SlideShare a Scribd company logo

Cybersecurity for Real Estate & Construction

Download as PPTX, PDF
Aronson LLC
Aronson LLC

Aronson’s Tech Risk Partner Payal Vadhani and Construction & Real Estate Partner Tim Cummins spoke at the AICPA’s Construction and Real Estate Conference on December 8-9, 2016 at the Wynn in Las Vegas, NV. Their presentation focuses on how construction contractors and real estate organizations can develop a scalable multi-year cybersecurity strategy. In order for a security culture to be present and truly effective, security awareness and engagement is required at every level of your organization. Payal and Tim’s multi-tiered foundational block approach coupled with governance and culture will provide you and your organization with a roadmap for success and a customized cybersecurity program based on the industry, business needs, regulatory requirements, and specific business and cyber risks.

Technology
1 of 25
www.aronsonllc.com/blogs/PLACE BLOG HERE Tim Cummins and PayalVadhani Cybersecurity for Real Estate & Construction
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Our Agenda 1 Trends in the Real Estate & Construction (REC) Industry 2 3 4 5 Cybersecurity Implications for Technology Industry Frameworks Scalable Cybersecurity Strategy Operational Considerations 2
Trends in the Real Estate & Construction (REC) Industry 3
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | RECTechnologies A building management system (BMS) is a control system capable of monitoring & managing mechanical, electrical, and electromechanical facility services (TechTarget). Services can include the following: • Heating,Ventilation, &Air Conditioning (HVAC) • Utilities (e.g., lighting) • Elevators • PhysicalAccess Control Intelligent buildings have a suite of IT systems which provide a productive and cost-effective environment through optimization of its four basic elements, i.e., structure, systems, services, and management (Intelligent Building Institute USA). 4
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Expanded REC Interconnected Networks Communication Infrastructure Tenant’s Systems Vendor’s Systems 5
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | BMS Market Forecast Commercial buildings sector forecasted to have largest share of BMS market Asia-Pacific (APAC) region companies expected to grow rapidly Security & access control systems are BMS market leaders 6 Source: Building Automation System Market – Global Forecasts to 2022 by Markets and Markets
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | BMS Market Forecast (Cont.) $49.37 B $100.60 B 2015 2022 Source: Building Automation System Market – Global Forecasts to 2022 by Markets and Markets 7
Cybersecurity Implications 8
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Horror Stories Credentials provided access to aTarget-hosted web application for vendors Target - HVAC vendor credentials were compromised HVAC system was a key stepping stone to executing the data breach Real Estate InvestmentTrust (REIT) - discovered in September 2014 that systems containing Personally Identifiable Information (PII) and sensitive corporate information were compromised Breach occurred prior to April 2014 $2.8 million spent on incident management, which included: • investigative fees and • identity protection services 1 2 9
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Technology & Risks Business &Technology Drivers Risk Building management systems (BMS) are integrated into IT networks and are Internet accessible • Unauthorized access • Data compromise and integrity BMS continue to be designed for functionality and innovation to enhance convenience • Appropriate security architecture may not be incorporated into the BMS • Security controls and considerations are not included in the design process BMS are not managed by traditional ITTeams • Personnel who manage the BMS may not have the required IT & Security skills 10
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Threats & Impacts Threats Impacts Ransomware • FBI reported $209M USD monetary losses from January – March 2016 1 • Average ransom demanded: $679 1 • # of new ransomware families detected in June 2016 (in one month)1 : 50 Phishing • 30% of phishing messages were opened and 12% of targets subsequently clicked on the malicious link/attachment based on 8M+ phishing test results in 2015 2 • Spear Phishing incident costs a company an averageof $1.6M 2 Distributed Denial of Service Service (DDOS) • 73% of companies worldwide experienced a DDOS attack 3 • 82% of corporations incurred repeat attacks with 43% hit 6+ times 3 • 8 out of 10 companies with Internet ofThings (IoT) devices were attacked and 43% of them experienced some form of theft 3 Data Breach • 725 breaches exposed 29M+ records in 2016 as of 10/4/16 4 • 89% of breaches had a financial or espionage motive in 2016 2 3 - Neustar 2016 DDOS Attacks and Protections Report 4 – Identity Theft Resource Center 2016 Data Breach Category Summary 11 1 - (Symantec Ransomware & Businesses Special Report 2016) 2 – Verizon Data Breach Investigations Report
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Potential Consequences Incidents • Unauthorized access to BMS & other network locations • Compromised HVAC settings • Ransomware encrypted files and data Consequences • Data loss/modification/theft • Inappropriate environmental conditions & functionality Impacts • Jeopardized personnel safety • Data breach notification & investigation • Extensive remediation efforts • Reputational damages 12
Industry Frameworks 13
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | REC Specific Industry Framework Mechanical Systems Electric Systems Enterprise Applications The Open Building Information Exchange (OBIX) TechnicalCommittee aims to create standard web services guidelines to facilitate the exchange of information between intelligent buildings and enterprise applications. • Simplify data transfer • Enhance data security • Optimize data availability & awareness 14
