SlideShare une entreprise Scribd logo

How to adapt to the IOT

Caston Thomas
Caston Thomas

Information Security Professionals are fast realizing that they are facing new challenges: 1) How do I strategize, budget, & execute today for a world that I can’t even imagine five years from now? 2) How do I sleep at night when after 99 successes, one small miscalculation could put my name on the front page of the Wall Street Journal or the headline of the Drudge Report? 3) Now that the guys in the high-back chairs in the corner offices want to invite me to their meetings, how do I put all this craziness into words that they can understand? In this fast changing world, let’s be honest, the pocketbooks have opened & IT Security is getting the funds <<yea>> & the attention <<boo>> that we need. The bottom line? You’ll leave this discussion with four or five things you can do that will keep you on the road to those 99 successes while making that story above the fold a little less likely.

Technologie
1  sur  17
Télécharger pour lire hors ligne
© 2015 InterWorks, Page 1 Caston Thomas How to Adapt to the IoT cthomas@iworkstech.com 586.530.4981
© 2015 InterWorks, Page 2 • IoT is NOT BYoD Defining IoT/What is IoT?
© 2015 InterWorks, Page 3 How Did This Slide Get in Here?!?
© 2015 InterWorks, Page 4 Sentinel Events – Examples we’ve seen to date… Night Dragon - 2011 Shamoon - 2012 Energetic Bear - 2012 Norwegian Oil & Gas - 2014 German steel works - 2014 Car Washes - 2015 Insulin Pumps - 2013
© 2015 InterWorks, Page 6 How Things Will Change
© 2015 InterWorks, Page 7 Potential impact & exposures?
© 2015 InterWorks, Page 9 Creating a New Security Framework
© 2015 InterWorks, Page 10 Be as specific as possible Identify all components Note business objectives Create use cases for each variant The “devil will be in the details” Start with the worst thing that can happen Make sure you include all relevant externalities (e.g., consumers, regulators, public opinion) Start with interfaces & potential attack surfaces including physical access Stay just outside the realm of what is reasonably foreseeable Pair the impacts with the vulnerabilities New threats will become apparent Potential threats may be considered speculative Use threats to help define impacts & vulnerabilities Threats will evolve as incentives change Threats will evolve as IoT becomes more common Build the Risk Model Define Use Cases Identify potential impact Define likely vulnerabilities Identify evolving threats
© 2015 InterWorks, Page 11 The Devices & Risks are Diverseso How Do We Secure Them?
© 2015 InterWorks, Page 12 Useful to Think in Terms of Overall Process Courtesy: F5 Labs
© 2015 InterWorks, Page 13 NIST smart meter flow diagram (2014)
© 2015 InterWorks, Page 14 Look at the Threat & Pair with Appropriate Controls Courtesy: ©2015 Leidos. Used with permission.
© 2015 InterWorks, Page 15 Campaign analysis is used to determine the patterns & behaviors of attackers Cyber Kill Chain® Campaign “Heat Map” Group intrusions together into “Campaigns” Prioritize & measure against each Campaign Understand the Threat Landscape
© 2015 InterWorks, Page 16 • Rethink Everything!!! – Reduce the surface!!! – Tech Selection – Based on Meta Trends! • Know Your Line-Up!!! – Your Users, Executives & Management – Learn & Teach – Your Adversaries – Anticipate their Tactics, Techniques & Procedures – Your Network (IoP) – Take a Vendor to Lunch • Use the Resources that Are on Your Side!!! – Leverage Management’s Focus on Security – Retool your Response Processes – Measure & Adapt Creating an IoT security strategy
© 2015 InterWorks, Page 17 Prevention is ideal, but detection is a must. However, detection without correction has minimal value. Automate the Response Based on Policies. MOVE & DISABLERESTRICT ACCESSALERT & REMEDIATE Deploy a Virtual Firewall around an infected or non-compliant device Reassign the device into a VLAN with restricted access Update access lists (ACLs) on switches, firewalls & routers to restrict access Automatically move device to a pre- configured guest network Open trouble ticket Send email notification SNMP Traps Syslog HTTP browser hijack Auditable end-user acknowledgement Self-remediation Integrate with SMS, WSUS, SCCM, Lumension, BigFix Reassign device from production VLAN to quarantine VLAN Block access with 802.1X Alter login credentials to block access Block access with device authentication Turn off switch port (802.1X or SNMP) Terminate unauthorized applications Disable peripheral device Rethinking the Technology Components & Responses
© 2015 InterWorks, Page 20 • Next week you should: – Begin identifying the IoT implementations that are in place, planned, or anticipated – not just inside your organization, but also in possession of your key people & partners – Identify security policies or procedures that may be impacted by IoT • In the next 90 days: – Begin applying the risk models & review results with management – Identify mitigation steps & associated costs to achieve desired state – Review insurance coverage & applicability • In the next year: – Implement ongoing security monitoring (real-time with automated response) – Continue identifying the IoT risks that you don’t control that affect your organization – Build your IoP to collaborate on your evolution into this new world we’re entering – Revise risk management model & obtain necessary approvals after each change of scope (and you better believe that scope will change frequently) 7 or 8 or 9 things we can do to prepare
© 2015 InterWorks, Page 23 Thank You! And Now… It’s YOUR Turn!

