Submit Search
Upload
2017 March ISACA Security Challenges with the Internet of Things - Eric Vanderburg
•
Download as PPTX, PDF
•
3 likes
•
10,785 views
Eric Vanderburg
Follow
Presentation given by Eric Vanderburg at ISACA on IoT security challenges.
Read less
Read more
Technology
Report
Share
Report
Share
1 of 50
Download now
Recommended
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Eric Vanderburg
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
ConSanFrancisco123
Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101
PECB
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration Testing
Shah Sheikh
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
NetWatcher
DTS Solution - Company Presentation
DTS Solution - Company Presentation
Shah Sheikh
Recommended
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Eric Vanderburg
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
ConSanFrancisco123
Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101
PECB
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration Testing
Shah Sheikh
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
NetWatcher
DTS Solution - Company Presentation
DTS Solution - Company Presentation
Shah Sheikh
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. Compliance
Joshua Berman
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
centralohioissa
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2
Brad Deflin
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
centralohioissa
The Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security Service
F-Secure Corporation
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough
The State of Ransomware 2020
The State of Ransomware 2020
Netpluz Asia Pte Ltd
Smarter Security - A Practical Guide to Doing More with Less
Smarter Security - A Practical Guide to Doing More with Less
Omar Khawaja
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec
Addressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider Threats
Forcepoint LLC
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2
Graham Mann
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Resilient Systems
Cloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 Steps
Omar Khawaja
Vulnerability management - beyond scanning
Vulnerability management - beyond scanning
Vladimir Jirasek
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
Jason Clark
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS Solution
IBM Security
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Berezha Security Group
Entidades eficientes: el poder de la Arquitectura TI Colombia
Entidades eficientes: el poder de la Arquitectura TI Colombia
Corporacion Colombia Digital
Simulado Prova Brasil Descritores Matematica
Simulado Prova Brasil Descritores Matematica
Izaura Franco
More Related Content
What's hot
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. Compliance
Joshua Berman
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
centralohioissa
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2
Brad Deflin
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
centralohioissa
The Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security Service
F-Secure Corporation
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough
The State of Ransomware 2020
The State of Ransomware 2020
Netpluz Asia Pte Ltd
Smarter Security - A Practical Guide to Doing More with Less
Smarter Security - A Practical Guide to Doing More with Less
Omar Khawaja
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec
Addressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider Threats
Forcepoint LLC
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2
Graham Mann
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Resilient Systems
Cloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 Steps
Omar Khawaja
Vulnerability management - beyond scanning
Vulnerability management - beyond scanning
Vladimir Jirasek
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
Jason Clark
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS Solution
IBM Security
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Berezha Security Group
What's hot
(20)
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. Compliance
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
The Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security Service
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
The State of Ransomware 2020
The State of Ransomware 2020
Smarter Security - A Practical Guide to Doing More with Less
Smarter Security - A Practical Guide to Doing More with Less
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Addressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider Threats
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Cloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 Steps
Vulnerability management - beyond scanning
Vulnerability management - beyond scanning
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS Solution
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Viewers also liked
Entidades eficientes: el poder de la Arquitectura TI Colombia
Entidades eficientes: el poder de la Arquitectura TI Colombia
Corporacion Colombia Digital
Simulado Prova Brasil Descritores Matematica
Simulado Prova Brasil Descritores Matematica
Izaura Franco
Informe "¿Existe una relación entre género, cambio climático y salud?"
Informe "¿Existe una relación entre género, cambio climático y salud?"
Crónicas del despojo
Parejas lógicas
Parejas lógicas
María José De Luis Flores
Rudnick 2017 water seminar-3
Rudnick 2017 water seminar-3
Nebraska Water Center
Agosto 2016
Agosto 2016
Julián Pérez
Планирование рабочего времени персонала Bonsoft HRP
Планирование рабочего времени персонала Bonsoft HRP
Danil Krasnov (da.krasnov@gmail.com)
Prezentatsia na temu_elektronnaya_pochta
Prezentatsia na temu_elektronnaya_pochta
Andrey1245
IoT security (Internet of Things)
IoT security (Internet of Things)
Sanjay Kumar (Seeking options outside India)
3Com 69-001566-00
3Com 69-001566-00
savomir
Memorias virtuales
Memorias virtuales
Enrike Mendoza
Презентація:Розв"язування задач на готових кресленнях. Теорема Піфагора.