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Other Industry Frameworks International Organization for Standardization (ISO) 2700X ISO 27001 contains 114 controls that can be used to reduce security risk through management of assets and data. ISO 27002 defines guidelines for implementing controls in 27001. National Institute of Standards &Technology (NIST) Special Publication 800-53 NIST 800-53 is a catalog of security and privacy controls designed to protect entities from a variety of threats to public and private sector information. It includes the process for selecting and customizing controls as part of an enterprise-wide security and privacy risk management program. Framework for Improving Critical Infrastructure Cybersecurity The framework is designed to provide detailed guidance on managing cybersecurity risks for critical infrastructure (CI) services. The nation relies upon CI, which means operational requirements must be met and security safeguards must be in place. It provides principles and leading practices to facilitate enhanced CI security and resilience. Unified Compliance Framework An integration of all IT control requirements in a efficient and effective manner. Framework Description 15
Scalable Cybersecurity Strategy 16
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Principles & Objectives Security Principles Integrity AvailabilityConfidentiality It’s not a matter of IF, but WHEN a significant security breach / incident will occur Cybersecurity Program Objectives • Protect confidential data • Limit financial losses • Avoid reputational damage • Ensure resiliency of the business & IT environment 17
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Scalable Strategy SecureVigilant Resilient 1. Security Risk Assessment 2. Penetration Tests & Vulnerability Scans 3. Network Segmentation 4. Security Monitoring 5. Data Loss Prevention 6. Mobile Device Security 1. Information Classification, Data Analysis and Cleanup 2. Business Continuity Plan 3. Disaster Recovery Testing 1. Policies & Standards 2. Operating Procedures 3. Security Awareness Training 4. Cyber Insurance 5. Controls Implementation 18
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Cybersecurity Controls 1. Understand your risks and threats landscape (P) 2. Assess, classify, and build extra protection around critical data (P) 3. Update policies, processes and procedures to address point in time and forward-looking risks and embed cybersecurity culture (P) 4. Assess/obtain cyber insurance coverage (P) 5. Conduct penetration tests and vulnerability scans (internal and external) on a reasonable frequency (D); remediate highest risk areas 6. Get up to date on patches and subscribe to security advisory mailing lists (P) 7. Set up an InsiderThreat Program, even bare bones will do as a starting place (P) 8. Conduct security awareness and training on a regular frequency (once a quarter) (P) 9. Manage vendor security through policies and processes (P) 10.Have contingency and incident response plans in place that include law enforcement, forensics (digital, human and physical), client, investor, legal, media and PR responses (P) 11. Implement technologies that complement your processes (P) Legend: P – Preventive controls D – DetectiveControls 19
Operational Considerations 20
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Roles & Responsibilities Role Responsibilities Board of Directors • Be well-informed regarding IT strategic plans, cyber risks, and IT initiatives • Continuously monitor risks and ensure alignment with business strategy through timely reporting Risk ManagementCommittee • Meet on a periodic basis to discuss and manage enterprise risks, which include IT and cyber risks • Oversee risk management solutions and remediation efforts Chief Information Officer (CIO) / Chief Information Security Officer (CISO) • Oversee the strategic and operational aspects of the cybersecurity program • Develop and discuss status reporting with leadership & stakeholders • Coordinate with the Board, Risk ManagementCommittee, andCFO to involve IT in strategic and risk management plans • Coordinate with the CFO on joint interest compliance programs and initiatives Chief Financial Officer (CFO) • Coordinate with the Board, Risk ManagementCommittee, andCIO/CISO to allocate sufficient current and future funds to support IT initiatives including cybersecurity • Identify, manage, and report operational risks Auditors • Include cyber in the IT audits • Engage in board level discussion on various risks including IT and cyber 21
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Culture, Governance & Compliance • The Board of Directors must get involved to set the tone at the top • A well-defined governance structure provides a good relationship and communication between the board, management, and employees • The governance structure must reasonably balance security with business needs while remaining vigilant • Cyber hygiene should be intrinsically woven into the culture of the organization • Cybersecurity policies shouldn’t become paperweights • Compliance activities should be carried out to ensure alignment with industry leading practices No matter how large or small, every organization has to have a process in place to govern policies and practices, measure risk and compliance, and instill a cyber-aware culture. 22
© 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | In Summary Trends indicate building management systems will increase in prevalence in the coming years REC companies must make cybersecurity a priority Implement a scalable cybersecurity strategy that matures over time Ensure key roles recognize the importance of cybersecurity and drive a cyber-aware culture Consider cyber insurance coverage Ensure cyber hygiene is practiced across all levels of the organization 23
THANKS !Any Questions? 24
25