Recommandé

Outpost24 Webinar - Common wireless security threats and how to avoid them
Outpost24 Webinar - Common wireless security threats and how to avoid themOutpost24 Webinar - Common wireless security threats and how to avoid them
Outpost24 Webinar - Common wireless security threats and how to avoid themOutpost24
 
Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint SecurityAdrian Sanabria
 
Cylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewCylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewInnovation Network Technologies: InNet
 
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusFive Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusSarah Vanier
 
5 benefits of network monitoring
5 benefits of network monitoring5 benefits of network monitoring
5 benefits of network monitoringFlightcase1
 
Container Security: What Enterprises Need to Know
Container Security: What Enterprises Need to KnowContainer Security: What Enterprises Need to Know
Container Security: What Enterprises Need to KnowDevOps.com
 
Intel Security Endpoint Protection
Intel Security Endpoint ProtectionIntel Security Endpoint Protection
Intel Security Endpoint ProtectionTrustmarque
 

Recommandé

Outpost24 Webinar - Common wireless security threats and how to avoid them
Outpost24 Webinar - Common wireless security threats and how to avoid themOutpost24 Webinar - Common wireless security threats and how to avoid them
Outpost24 Webinar - Common wireless security threats and how to avoid themOutpost24
 
Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint SecurityAdrian Sanabria
 
Cylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewCylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewInnovation Network Technologies: InNet
 
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusFive Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusSarah Vanier
 
5 benefits of network monitoring
5 benefits of network monitoring5 benefits of network monitoring
5 benefits of network monitoringFlightcase1
 
Container Security: What Enterprises Need to Know
Container Security: What Enterprises Need to KnowContainer Security: What Enterprises Need to Know
Container Security: What Enterprises Need to KnowDevOps.com
 
Intel Security Endpoint Protection
Intel Security Endpoint ProtectionIntel Security Endpoint Protection
Intel Security Endpoint ProtectionTrustmarque
 
The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesMajor Hayden
 
Outpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24
 
Outpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24
 
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015TierPoint
 
If We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantIf We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantNathan Burke
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security TestingPECB
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachEast Midlands Cyber Security Forum
 
The view of auditor on cybercrime
The view of auditor on cybercrimeThe view of auditor on cybercrime
The view of auditor on cybercrimeMarc Vael
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNorth Texas Chapter of the ISSA
 
ImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePageImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePageAlisa Alvich
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24
 
Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24
 
Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24
 
Infographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud SecurityInfographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud SecurityIntronis MSP Solutions by Barracuda
 
10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITYRazorpoint Security
 
Revitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr HealthRevitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr Healthbugcrowd
 
You can't teach an old dog new tricks
You can't teach an old dog new tricksYou can't teach an old dog new tricks
You can't teach an old dog new tricksWatchful Software
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24
 
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITYSOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITYDialogueScience
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?London School of Cyber Security
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iotCaston Thomas
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report SummaryAccenture Technology
 

Contenu connexe

Tendances

The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesMajor Hayden
 
Outpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24
 
Outpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24
 
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015TierPoint
 
If We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantIf We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantNathan Burke
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security TestingPECB
 
The view of auditor on cybercrime
The view of auditor on cybercrimeThe view of auditor on cybercrime
The view of auditor on cybercrimeMarc Vael
 
ImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePageImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePageAlisa Alvich
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24
 
Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24
 
Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24
 
Infographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud SecurityInfographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud SecurityIntronis MSP Solutions by Barracuda
 
10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITYRazorpoint Security
 
Revitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr HealthRevitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr Healthbugcrowd
 
You can't teach an old dog new tricks
You can't teach an old dog new tricksYou can't teach an old dog new tricks
You can't teach an old dog new tricksWatchful Software
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24
 
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITYSOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITYDialogueScience
 

Tendances (20)

The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilities
 
Outpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessments
 
Outpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust model
 
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015
 
If We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantIf We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s Important
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security Testing
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
 
The view of auditor on cybercrime
The view of auditor on cybercrimeThe view of auditor on cybercrime
The view of auditor on cybercrime
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
 
ImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePageImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePage
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud security
 
Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...
 
Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security
 
Infographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud SecurityInfographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud Security
 
10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY
 
Revitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr HealthRevitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr Health
 
You can't teach an old dog new tricks
You can't teach an old dog new tricksYou can't teach an old dog new tricks
You can't teach an old dog new tricks
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk score
 
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITYSOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 

Similaire à How to adapt to the IOT

7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iotCaston Thomas
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report SummaryAccenture Technology
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18japijapi
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud worldZscaler
 
Quantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate LeadershipQuantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate LeadershipNetskope
 
智慧市政大未來 主題一
智慧市政大未來 主題一智慧市政大未來 主題一
智慧市政大未來 主題一Mavis CHU
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)Rui Miguel Feio
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductSalesforce Developers
 
IBM Mobile Overview for Ecosystem Partners
IBM Mobile Overview for Ecosystem PartnersIBM Mobile Overview for Ecosystem Partners
IBM Mobile Overview for Ecosystem PartnersJeremy Siewert
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinCloud Expo
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 
Webinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsWebinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsSolarWinds
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldMark Nunnikhoven
 

Similaire à How to adapt to the IOT (20)

7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report Summary
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
 
Quantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate LeadershipQuantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate Leadership
 
智慧市政大未來 主題一
智慧市政大未來 主題一智慧市政大未來 主題一
智慧市政大未來 主題一
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT Product
 
IBM Mobile Overview for Ecosystem Partners
IBM Mobile Overview for Ecosystem PartnersIBM Mobile Overview for Ecosystem Partners
IBM Mobile Overview for Ecosystem Partners
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny Heaberlin
 
The Economics of Security
The Economics of SecurityThe Economics of Security
The Economics of Security
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
Webinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsWebinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWinds
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
 

Plus de Caston Thomas

Master gardeners... meet... "High Yech"
Master gardeners... meet... "High Yech"Master gardeners... meet... "High Yech"
Master gardeners... meet... "High Yech"Caston Thomas
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Caston Thomas
 
New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)Caston Thomas
 
How to adapt to the IoT
How to adapt to the IoTHow to adapt to the IoT
How to adapt to the IoTCaston Thomas
 
The internet of things (io t) for issa v1.3
The internet of things (io t) for issa v1.3The internet of things (io t) for issa v1.3
The internet of things (io t) for issa v1.3Caston Thomas
 
Inter works golden circles for healthcare it
Inter works golden circles for healthcare itInter works golden circles for healthcare it
Inter works golden circles for healthcare itCaston Thomas
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing InvestmentsCaston Thomas
 
How I learned to stop worrying & love the BYOD
How I learned to stop worrying & love the BYODHow I learned to stop worrying & love the BYOD
How I learned to stop worrying & love the BYODCaston Thomas
 

Plus de Caston Thomas (8)

Master gardeners... meet... "High Yech"
Master gardeners... meet... "High Yech"Master gardeners... meet... "High Yech"
Master gardeners... meet... "High Yech"
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3
 
New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)
 
How to adapt to the IoT
How to adapt to the IoTHow to adapt to the IoT
How to adapt to the IoT
 
The internet of things (io t) for issa v1.3
The internet of things (io t) for issa v1.3The internet of things (io t) for issa v1.3
The internet of things (io t) for issa v1.3
 
Inter works golden circles for healthcare it
Inter works golden circles for healthcare itInter works golden circles for healthcare it
Inter works golden circles for healthcare it
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments
 
How I learned to stop worrying & love the BYOD
How I learned to stop worrying & love the BYODHow I learned to stop worrying & love the BYOD
How I learned to stop worrying & love the BYOD
 

Dernier

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Dernier (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

