SlideShare une entreprise Scribd logo

[Lithuania] I am the cavalry

OWASP EEE
OWASP EEE

I Am The Cavalry is an organization that aims to improve cyber safety for connected technologies that can impact public safety and human life. Their mission is to ensure these technologies are trustworthy. They do this by collecting research on vulnerabilities, connecting researchers with industry and policymakers, and catalyzing positive action. Their goal is to address issues sooner than would otherwise happen through education, outreach, and advocating for "safety by design", security updates, and other principles. They have started collaborating with medical device companies and aim to expand to other areas like automotive to help establish security best practices.

Internet
1  sur  36
Télécharger pour lire hors ligne
I AM THE CAVALRY http://iamthecavalry.org @iamthecavalry SHOULDN’T YOU BE ALSO?
CLAUS CRAMON HOUMANN Infosec Community Manager @ Peerlyst (A start-up Infosec community/Social platform that wants to turn the tables on cyber security) Infosec Consultant The Analogies contributor Twitter: @claushoumann
IDEA “Our dependence on technology is growing faster than our ability to secure it”
IDEA “Our society has evolved faster than our laws”
IDEA But why wait.......
ALL SYSTEMS FAIL* * Yes; all
WHERE DO WE SEE CONNECTIVITY NOW? In Our Bodies In Our Homes In Our InfrastructureIn Our Cars
HEARTBLEED + (UNPATCHABLE) INTERNET OF THINGS == ___ ? In Our Bodies In Our Homes In Our InfrastructureIn Our Cars
SAY BABY MONITORS AGAIN? In Our Homes Source: Rapid7 research/Mark Stanislav: Baby monitors https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-
THEN
BUT ALSO
IT’S SAFETY NOT JUST SECURITY Ouch!
Cars have computers Computers have security issues Security issues in cars are safety issues Safety issues can cost or imperil lives
www.iamthecavalry.org @iamthecavalry Past versus Future Bolt-On Vs Built-In
SOMEONE WILL FIX IT FOR US Chapter 2
OR NOT…….. Chapter 3
Let’s create ripples
A DO-OCRACY OF DO’ERS. W H ER E D OIN G STARTS W ITH EMPATHY And by ripples I mean
The Point?
NEVER DOUBT THAT A SMALL GROUP OF THOUGHTFUL, COMMITTED CITIZENS CAN CHANGE THE WORLD; IT’S THE ONLY THING THAT EVER HAS. - MAR GAR ET MEAD ( A N A M E R I C A N C U LT U R A L A N T H R O P O L O G I S T )
•The The Cavalry isn’t coming… It falls to us Problem Statement Our society is adopting connected technology faster than we are able to secure it. Mission Statement To ensure connected technologies with the potential to impact public safety and human life are worthy of our trust. Collecting existing research, researchers, and resources Connecting researchers with each other, industry, media, policy, and legal Collaborating across a broad range of backgrounds, interests, and skillsets Catalyzing positive action sooner than it would have happened on its own Why Trust, public safety, human life How Education, outreach, research Who Infosec research community Who Global, grass roots initiative WhatLong-term vision for cyber safety Medical Automotive Connected Home Public Infrastructure I Am The Cavalry
Connections and Ongoing Collaborations 5-Star Framework 5-Star Capabilities  Safety by Design – Anticipate failure and plan mitigation  Third-Party Collaboration – Engage willing allies  Evidence Capture – Observe and learn from failure  Security Updates – Respond quickly to issues discovered  Segmentation & Isolation – Prevent cascading failure Addressing Automotive Cyber Systems Automotive Engineers Security Researchers Policy Makers Insurance Analysts Accident Investigators Standards Organizations https://www.iamthecavalry.org/auto/5star/
www.iamthecavalry.org @iamthecavalry 5-Star Cyber Safety Formal Capacities 1. Safety By Design 2. Third Party Collaboration 3. Evidence Capture 4. Security Updates 5. Segmentation and Isolation Plain Speak 1. Avoid Failure 2. Engage Allies To Avoid Failure 3. Learn From Failure 4. Respond to Failure 5. Isolate Failure
5 STARS 5 star ICS 5 star IoT 5 star medical devices
www.iamthecavalry.org @iamthecavalry And! • Dräger on board with I am the Cavalry as first medical device producer working directly in sync with us • Their Product Security Manager is even directly involved now
AND MORE IN OTHER AREAS COMING We try to connect researchers to 1. Lawmakers to inform of meaningful changes to laws to enforce secure by default 2. Vendors/producers to inform of secure ways to build securely by design and of identified vulnerabilities 3. Purchasers of devices (example: Pacemakers, car distributors) to explain to them why they need to contractually demand security – if there is demand vendors will supply
AND YES I DID SAY LAWMAKERS It is WEIRD for you to have to listen to. I agree, but
WHAT YOU CAN DO Chapter 5
CONNECTIONS/CONNECTORS WANTED Breakers and Builders Legal and Policy Citizens, Connectors Parents/Guardians Community Leaders/Bloggers/Podcasters/etc.
MOUNT UP AND BE THE CAVALRY YOU DON’T ACTUALY NEED A HORSE
SAFER. SOONER. TOGETHER http://iamthecavalry.org @iamthecavalry
-> OWASK SKF -> OWASP SECURITY SHEPHERD -> OWASP ZAP Recommendations: Use SDLC