Recommended

Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape... Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...NetCom Learning
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRPECB
 
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgInformation Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgEric Vanderburg
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 

Recommended

Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape... Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...NetCom Learning
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRPECB
 
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgInformation Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgEric Vanderburg
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber securityIT Governance Ltd
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Results of IT Security Analysis
Results of IT Security AnalysisResults of IT Security Analysis
Results of IT Security Analysiszohraz
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
Information Security
Information SecurityInformation Security
Information SecurityWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slidesecommerce
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001CUNIX INDIA
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_bangloreIPPAI
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practiceparves kamal
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information SecurityAna Meskovska
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisRahul Neel Mani
 
Information Security Challenges & Opportunities
Information Security Challenges & OpportunitiesInformation Security Challenges & Opportunities
Information Security Challenges & OpportunitiesMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Evolving Security in Process Control - Cyber Security for Critical Assets 2015
Evolving Security in Process Control - Cyber Security for Critical Assets 2015Evolving Security in Process Control - Cyber Security for Critical Assets 2015
Evolving Security in Process Control - Cyber Security for Critical Assets 2015Lockheed-Martin
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Ashly bien
Ashly bienAshly bien
Ashly bienjuan alvarez
 
Presentation1
Presentation1Presentation1
Presentation1Samantha Turner
 

More Related Content

What's hot

Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber securityIT Governance Ltd
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Results of IT Security Analysis
Results of IT Security AnalysisResults of IT Security Analysis
Results of IT Security Analysiszohraz
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slidesecommerce
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001CUNIX INDIA
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_bangloreIPPAI
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practiceparves kamal
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information SecurityAna Meskovska
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisRahul Neel Mani
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Evolving Security in Process Control - Cyber Security for Critical Assets 2015
Evolving Security in Process Control - Cyber Security for Critical Assets 2015Evolving Security in Process Control - Cyber Security for Critical Assets 2015
Evolving Security in Process Control - Cyber Security for Critical Assets 2015Lockheed-Martin
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 

What's hot (20)

Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber security
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
Results of IT Security Analysis
Results of IT Security AnalysisResults of IT Security Analysis
Results of IT Security Analysis
 
Network security policies
Network security policiesNetwork security policies
Network security policies
 
Information Security
Information SecurityInformation Security
Information Security
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slides
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 
information security management
information security managementinformation security management
information security management
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practice
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information Security
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its Analysis
 
Information Security Challenges & Opportunities
Information Security Challenges & OpportunitiesInformation Security Challenges & Opportunities
Information Security Challenges & Opportunities
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 
Evolving Security in Process Control - Cyber Security for Critical Assets 2015
Evolving Security in Process Control - Cyber Security for Critical Assets 2015Evolving Security in Process Control - Cyber Security for Critical Assets 2015
Evolving Security in Process Control - Cyber Security for Critical Assets 2015
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 

Viewers also liked

Design management, KCDM, Miha Klinar, 24.3.GZS, gospodarstvo za drzavo
Design management, KCDM, Miha Klinar, 24.3.GZS, gospodarstvo za drzavoDesign management, KCDM, Miha Klinar, 24.3.GZS, gospodarstvo za drzavo
Design management, KCDM, Miha Klinar, 24.3.GZS, gospodarstvo za drzavoAleš Vidmar
 
Escalade et alpinisme : deux passions - Vincent de Bentzmann
Escalade et alpinisme : deux passions - Vincent de BentzmannEscalade et alpinisme : deux passions - Vincent de Bentzmann
Escalade et alpinisme : deux passions - Vincent de BentzmannVincent de Bentzmann
 
[Altibase] 2-4 sql functions
[Altibase] 2-4 sql functions[Altibase] 2-4 sql functions
[Altibase] 2-4 sql functionsaltistory
 
Adquisiciones ef 2015 (1)
Adquisiciones ef 2015 (1)Adquisiciones ef 2015 (1)
Adquisiciones ef 2015 (1)quira1967
 
Digital Disruption For Econoimc Devleopment
Digital Disruption For Econoimc DevleopmentDigital Disruption For Econoimc Devleopment
Digital Disruption For Econoimc DevleopmentAntony P. Lorius
 
Real estate and digital transformation
Real estate and digital transformationReal estate and digital transformation
Real estate and digital transformationEHSAL
 
Comparison of features on the Top 4 Australia Real Estate Portal Agent Profil...
Comparison of features on the Top 4 Australia Real Estate Portal Agent Profil...Comparison of features on the Top 4 Australia Real Estate Portal Agent Profil...
Comparison of features on the Top 4 Australia Real Estate Portal Agent Profil...Realty Profiler
 
SCREENING TUBEs_ICCS_2016-AR
SCREENING TUBEs_ICCS_2016-ARSCREENING TUBEs_ICCS_2016-AR
SCREENING TUBEs_ICCS_2016-ARAmr Rajab
 
Natecaj moj dom nasa prihodnost - Our Future Home
Natecaj moj dom nasa prihodnost - Our Future HomeNatecaj moj dom nasa prihodnost - Our Future Home
Natecaj moj dom nasa prihodnost - Our Future HomeAleš Vidmar
 
IoT613: Re-imagining Real Estate with the Internet of Things
IoT613: Re-imagining Real Estate with the Internet of ThingsIoT613: Re-imagining Real Estate with the Internet of Things
IoT613: Re-imagining Real Estate with the Internet of ThingsRick Huijbregts
 
Digital transformation in Real Estate
Digital transformation in Real EstateDigital transformation in Real Estate
Digital transformation in Real EstateScopernia
 
Industry 4.0 and the road towards it
Industry 4.0 and the road towards itIndustry 4.0 and the road towards it
Industry 4.0 and the road towards itRick Bouter
 
MATRIZ DOFA CONFECCIONES S.A.
MATRIZ DOFA CONFECCIONES S.A.MATRIZ DOFA CONFECCIONES S.A.
MATRIZ DOFA CONFECCIONES S.A.Diego González
 