How to adapt to the IOT

  • 1. © 2015 InterWorks, Page 1 Caston Thomas How to Adapt to the IoT cthomas@iworkstech.com 586.530.4981
  • 2. © 2015 InterWorks, Page 2 • IoT is NOT BYoD Defining IoT/What is IoT?
  • 3. © 2015 InterWorks, Page 3 How Did This Slide Get in Here?!?
  • 4. © 2015 InterWorks, Page 4 Sentinel Events – Examples we’ve seen to date… Night Dragon - 2011 Shamoon - 2012 Energetic Bear - 2012 Norwegian Oil & Gas - 2014 German steel works - 2014 Car Washes - 2015 Insulin Pumps - 2013
  • 5. © 2015 InterWorks, Page 6 How Things Will Change
  • 6. © 2015 InterWorks, Page 7 Potential impact & exposures?
  • 7. © 2015 InterWorks, Page 9 Creating a New Security Framework
  • 8. © 2015 InterWorks, Page 10 Be as specific as possible Identify all components Note business objectives Create use cases for each variant The “devil will be in the details” Start with the worst thing that can happen Make sure you include all relevant externalities (e.g., consumers, regulators, public opinion) Start with interfaces & potential attack surfaces including physical access Stay just outside the realm of what is reasonably foreseeable Pair the impacts with the vulnerabilities New threats will become apparent Potential threats may be considered speculative Use threats to help define impacts & vulnerabilities Threats will evolve as incentives change Threats will evolve as IoT becomes more common Build the Risk Model Define Use Cases Identify potential impact Define likely vulnerabilities Identify evolving threats
  • 9. © 2015 InterWorks, Page 11 The Devices & Risks are Diverseso How Do We Secure Them?
  • 10. © 2015 InterWorks, Page 12 Useful to Think in Terms of Overall Process Courtesy: F5 Labs
  • 11. © 2015 InterWorks, Page 13 NIST smart meter flow diagram (2014)
  • 12. © 2015 InterWorks, Page 14 Look at the Threat & Pair with Appropriate Controls Courtesy: ©2015 Leidos. Used with permission.
  • 13. © 2015 InterWorks, Page 15 Campaign analysis is used to determine the patterns & behaviors of attackers Cyber Kill Chain® Campaign “Heat Map” Group intrusions together into “Campaigns” Prioritize & measure against each Campaign Understand the Threat Landscape
  • 14. © 2015 InterWorks, Page 16 • Rethink Everything!!! – Reduce the surface!!! – Tech Selection – Based on Meta Trends! • Know Your Line-Up!!! – Your Users, Executives & Management – Learn & Teach – Your Adversaries – Anticipate their Tactics, Techniques & Procedures – Your Network (IoP) – Take a Vendor to Lunch • Use the Resources that Are on Your Side!!! – Leverage Management’s Focus on Security – Retool your Response Processes – Measure & Adapt Creating an IoT security strategy
  • 15. © 2015 InterWorks, Page 17 Prevention is ideal, but detection is a must. However, detection without correction has minimal value. Automate the Response Based on Policies. MOVE & DISABLERESTRICT ACCESSALERT & REMEDIATE Deploy a Virtual Firewall around an infected or non-compliant device Reassign the device into a VLAN with restricted access Update access lists (ACLs) on switches, firewalls & routers to restrict access Automatically move device to a pre- configured guest network Open trouble ticket Send email notification SNMP Traps Syslog HTTP browser hijack Auditable end-user acknowledgement Self-remediation Integrate with SMS, WSUS, SCCM, Lumension, BigFix Reassign device from production VLAN to quarantine VLAN Block access with 802.1X Alter login credentials to block access Block access with device authentication Turn off switch port (802.1X or SNMP) Terminate unauthorized applications Disable peripheral device Rethinking the Technology Components & Responses
  • 16. © 2015 InterWorks, Page 20 • Next week you should: – Begin identifying the IoT implementations that are in place, planned, or anticipated – not just inside your organization, but also in possession of your key people & partners – Identify security policies or procedures that may be impacted by IoT • In the next 90 days: – Begin applying the risk models & review results with management – Identify mitigation steps & associated costs to achieve desired state – Review insurance coverage & applicability • In the next year: – Implement ongoing security monitoring (real-time with automated response) – Continue identifying the IoT risks that you don’t control that affect your organization – Build your IoP to collaborate on your evolution into this new world we’re entering – Revise risk management model & obtain necessary approvals after each change of scope (and you better believe that scope will change frequently) 7 or 8 or 9 things we can do to prepare
  • 17. © 2015 InterWorks, Page 23 Thank You! And Now… It’s YOUR Turn!