Recommandé

Threat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates NewsThreat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates News
Black Duck by Synopsys
 
Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability
Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 VulnerabilityOpen Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability
Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability
Black Duck by Synopsys
 
Are Your IT Systems Secure?
Are Your IT Systems Secure?Are Your IT Systems Secure?
Are Your IT Systems Secure?
Nex-Tech
 
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesOpen Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Black Duck by Synopsys
 
Any of these folks work with you?
Any of these folks work with you?Any of these folks work with you?
Any of these folks work with you?
Kevin O'Connor
 
What are the top 10 web security risks?
What are the top 10 web security risks?What are the top 10 web security risks?
What are the top 10 web security risks?
Jacklin Berry
 
Organizational Security: When People are Involved
Organizational Security: When People are InvolvedOrganizational Security: When People are Involved
Organizational Security: When People are Involved
Social Media Performance Group
 
10 Consequences of tech use and abuse
10 Consequences of tech use and abuse10 Consequences of tech use and abuse
10 Consequences of tech use and abuse
Entefy
 

Recommandé

Threat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates NewsThreat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates News
Black Duck by Synopsys
 
Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability
Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 VulnerabilityOpen Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability
Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability
Black Duck by Synopsys
 
Are Your IT Systems Secure?
Are Your IT Systems Secure?Are Your IT Systems Secure?
Are Your IT Systems Secure?
Nex-Tech
 
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesOpen Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Black Duck by Synopsys
 
Any of these folks work with you?
Any of these folks work with you?Any of these folks work with you?
Any of these folks work with you?
Kevin O'Connor
 
What are the top 10 web security risks?
What are the top 10 web security risks?What are the top 10 web security risks?
What are the top 10 web security risks?
Jacklin Berry
 
Organizational Security: When People are Involved
Organizational Security: When People are InvolvedOrganizational Security: When People are Involved
Organizational Security: When People are Involved
Social Media Performance Group
 
10 Consequences of tech use and abuse
10 Consequences of tech use and abuse10 Consequences of tech use and abuse
10 Consequences of tech use and abuse
Entefy
 
9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy
Entefy
 
The Silver Bullet of Cyber Security v1.1
The Silver Bullet of Cyber Security v1.1The Silver Bullet of Cyber Security v1.1
The Silver Bullet of Cyber Security v1.1
William Kiss
 
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Enterprise Management Associates
 
Five Mistakes of Incident Response
Five Mistakes of Incident ResponseFive Mistakes of Incident Response
Five Mistakes of Incident Response
Anton Chuvakin
 
Stki summit2013 infra_pini sigaltechnologies_v5 final
Stki summit2013 infra_pini sigaltechnologies_v5 finalStki summit2013 infra_pini sigaltechnologies_v5 final
Stki summit2013 infra_pini sigaltechnologies_v5 final
Ariel Evans
 
Protecting your Data in Google Apps
Protecting your Data in Google AppsProtecting your Data in Google Apps
Protecting your Data in Google Apps
Elastica Inc.
 
Cybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation SlidesCybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation Slides
SlideTeam
 
How to Improve Your Board’s Cyber Security Literacy
How to Improve Your Board’s Cyber Security LiteracyHow to Improve Your Board’s Cyber Security Literacy
How to Improve Your Board’s Cyber Security Literacy
Tripwire
 
100903 e assessment (dundee)
100903 e assessment (dundee)100903 e assessment (dundee)
100903 e assessment (dundee)
JISC Legal
 
Wiretap 5-collaboration-security-risks-revealed
Wiretap 5-collaboration-security-risks-revealedWiretap 5-collaboration-security-risks-revealed
Wiretap 5-collaboration-security-risks-revealed
Britt Newton
 
Maleeff university of toronto 11 july 2019
Maleeff university of toronto 11 july 2019Maleeff university of toronto 11 july 2019
Maleeff university of toronto 11 july 2019
Stephen Abram
 
Social Media Policy
Social Media PolicySocial Media Policy
Social Media Policy
Elizabeth Engel
 
Autisable com-2020-05-13-cybersecurity-matters-
Autisable com-2020-05-13-cybersecurity-matters-Autisable com-2020-05-13-cybersecurity-matters-
Autisable com-2020-05-13-cybersecurity-matters-
Saad Ahmad
 
Business continuity in the lean times
Business continuity in the lean timesBusiness continuity in the lean times
Business continuity in the lean times
Steven Aiello
 
How secure is your company's information?
How secure is your company's information?How secure is your company's information?
How secure is your company's information?
eLeaP
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boards
Paul McGillicuddy
 
Managing insider threat
Managing insider threatManaging insider threat
Managing insider threat
milliemill
 
Review Paper ( Research Articles )
Review Paper ( Research Articles )Review Paper ( Research Articles )
Review Paper ( Research Articles )
SaadSaif6
 
Philippines ‘lagging behind’ on cloud adoption
Philippines ‘lagging behind’ on cloud adoptionPhilippines ‘lagging behind’ on cloud adoption
Philippines ‘lagging behind’ on cloud adoption
John Davis
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware
IBM Security
 
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
OWASP EEE
 
[Russia] Node.JS - Architecture and Vulnerabilities
[Russia] Node.JS - Architecture and Vulnerabilities[Russia] Node.JS - Architecture and Vulnerabilities
[Russia] Node.JS - Architecture and Vulnerabilities
OWASP EEE
 

Contenu connexe

Tendances

9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy
Entefy
 
The Silver Bullet of Cyber Security v1.1
The Silver Bullet of Cyber Security v1.1The Silver Bullet of Cyber Security v1.1
The Silver Bullet of Cyber Security v1.1
William Kiss
 
Stki summit2013 infra_pini sigaltechnologies_v5 final
Stki summit2013 infra_pini sigaltechnologies_v5 finalStki summit2013 infra_pini sigaltechnologies_v5 final
Stki summit2013 infra_pini sigaltechnologies_v5 final
Ariel Evans
 
Protecting your Data in Google Apps
Protecting your Data in Google AppsProtecting your Data in Google Apps
Protecting your Data in Google Apps
Elastica Inc.
 
Cybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation SlidesCybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation Slides
SlideTeam
 
Wiretap 5-collaboration-security-risks-revealed
Wiretap 5-collaboration-security-risks-revealedWiretap 5-collaboration-security-risks-revealed
Wiretap 5-collaboration-security-risks-revealed
Britt Newton
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boards
Paul McGillicuddy
 
Managing insider threat
Managing insider threatManaging insider threat
Managing insider threat
milliemill
 

Tendances (20)

9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy
 
The Silver Bullet of Cyber Security v1.1
The Silver Bullet of Cyber Security v1.1The Silver Bullet of Cyber Security v1.1
The Silver Bullet of Cyber Security v1.1
 
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...
 