IoT, Impact Investing and Innovation - Public Masterclass - Brisbane, Australia
IoT, Impact Investing and Innovation - Public Masterclass - Brisbane, AustraliaIoT, Impact Investing and Innovation - Public Masterclass - Brisbane, Australia
IoT, Impact Investing and Innovation - Public Masterclass - Brisbane, AustraliaMatthew Bailey
 
Christian's Professional Profile
Christian's Professional ProfileChristian's Professional Profile
Christian's Professional Profilecmarambulo
 

Viewers also liked (20)

Ashly bien
Ashly bienAshly bien
Ashly bien
 
Presentation1
Presentation1Presentation1
Presentation1
 
Design management, KCDM, Miha Klinar, 24.3.GZS, gospodarstvo za drzavo
Design management, KCDM, Miha Klinar, 24.3.GZS, gospodarstvo za drzavoDesign management, KCDM, Miha Klinar, 24.3.GZS, gospodarstvo za drzavo
Design management, KCDM, Miha Klinar, 24.3.GZS, gospodarstvo za drzavo
 
HaleesLGLFlow
HaleesLGLFlowHaleesLGLFlow
HaleesLGLFlow
 
Escalade et alpinisme : deux passions - Vincent de Bentzmann
Escalade et alpinisme : deux passions - Vincent de BentzmannEscalade et alpinisme : deux passions - Vincent de Bentzmann
Escalade et alpinisme : deux passions - Vincent de Bentzmann
 
[Altibase] 2-4 sql functions
[Altibase] 2-4 sql functions[Altibase] 2-4 sql functions
[Altibase] 2-4 sql functions
 
Adquisiciones ef 2015 (1)
Adquisiciones ef 2015 (1)Adquisiciones ef 2015 (1)
Adquisiciones ef 2015 (1)
 
Digital Disruption For Econoimc Devleopment
Digital Disruption For Econoimc DevleopmentDigital Disruption For Econoimc Devleopment
Digital Disruption For Econoimc Devleopment
 
Real estate and digital transformation
Real estate and digital transformationReal estate and digital transformation
Real estate and digital transformation
 
Comparison of features on the Top 4 Australia Real Estate Portal Agent Profil...
Comparison of features on the Top 4 Australia Real Estate Portal Agent Profil...Comparison of features on the Top 4 Australia Real Estate Portal Agent Profil...
Comparison of features on the Top 4 Australia Real Estate Portal Agent Profil...
 
SCREENING TUBEs_ICCS_2016-AR
SCREENING TUBEs_ICCS_2016-ARSCREENING TUBEs_ICCS_2016-AR
SCREENING TUBEs_ICCS_2016-AR
 
Natecaj moj dom nasa prihodnost - Our Future Home
Natecaj moj dom nasa prihodnost - Our Future HomeNatecaj moj dom nasa prihodnost - Our Future Home
Natecaj moj dom nasa prihodnost - Our Future Home
 
IoT613: Re-imagining Real Estate with the Internet of Things
IoT613: Re-imagining Real Estate with the Internet of ThingsIoT613: Re-imagining Real Estate with the Internet of Things
IoT613: Re-imagining Real Estate with the Internet of Things
 
Habilidades de pensamiento
Habilidades de pensamientoHabilidades de pensamiento
Habilidades de pensamiento
 
Digital transformation in Real Estate
Digital transformation in Real EstateDigital transformation in Real Estate
Digital transformation in Real Estate
 
Industry 4.0 and the road towards it
Industry 4.0 and the road towards itIndustry 4.0 and the road towards it
Industry 4.0 and the road towards it
 
MATRIZ DOFA CONFECCIONES S.A.
MATRIZ DOFA CONFECCIONES S.A.MATRIZ DOFA CONFECCIONES S.A.
MATRIZ DOFA CONFECCIONES S.A.
 