Презентація:Розв"язування задач на готових кресленнях. Теорема Піфагора.
sveta7940
3Com 6P997
3Com 6P997
savomir
Cómo realizar una búsqueda en bases de datos
Cómo realizar una búsqueda en bases de datos
paolasuarez14_
Qué es devaluación cuestionario de problema
Qué es devaluación cuestionario de problema
jaime rafael mendoza torreyes
Viewers also liked
(15)
Entidades eficientes: el poder de la Arquitectura TI Colombia
Entidades eficientes: el poder de la Arquitectura TI Colombia
Simulado Prova Brasil Descritores Matematica
Simulado Prova Brasil Descritores Matematica
Informe "¿Existe una relación entre género, cambio climático y salud?"
Informe "¿Existe una relación entre género, cambio climático y salud?"
Parejas lógicas
Parejas lógicas
Rudnick 2017 water seminar-3
Rudnick 2017 water seminar-3
Agosto 2016
Agosto 2016
Планирование рабочего времени персонала Bonsoft HRP
Планирование рабочего времени персонала Bonsoft HRP
Prezentatsia na temu_elektronnaya_pochta
Prezentatsia na temu_elektronnaya_pochta
IoT security (Internet of Things)
IoT security (Internet of Things)
3Com 69-001566-00
3Com 69-001566-00
Memorias virtuales
Memorias virtuales
Презентація:Розв"язування задач на готових кресленнях. Теорема Піфагора.
Презентація:Розв"язування задач на готових кресленнях. Теорема Піфагора.
3Com 6P997
3Com 6P997
Cómo realizar una búsqueda en bases de datos
Cómo realizar una búsqueda en bases de datos
Qué es devaluación cuestionario de problema
Qué es devaluación cuestionario de problema
Similar to 2017 March ISACA Security Challenges with the Internet of Things - Eric Vanderburg
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
Great Bay Software
Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018
African Cyber Security Summit
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
R-Style Lab
Privacy and security in IoT
Privacy and security in IoT
Vasco Veloso
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
BeyondTrust
Zero Trust Networks
Zero Trust Networks
Practical Code, LLC
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM Solutions
SolarWinds
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM Solutions
Joshua Berman
Nvis, inc. 03 18-2020 - final
Nvis, inc. 03 18-2020 - final
A. Phillip Smith
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
Pierluigi Paganini
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Denim Group
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
Andris Soroka
The Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your Toolkit
Dawn Yankeelov
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security Perspective
Pragati Rai
What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?
lorzinian
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?
Zscaler
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
AI Frontiers
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Zivaro Inc
An approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptx
amalouwarda1
IoT Security
IoT Security
Narudom Roongsiriwong, CISSP
Similar to 2017 March ISACA Security Challenges with the Internet of Things - Eric Vanderburg
(20)
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
Privacy and security in IoT
Privacy and security in IoT
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
Zero Trust Networks
Zero Trust Networks
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM Solutions
Nvis, inc. 03 18-2020 - final
Nvis, inc. 03 18-2020 - final
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
The Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your Toolkit
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security Perspective
What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
An approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptx
IoT Security
IoT Security
More from Eric Vanderburg
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Eric Vanderburg
Mobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
Eric Vanderburg
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
Eric Vanderburg
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
Eric Vanderburg
Principles of technology management
Principles of technology management
Eric Vanderburg
Japanese railway technology
Japanese railway technology
Eric Vanderburg
Evaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
Eric Vanderburg
Japanese current and future technology management challenges
Japanese current and future technology management challenges
Eric Vanderburg
Technology management in Japan: Robotics
Technology management in Japan: Robotics
Eric Vanderburg
Incident response table top exercises
Incident response table top exercises
Eric Vanderburg
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Eric Vanderburg
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Eric Vanderburg
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Eric Vanderburg
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Eric Vanderburg
Untangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security Awareness
Eric Vanderburg
Physical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric Vanderburg
Eric Vanderburg
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
Eric Vanderburg
More from Eric Vanderburg
(20)
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Mobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
Principles of technology management
Principles of technology management
Japanese railway technology
Japanese railway technology
Evaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
Japanese current and future technology management challenges
Japanese current and future technology management challenges
Technology management in Japan: Robotics
Technology management in Japan: Robotics
Incident response table top exercises
Incident response table top exercises
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Untangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security Awareness
Physical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric Vanderburg
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
Recently uploaded
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Recently uploaded
(20)
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
2017 March ISACA Security Challenges with the Internet of Things - Eric Vanderburg
1.