Five Mistakes of Incident Response
Five Mistakes of Incident ResponseFive Mistakes of Incident Response
Five Mistakes of Incident Response
 
Stki summit2013 infra_pini sigaltechnologies_v5 final
Stki summit2013 infra_pini sigaltechnologies_v5 finalStki summit2013 infra_pini sigaltechnologies_v5 final
Stki summit2013 infra_pini sigaltechnologies_v5 final
 
Protecting your Data in Google Apps
Protecting your Data in Google AppsProtecting your Data in Google Apps
Protecting your Data in Google Apps
 
Cybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation SlidesCybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation Slides
 
How to Improve Your Board’s Cyber Security Literacy
How to Improve Your Board’s Cyber Security LiteracyHow to Improve Your Board’s Cyber Security Literacy
How to Improve Your Board’s Cyber Security Literacy
 
100903 e assessment (dundee)
100903 e assessment (dundee)100903 e assessment (dundee)
100903 e assessment (dundee)
 
Wiretap 5-collaboration-security-risks-revealed
Wiretap 5-collaboration-security-risks-revealedWiretap 5-collaboration-security-risks-revealed
Wiretap 5-collaboration-security-risks-revealed
 
Maleeff university of toronto 11 july 2019
Maleeff university of toronto 11 july 2019Maleeff university of toronto 11 july 2019
Maleeff university of toronto 11 july 2019
 
Social Media Policy
Social Media PolicySocial Media Policy
Social Media Policy
 
Autisable com-2020-05-13-cybersecurity-matters-
Autisable com-2020-05-13-cybersecurity-matters-Autisable com-2020-05-13-cybersecurity-matters-
Autisable com-2020-05-13-cybersecurity-matters-
 
Business continuity in the lean times
Business continuity in the lean timesBusiness continuity in the lean times
Business continuity in the lean times
 
How secure is your company's information?
How secure is your company's information?How secure is your company's information?
How secure is your company's information?
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boards
 
Managing insider threat
Managing insider threatManaging insider threat
Managing insider threat
 
Review Paper ( Research Articles )
Review Paper ( Research Articles )Review Paper ( Research Articles )
Review Paper ( Research Articles )
 
Philippines ‘lagging behind’ on cloud adoption
Philippines ‘lagging behind’ on cloud adoptionPhilippines ‘lagging behind’ on cloud adoption
Philippines ‘lagging behind’ on cloud adoption
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware
 

En vedette

RESUME OF MAHFUZUR RAHMAN_Oct' 15
RESUME OF MAHFUZUR RAHMAN_Oct' 15RESUME OF MAHFUZUR RAHMAN_Oct' 15
RESUME OF MAHFUZUR RAHMAN_Oct' 15
Mahfuzur Rahman
 

En vedette (12)

[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
 
[Russia] Node.JS - Architecture and Vulnerabilities
[Russia] Node.JS - Architecture and Vulnerabilities[Russia] Node.JS - Architecture and Vulnerabilities
[Russia] Node.JS - Architecture and Vulnerabilities
 
Dia da Música
Dia da MúsicaDia da Música
Dia da Música
 
[Austria] Security by Design
[Austria] Security by Design[Austria] Security by Design
[Austria] Security by Design
 
[Cluj] CSP (Content Security Policy)
[Cluj] CSP (Content Security Policy)[Cluj] CSP (Content Security Policy)
[Cluj] CSP (Content Security Policy)
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors
 
[Poland] It's only about frontend
[Poland] It's only about frontend[Poland] It's only about frontend
[Poland] It's only about frontend
 
[Russia] Give me a stable input
[Russia] Give me a stable input[Russia] Give me a stable input
[Russia] Give me a stable input
 
[Lithuania] DigiCerts and DigiID to Enterprise apps
[Lithuania] DigiCerts and DigiID to Enterprise apps[Lithuania] DigiCerts and DigiID to Enterprise apps
[Lithuania] DigiCerts and DigiID to Enterprise apps
 
[Bucharest] XML Based Attacks
[Bucharest] XML Based Attacks[Bucharest] XML Based Attacks
[Bucharest] XML Based Attacks
 
RESUME OF MAHFUZUR RAHMAN_Oct' 15
RESUME OF MAHFUZUR RAHMAN_Oct' 15RESUME OF MAHFUZUR RAHMAN_Oct' 15
RESUME OF MAHFUZUR RAHMAN_Oct' 15
 
[Russia] MySQL OOB injections
[Russia] MySQL OOB injections[Russia] MySQL OOB injections
[Russia] MySQL OOB injections
 