IoT, Impact Investing and Innovation - Public Masterclass - Brisbane, Australia
IoT, Impact Investing and Innovation - Public Masterclass - Brisbane, AustraliaIoT, Impact Investing and Innovation - Public Masterclass - Brisbane, Australia
IoT, Impact Investing and Innovation - Public Masterclass - Brisbane, Australia
 
Presentación English
Presentación EnglishPresentación English
Presentación English
 
Christian's Professional Profile
Christian's Professional ProfileChristian's Professional Profile
Christian's Professional Profile
 

Similar to Cybersecurity for Real Estate & Construction

NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...IT Governance Ltd
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan MMohan M
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 
Webinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected VehiclesWebinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected VehiclesHARMAN Connected Services
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controlsEnclaveSecurity
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
Security: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudSecurity: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudCapgemini
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance EnergyTech2015
 
Walls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityWalls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityAbdul Jaleel
 
Itmgen 4317 security
Itmgen 4317 securityItmgen 4317 security
Itmgen 4317 securityCisco
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18japijapi
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?IBM Security
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 

Similar to Cybersecurity for Real Estate & Construction (20)

NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan M
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
Webinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected VehiclesWebinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected Vehicles
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controls
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del ciso
 
SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity Overview
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
Security: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudSecurity: Enabling the Journey to the Cloud
Security: Enabling the Journey to the Cloud
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance
 
Walls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityWalls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application Security
 
Itmgen 4317 security
Itmgen 4317 securityItmgen 4317 security
Itmgen 4317 security
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?
 
CCA study group
CCA study groupCCA study group
CCA study group
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 

More from Aronson LLC

C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Allocating Direct and Indirect Costs for Nonprofits
Allocating Direct and Indirect Costs for NonprofitsAllocating Direct and Indirect Costs for Nonprofits
Allocating Direct and Indirect Costs for NonprofitsAronson LLC
 
To Bid or Not to Bid, That Is the Question
To Bid or Not to Bid, That Is the QuestionTo Bid or Not to Bid, That Is the Question
To Bid or Not to Bid, That Is the QuestionAronson LLC
 
Webinar: Understanding Business Tax Returns - A Case Study for Family Lawyers
Webinar: Understanding Business Tax Returns - A Case Study for Family LawyersWebinar: Understanding Business Tax Returns - A Case Study for Family Lawyers
Webinar: Understanding Business Tax Returns - A Case Study for Family LawyersAronson LLC
 
Virginia Businesses: STOP Overpaying Local BPOL Tax\
Virginia Businesses: STOP Overpaying Local BPOL Tax\Virginia Businesses: STOP Overpaying Local BPOL Tax\
Virginia Businesses: STOP Overpaying Local BPOL Tax\Aronson LLC
 
Ready to Scale: Moving from Commercial to Government for Construction, Engine...
Ready to Scale: Moving from Commercial to Government for Construction, Engine...Ready to Scale: Moving from Commercial to Government for Construction, Engine...
Ready to Scale: Moving from Commercial to Government for Construction, Engine...Aronson LLC
 
Structuring Indirect Rates
Structuring Indirect RatesStructuring Indirect Rates
Structuring Indirect RatesAronson LLC
 
Surviving the GSA Schedule Contractor Assessment: What They'll Test and How t...
Surviving the GSA Schedule Contractor Assessment: What They'll Test and How t...Surviving the GSA Schedule Contractor Assessment: What They'll Test and How t...
Surviving the GSA Schedule Contractor Assessment: What They'll Test and How t...Aronson LLC
 

More from Aronson LLC (8)

C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
Allocating Direct and Indirect Costs for Nonprofits
Allocating Direct and Indirect Costs for NonprofitsAllocating Direct and Indirect Costs for Nonprofits
Allocating Direct and Indirect Costs for Nonprofits
 