© 2017 JURINNOV,
LLC All Rights Reserved. Security Challenges with the Internet of Things ISACA MARCH 2017 ERIC VANDERBURG DIRECTOR, CYBERSECURITY JURINNOV, A TCDI COMPANY
2.
© 2017 JURINNOV,
LLC All Rights Reserved.
3.
© 2017 JURINNOV,
LLC All Rights Reserved. Topics • Overview • Uses • Challenges • Strategies
4.
© 2017 JURINNOV,
LLC All Rights Reserved. IoT security statistics • 93% of IoT early adopters are concerned about IoT security -Global IoT Report 2017 from IoT Works • 6.4 billion IoT devices in use today and 5.5 million added per day - Gartner • 85% of enterprises intend to deploy IoT devices, but only 10% feel confident in the security of those devices – AT&T Cybersecurity Insights Report
5.
© 2017 JURINNOV,
LLC All Rights Reserved. Uses of IoT IoT will be everywhere in the future and it is already where you don’t want it
6.
© 2017 JURINNOV,
LLC All Rights Reserved. Where is IoT 6 • Camera systems • Cars • Car apps with minimal security • Many vulnerabilities identified • Unencrypted credentials • Lack of integrity checks • Outdated communication protocols • Few actually exploited
7.
© 2017 JURINNOV,
LLC All Rights Reserved. Where is IoT? • Factories • Programmable Logic Controllers (PLC) for robotic systems • Industrial control systems • Smart meters • Smart homes • Animals and humans
8.
© 2017 JURINNOV,
LLC All Rights Reserved. IoT Toys Toys are connected to the Internet/cloud to: ◦Learn ◦Exchange data with friends ◦Obtain software updates ◦Allow for online customization ◦Obtain data on surroundings Targeted to get data on users Used for surveillance Good information for thieves
9.
© 2017 JURINNOV,
LLC All Rights Reserved. IoT Challenges • DDoS • Ransomware • Surveillance • Backdoors • Data breaches • Botnets
10.
© 2017 JURINNOV,
LLC All Rights Reserved. IoT and DDoS Protecting people, places, and assets
11.
© 2017 JURINNOV,
LLC All Rights Reserved. October 21, 2016 Internet hosting provider OVH was faced with a 1Tbps DDoS attack Botnet was entirely comprised of CCTV cameras Home routers and IP cameras turned into a botnet. Botnet was used to launch DDoS attacks against the Dyn DNS system targeting sites such as Twitter, Spotify, Amazon, Reddit, Yelp, Netflix, and The New York Times. September 22, 2016 September 13, 2016 Krebs on Security was hit by a 665Gbps DDoS attack The site was protected by Akamai, a company that specializes in protecting sites from attacks
12.
© 2017 JURINNOV,
LLC All Rights Reserved. DDoS statistics • About 75% of global organizations have been victims of a DDoS Attack -Neustar • 3,700 DDoS attacks occur every day -CSO • Malicious code for DDoS botnets has been found in up to 600,000 IoT devices –PC World
13.
© 2017 JURINNOV,
LLC All Rights Reserved. Effects of a DDoS attack • Entire shutdown of a small countries internet capability • Temporary outage of backbone DNS servers • Specific attacks can easily take down a single site
14.
© 2017 JURINNOV,
LLC All Rights Reserved. Defense strategies • Vulnerability scanning • Quarantining until remediation • Review vendor vulnerabilities, firmware release notes, and history. Do they have a track record of resolving vulnerabilities in a timely manner?
15.
© 2017 JURINNOV,
LLC All Rights Reserved. Defense strategies • Change default credentials • Use strong passwords • Update firmware regularly • Turn off unused features
16.
© 2017 JURINNOV,
LLC All Rights Reserved. IoT and Ransomware Protecting your credentials and identity
17.
© 2017 JURINNOV,
LLC All Rights Reserved. IoT and Ransomware • TV • Phone • Refrigerator •Locks • Smart home devices (lightbulbs, plugs, etc.) • Automated cars
18.
© 2017 JURINNOV,
LLC All Rights Reserved. IoT ransomware news • A hotel in Austria had it’s system compromised that locked guests out of their rooms until ransom was paid.
19.
© 2017 JURINNOV,
LLC All Rights Reserved. Easy Ransomware Targets • Many devices use android or Linux variant. • Software updates are infrequent or nonexistent. • Many users do not change default credentials • If credentials are present they are usually simple
20.