Similaire à [Lithuania] I am the cavalry

Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
Dominic Vogel
 
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxPROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
woodruffeloisa
 

Similaire à [Lithuania] I am the cavalry (20)

I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
 
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
 
Netflix SIRT - Culture and Tech -Trainman
Netflix SIRT - Culture and Tech -TrainmanNetflix SIRT - Culture and Tech -Trainman
Netflix SIRT - Culture and Tech -Trainman
 
Unpatchable: Living with a vulnerable implanted device
Unpatchable: Living with a vulnerable implanted deviceUnpatchable: Living with a vulnerable implanted device
Unpatchable: Living with a vulnerable implanted device
 
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
 
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxPROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland
 
Cognitive Computing in Security with AI
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI
 
IT security
IT securityIT security
IT security
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)
 
The Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
The Rising Tide Raises All Boats: The Advancement of Science of CybersecurityThe Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
The Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
 
Threat intelligence minority report
Threat intelligence minority reportThreat intelligence minority report
Threat intelligence minority report
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
 
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaGovernance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
 

Plus de OWASP EEE

Plus de OWASP EEE (17)

[Austria] ZigBee exploited
[Austria] ZigBee exploited[Austria] ZigBee exploited
[Austria] ZigBee exploited
 
[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking Trojan[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking Trojan
 
[Poland] SecOps live cooking with OWASP appsec tools
[Poland] SecOps live cooking with OWASP appsec tools[Poland] SecOps live cooking with OWASP appsec tools
[Poland] SecOps live cooking with OWASP appsec tools
 
[Cluj] Turn SSL ON
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ON
 
[Cluj] Information Security Through Gamification
[Cluj] Information Security Through Gamification[Cluj] Information Security Through Gamification
[Cluj] Information Security Through Gamification
 
[Cluj] A distributed - collaborative client certification system
[Cluj] A distributed - collaborative client certification system[Cluj] A distributed - collaborative client certification system
[Cluj] A distributed - collaborative client certification system
 
[Russia] Bugs -> max, time <= T
[Russia] Bugs -> max, time <= T[Russia] Bugs -> max, time <= T
[Russia] Bugs -> max, time <= T
 
[Russia] Building better product security
[Russia] Building better product security[Russia] Building better product security
[Russia] Building better product security
 
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
 
[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information Disclosure[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information Disclosure
 
[Hungary] Survival is not mandatory. The air force one has departured are you...
[Hungary] Survival is not mandatory. The air force one has departured are you...[Hungary] Survival is not mandatory. The air force one has departured are you...
[Hungary] Survival is not mandatory. The air force one has departured are you...
 
[Hungary] Secure Software? Start appreciating your developers!
[Hungary] Secure Software? Start appreciating your developers![Hungary] Secure Software? Start appreciating your developers!
[Hungary] Secure Software? Start appreciating your developers!
 
[Bucharest] Your intents are dirty, droid!
[Bucharest] Your intents are dirty, droid![Bucharest] Your intents are dirty, droid!
[Bucharest] Your intents are dirty, droid!
 
[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide
 
[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security
 
[Bucharest] Reversing the Apple Sandbox
[Bucharest] Reversing the Apple Sandbox[Bucharest] Reversing the Apple Sandbox
[Bucharest] Reversing the Apple Sandbox
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
 

Dernier

Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Delhi Call girls
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
soniya singh
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Escorts Call Girls
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
roncy bisnoi
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
nilamkumrai
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
SUHANI PANDEY
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
SUHANI PANDEY
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
SUHANI PANDEY
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
SUHANI PANDEY
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
Escorts Call Girls
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
imonikaupta
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
nilamkumrai
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
singhpriety023
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
SUHANI PANDEY
 

Dernier (20)

Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 

[Lithuania] I am the cavalry

  • 1. I AM THE CAVALRY http://iamthecavalry.org @iamthecavalry SHOULDN’T YOU BE ALSO?
  • 2. CLAUS CRAMON HOUMANN Infosec Community Manager @ Peerlyst (A start-up Infosec community/Social platform that wants to turn the tables on cyber security) Infosec Consultant The Analogies contributor Twitter: @claushoumann
  • 3. IDEA “Our dependence on technology is growing faster than our ability to secure it”
  • 4. IDEA “Our society has evolved faster than our laws”
  • 7. WHERE DO WE SEE CONNECTIVITY NOW? In Our Bodies In Our Homes In Our InfrastructureIn Our Cars
  • 8. HEARTBLEED + (UNPATCHABLE) INTERNET OF THINGS == ___ ? In Our Bodies In Our Homes In Our InfrastructureIn Our Cars
  • 9. SAY BABY MONITORS AGAIN? In Our Homes Source: Rapid7 research/Mark Stanislav: Baby monitors https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-
  • 10. THEN
  • 12. IT’S SAFETY NOT JUST SECURITY Ouch!
  • 13. Cars have computers Computers have security issues Security issues in cars are safety issues Safety issues can cost or imperil lives
  • 15. SOMEONE WILL FIX IT FOR US Chapter 2
  • 16.
  • 19. A DO-OCRACY OF DO’ERS. W H ER E D OIN G STARTS W ITH EMPATHY And by ripples I mean
  • 20.
  • 21.
  • 22.
  • 24. NEVER DOUBT THAT A SMALL GROUP OF THOUGHTFUL, COMMITTED CITIZENS CAN CHANGE THE WORLD; IT’S THE ONLY THING THAT EVER HAS. - MAR GAR ET MEAD ( A N A M E R I C A N C U LT U R A L A N T H R O P O L O G I S T )
  • 25. •The The Cavalry isn’t coming… It falls to us Problem Statement Our society is adopting connected technology faster than we are able to secure it. Mission Statement To ensure connected technologies with the potential to impact public safety and human life are worthy of our trust. Collecting existing research, researchers, and resources Connecting researchers with each other, industry, media, policy, and legal Collaborating across a broad range of backgrounds, interests, and skillsets Catalyzing positive action sooner than it would have happened on its own Why Trust, public safety, human life How Education, outreach, research Who Infosec research community Who Global, grass roots initiative WhatLong-term vision for cyber safety Medical Automotive Connected Home Public Infrastructure I Am The Cavalry
  • 26. Connections and Ongoing Collaborations 5-Star Framework 5-Star Capabilities  Safety by Design – Anticipate failure and plan mitigation  Third-Party Collaboration – Engage willing allies  Evidence Capture – Observe and learn from failure  Security Updates – Respond quickly to issues discovered  Segmentation & Isolation – Prevent cascading failure Addressing Automotive Cyber Systems Automotive Engineers Security Researchers Policy Makers Insurance Analysts Accident Investigators Standards Organizations https://www.iamthecavalry.org/auto/5star/
  • 27. www.iamthecavalry.org @iamthecavalry 5-Star Cyber Safety Formal Capacities 1. Safety By Design 2. Third Party Collaboration 3. Evidence Capture 4. Security Updates 5. Segmentation and Isolation Plain Speak 1. Avoid Failure 2. Engage Allies To Avoid Failure 3. Learn From Failure 4. Respond to Failure 5. Isolate Failure
  • 28. 5 STARS 5 star ICS 5 star IoT 5 star medical devices
  • 29. www.iamthecavalry.org @iamthecavalry And! • Dräger on board with I am the Cavalry as first medical device producer working directly in sync with us • Their Product Security Manager is even directly involved now
  • 30. AND MORE IN OTHER AREAS COMING We try to connect researchers to 1. Lawmakers to inform of meaningful changes to laws to enforce secure by default 2. Vendors/producers to inform of secure ways to build securely by design and of identified vulnerabilities 3. Purchasers of devices (example: Pacemakers, car distributors) to explain to them why they need to contractually demand security – if there is demand vendors will supply
  • 31. AND YES I DID SAY LAWMAKERS It is WEIRD for you to have to listen to. I agree, but
  • 32. WHAT YOU CAN DO Chapter 5
  • 33. CONNECTIONS/CONNECTORS WANTED Breakers and Builders Legal and Policy Citizens, Connectors Parents/Guardians Community Leaders/Bloggers/Podcasters/etc.
  • 34. MOUNT UP AND BE THE CAVALRY YOU DON’T ACTUALY NEED A HORSE
  • 36. -> OWASK SKF -> OWASP SECURITY SHEPHERD -> OWASP ZAP Recommendations: Use SDLC