To Bid or Not to Bid, That Is the Question
To Bid or Not to Bid, That Is the QuestionTo Bid or Not to Bid, That Is the Question
To Bid or Not to Bid, That Is the Question
 
Webinar: Understanding Business Tax Returns - A Case Study for Family Lawyers
Webinar: Understanding Business Tax Returns - A Case Study for Family LawyersWebinar: Understanding Business Tax Returns - A Case Study for Family Lawyers
Webinar: Understanding Business Tax Returns - A Case Study for Family Lawyers
 
Virginia Businesses: STOP Overpaying Local BPOL Tax\
Virginia Businesses: STOP Overpaying Local BPOL Tax\Virginia Businesses: STOP Overpaying Local BPOL Tax\
Virginia Businesses: STOP Overpaying Local BPOL Tax\
 
Ready to Scale: Moving from Commercial to Government for Construction, Engine...
Ready to Scale: Moving from Commercial to Government for Construction, Engine...Ready to Scale: Moving from Commercial to Government for Construction, Engine...
Ready to Scale: Moving from Commercial to Government for Construction, Engine...
 
Structuring Indirect Rates
Structuring Indirect RatesStructuring Indirect Rates
Structuring Indirect Rates
 
Surviving the GSA Schedule Contractor Assessment: What They'll Test and How t...
Surviving the GSA Schedule Contractor Assessment: What They'll Test and How t...Surviving the GSA Schedule Contractor Assessment: What They'll Test and How t...
Surviving the GSA Schedule Contractor Assessment: What They'll Test and How t...
 

Recently uploaded

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Recently uploaded (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Cybersecurity for Real Estate & Construction