© 2017 JURINNOV,
LLC All Rights Reserved. • Hundreds of new ransomware variants just this year this year (over 400% increase since 2015) Stats KeRanger PayCrypt JobCryptor HiBuddy HydraCryptVipasana Umbrecrypt LOCKY CryptoJocker Nanolocker LeChiffre Magic Ginx 73v3n Mamba HDDCryptor SAMSAM Powerware Peyta Jigsaw Cerber Radamant Rokku
21.
© 2017 JURINNOV,
LLC All Rights Reserved. Ransoms • Ransoms range from 0.5 – 5 bitcoins Bitcoin valued at 767 USD or 719 EUR as of December, 2016 Ransoms for organizations are far more
22.
© 2017 JURINNOV,
LLC All Rights Reserved. Highest value targets • Banks • Hospitals • Universities • Government Agencies
23.
© 2017 JURINNOV,
LLC All Rights Reserved. IoT and Surveillance Protecting your credentials and identity
24.
© 2017 JURINNOV,
LLC All Rights Reserved. Surveillance • Android devices such as Android TVs or cars are vulnerable. • Not updated as often nor as easily • The TV can be off, but the camera and mic are still functioning
25.
© 2017 JURINNOV,
LLC All Rights Reserved. Surveillance • CIA tools •Weeping angel – monitors conversations from TVs •Malware injected into Huawei, ZTE and Mercury routers • The tools developed are not shipped with the devices but must be installed by physical media • The tools do not have the capability to install themselves remotely
26.
© 2017 JURINNOV,
LLC All Rights Reserved. Mark Zuckerberg is concerned What about you?
27.
© 2017 JURINNOV,
LLC All Rights Reserved. January 2017 CIA hacking tool documentation leaked on wikileaks The FDA announced that cardiac monitoring devices have vulnerabilities that allow them to be hacked. March 2017
28.
© 2017 JURINNOV,
LLC All Rights Reserved. Connected AI • Siri, Alexa, Cortana, etc. • All requests sent to an AI are recorded • These recordings may potentially be kept indefinably • It can record every word heard even if the AI is not in use at the time
29.
© 2017 JURINNOV,
LLC All Rights Reserved. Many IP cameras are easily accessible Default credentials No password No firewall Pierre Derks and restreaming reality
30.
© 2017 JURINNOV,
LLC All Rights Reserved. IoT Backdoors Is IoT the network’s weakest link?
31.
© 2017 JURINNOV,
LLC All Rights Reserved. Notable backdoors • 80 models of Sony cameras allow backdoor access for complete control of the device • Nearly all DblTek VoIP devices have root backdoor access • Some Samsung, LG, Asus, and Lenovo devices might be sold with a Trojan or ransomware preinstalled
32.
© 2017 JURINNOV,
LLC All Rights Reserved. Devices potentially with backdoors preinstalled • Galaxy Note 2 • LG G4 • Galaxy S7 • Galaxy S4 • Galaxy Note 4 • Galaxy Note 5 • Xiaomi Mi 4i • Galaxy A5 • ZTE x500 • Galaxy Note 3 • Galaxy Note Edge • Galaxy Tab S2 • Galaxy Tab 2 • Oppo N3 • Vivo X6 plus • Nexus 5 • Nexus 5X • Asus Zenfone 2 • LenovoS90 • OppoR7 plus • Xiaomi Redmi • Lenovo A850
33.
© 2017 JURINNOV,
LLC All Rights Reserved. Recent backdoor firmware found November 2016 AFFECTED DEVICES •ZTE • Huawei • Blu • AdUps firmware (on 700 million devices) WHAT IT DOES • Sniffs SMS messages and call logs • Gathers contact information • Records GPS location data • Sends data discreetly to China • Remotely execute malicious code with root privileges.
34.
© 2017 JURINNOV,
LLC All Rights Reserved. IoT Data Breaches Data exfiltration from IoT devices
35.
© 2017 JURINNOV,
LLC All Rights Reserved. December 2, 2015 CloudPets exposed 2.2 million voice recordings and account info of the 800,000 kids Data of 6.4 million children breached from Vtech devices. February 22, 2017 March 13, 2017 US Teledildonics collected sensitive information on information from IoT adult toys. Privacy infringement lawsuit settled with claimants.
36.
© 2017 JURINNOV,
LLC All Rights Reserved. Predictions • Forrester predicts more than 500,000 IoT devices will be compromised in 2017 • As adoption increases, so will attacks
37.
