form factor, devices are mobile and not all supporting infrastructure may be secure. 12 9

13. Not All Smart Devices Are The Same 13 8

14. Hardware Security ▸ Cost, Data, Life of Device Considerations ▸ How much security can you expect from a $10 device? ▸ What type of data is stored, processed and transmitted? 14 7

15. Using Standards of Yesterday ▸ This includes mistakes made years ago, but were only recently discovered or disclosed which can have big implications in the future. 15 6

16. High Level of Customization 16 5

17. Increased Connectivity 17 4

18. Evolving Threats ▸ New threats come up once a product is released. ▸ Unknown unknowns 18 3

19. 19 Sensor Security - Google Maps Fooled by Man Who Used 99 Smartphones to Create a Fake Traﬃc Jam 2

20. Customer Engagement ▸ Educating the customer and making them aware and engaged for security 20 1

21. What Can We Do? ▸ Encourage users to participate ▸ Apply patches, ﬁrmware updates timely ▸ Secure physical access to build a defensive environment 21

22. Credits Special thanks to all the people who made and released these awesome resources for free: ▸ Presentation template by SlidesCarnival ▸ Illustrations by Sergei Tikhonov ▸ Photographs by Unsplash 22

Top Ten Challenges of Securing Smart Infrastructure

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Top Ten Challenges of Securing Smart Infrastructure

Similar to Top Ten Challenges of Securing Smart Infrastructure (20)

More from Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

More from Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE (11)

Recently uploaded

Recently uploaded (20)

Top Ten Challenges of Securing Smart Infrastructure