© 2017 JURINNOV,
LLC All Rights Reserved. What to do • IoT Security needs to be part of the design, not some tacked on afterthought • Each part of a device must be examined for potential vulnerabilities • Have backup systems in place in case an attacker gains access to the device.
38.
© 2017 JURINNOV,
LLC All Rights Reserved. IoT Botnets
39.
© 2017 JURINNOV,
LLC All Rights Reserved. Mirai • Botnet program responsible for largest breach in history • Source code is freely available online • Only takes about 30 minutes to set up
40.
© 2017 JURINNOV,
LLC All Rights Reserved. Botnet Overview • Bot • Program that performs automated tasks • Remote controlled • AKA: zombie or drone • Botnet – collection of bots remotely controlled and working together to perform tasks • Bot herder – bot master
41.
© 2017 JURINNOV,
LLC All Rights Reserved. Threat defined – What is done with botnets? • DDoS • Spam • Distribute copyrighted material • Torrents • Data mining • Hacking • Spread itself 41
42.
© 2017 JURINNOV,
LLC All Rights Reserved. Life Cycle Exploit ◦Malicious code ◦Unpatched vulnerabilities ◦Trojan ◦Password guessing Rally - Reporting in ◦Log into designated IRC channel and PM master ◦Make connection to http server ◦Post data to FTP or http form 42 Exploit Rally Preserve Inventory Await instructions Update Execute Report Clean up
43.
© 2017 JURINNOV,
LLC All Rights Reserved. Life Cycle • Preserve • Rootkit • Encrypt • Polymorph • Kill security services, firewall or debugging processes 43 Exploit Rally Preserve Inventory Await instructions Update Execute Report Clean up
44.
© 2017 JURINNOV,
LLC All Rights Reserved. Life Cycle • Inventory • determine capabilities such as RAM, HDD, Processor, Bandwidth, and pre-installed tools • Await instructions from C&C server • Update • Download payload/exploit • Update C&C lists 44 Exploit Rally Preserve Inventory Await instructions Update Execute Report Clean up
45.
© 2017 JURINNOV,
LLC All Rights Reserved. Life Cycle Execute commands ◦ DDoS ◦ Spam ◦ Harvest emails ◦ Keylog ◦ Screen capture ◦ Webcam stream ◦ Steal data Report back to C&C server Clean up - Erase evidence 45 Exploit Rally Preserve Inventory Await instructions Update Execute Report Clean up
46.
© 2017 JURINNOV,
LLC All Rights Reserved. IoT Security Strategies Securing IoT, one device at a time
47.
© 2017 JURINNOV,
LLC All Rights Reserved. IoT Security Features • Secure booting • Verify software/firmware integrity with digital signatures at startup • Start up security processes before networking processes • Access control • Least privilege • Authentication • Require authentication to network before communicating • Secure storage of credentials
48.
© 2017 JURINNOV,
LLC All Rights Reserved. IoT Secure Development • Security needs to be “by design” when developing IoT solutions • Account not only for normal people who put convenience first but also for attackers • Assume the system will fail and build in countermeasures
49.
© 2017 JURINNOV,
LLC All Rights Reserved. IoT Implementation Security • Segmentation • Firewall and IPS • Vulnerability scanning • Patch management • Turn it off if you don’t need it • Know where the data is stored such as in the cloud and how it is secured.
50.
© 2017 JURINNOV,
LLC All Rights Reserved. For more information 216-664-1100 www.jurinnov.com eav@jurinnov.com Twitter: @jurinnov and @evanderburg 1375 Euclid Avenue, Suite 400 Cleveland, Ohio 44115
Editor's Notes
1
3
Gartner - http://www.gartner.com/newsroom/id/3165317
CloudPets - https://www.cnet.com/news/cloudpets-iot-smart-toy-flaws-hacking-kids-info-children-cybersecurity/
9
Wired - http://www.wired.co.uk/article/austria-hotel-ransomware-true-doors-lock-hackers
http://www.pcworld.com/article/3147311/security/backdoor-accounts-found-in-80-sony-ip-security-camera-models.html http://www.securityweek.com/backdoor-found-dbltek-gsm-gateways
http://thehackernews.com/2017/03/android-malware-apps.html
http://thehackernews.com/2016/11/hacking-android-smartphone.html
Forrester - https://www.forbes.com/sites/gilpress/2016/11/01/internet-of-things-iot-2017-predictions-from-forrester/
Download now