  • 1. www.aronsonllc.com/blogs/PLACE BLOG HERE Tim Cummins and PayalVadhani Cybersecurity for Real Estate & Construction
  • 2. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Our Agenda 1 Trends in the Real Estate & Construction (REC) Industry 2 3 4 5 Cybersecurity Implications for Technology Industry Frameworks Scalable Cybersecurity Strategy Operational Considerations 2
  • 3. Trends in the Real Estate & Construction (REC) Industry 3
  • 4. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | RECTechnologies A building management system (BMS) is a control system capable of monitoring & managing mechanical, electrical, and electromechanical facility services (TechTarget). Services can include the following: • Heating,Ventilation, &Air Conditioning (HVAC) • Utilities (e.g., lighting) • Elevators • PhysicalAccess Control Intelligent buildings have a suite of IT systems which provide a productive and cost-effective environment through optimization of its four basic elements, i.e., structure, systems, services, and management (Intelligent Building Institute USA). 4
  • 5. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Expanded REC Interconnected Networks Communication Infrastructure Tenant’s Systems Vendor’s Systems 5
  • 6. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | BMS Market Forecast Commercial buildings sector forecasted to have largest share of BMS market Asia-Pacific (APAC) region companies expected to grow rapidly Security & access control systems are BMS market leaders 6 Source: Building Automation System Market – Global Forecasts to 2022 by Markets and Markets
  • 7. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | BMS Market Forecast (Cont.) $49.37 B $100.60 B 2015 2022 Source: Building Automation System Market – Global Forecasts to 2022 by Markets and Markets 7
  • 9. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Horror Stories Credentials provided access to aTarget-hosted web application for vendors Target - HVAC vendor credentials were compromised HVAC system was a key stepping stone to executing the data breach Real Estate InvestmentTrust (REIT) - discovered in September 2014 that systems containing Personally Identifiable Information (PII) and sensitive corporate information were compromised Breach occurred prior to April 2014 $2.8 million spent on incident management, which included: • investigative fees and • identity protection services 1 2 9
  • 10. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Technology & Risks Business &Technology Drivers Risk Building management systems (BMS) are integrated into IT networks and are Internet accessible • Unauthorized access • Data compromise and integrity BMS continue to be designed for functionality and innovation to enhance convenience • Appropriate security architecture may not be incorporated into the BMS • Security controls and considerations are not included in the design process BMS are not managed by traditional ITTeams • Personnel who manage the BMS may not have the required IT & Security skills 10
  • 11. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Threats & Impacts Threats Impacts Ransomware • FBI reported $209M USD monetary losses from January – March 2016 1 • Average ransom demanded: $679 1 • # of new ransomware families detected in June 2016 (in one month)1 : 50 Phishing • 30% of phishing messages were opened and 12% of targets subsequently clicked on the malicious link/attachment based on 8M+ phishing test results in 2015 2 • Spear Phishing incident costs a company an averageof $1.6M 2 Distributed Denial of Service Service (DDOS) • 73% of companies worldwide experienced a DDOS attack 3 • 82% of corporations incurred repeat attacks with 43% hit 6+ times 3 • 8 out of 10 companies with Internet ofThings (IoT) devices were attacked and 43% of them experienced some form of theft 3 Data Breach • 725 breaches exposed 29M+ records in 2016 as of 10/4/16 4 • 89% of breaches had a financial or espionage motive in 2016 2 3 - Neustar 2016 DDOS Attacks and Protections Report 4 – Identity Theft Resource Center 2016 Data Breach Category Summary 11 1 - (Symantec Ransomware & Businesses Special Report 2016) 2 – Verizon Data Breach Investigations Report
  • 12. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Potential Consequences Incidents • Unauthorized access to BMS & other network locations • Compromised HVAC settings • Ransomware encrypted files and data Consequences • Data loss/modification/theft • Inappropriate environmental conditions & functionality Impacts • Jeopardized personnel safety • Data breach notification & investigation • Extensive remediation efforts • Reputational damages 12
  • 14. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | REC Specific Industry Framework Mechanical Systems Electric Systems Enterprise Applications The Open Building Information Exchange (OBIX) TechnicalCommittee aims to create standard web services guidelines to facilitate the exchange of information between intelligent buildings and enterprise applications. • Simplify data transfer • Enhance data security • Optimize data availability & awareness 14
  • 15. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Other Industry Frameworks International Organization for Standardization (ISO) 2700X ISO 27001 contains 114 controls that can be used to reduce security risk through management of assets and data. ISO 27002 defines guidelines for implementing controls in 27001. National Institute of Standards &Technology (NIST) Special Publication 800-53 NIST 800-53 is a catalog of security and privacy controls designed to protect entities from a variety of threats to public and private sector information. It includes the process for selecting and customizing controls as part of an enterprise-wide security and privacy risk management program. Framework for Improving Critical Infrastructure Cybersecurity The framework is designed to provide detailed guidance on managing cybersecurity risks for critical infrastructure (CI) services. The nation relies upon CI, which means operational requirements must be met and security safeguards must be in place. It provides principles and leading practices to facilitate enhanced CI security and resilience. Unified Compliance Framework An integration of all IT control requirements in a efficient and effective manner. Framework Description 15
  • 17. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Principles & Objectives Security Principles Integrity AvailabilityConfidentiality It’s not a matter of IF, but WHEN a significant security breach / incident will occur Cybersecurity Program Objectives • Protect confidential data • Limit financial losses • Avoid reputational damage • Ensure resiliency of the business & IT environment 17
  • 18. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Scalable Strategy SecureVigilant Resilient 1. Security Risk Assessment 2. Penetration Tests & Vulnerability Scans 3. Network Segmentation 4. Security Monitoring 5. Data Loss Prevention 6. Mobile Device Security 1. Information Classification, Data Analysis and Cleanup 2. Business Continuity Plan 3. Disaster Recovery Testing 1. Policies & Standards 2. Operating Procedures 3. Security Awareness Training 4. Cyber Insurance 5. Controls Implementation 18
  • 19. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Cybersecurity Controls 1. Understand your risks and threats landscape (P) 2. Assess, classify, and build extra protection around critical data (P) 3. Update policies, processes and procedures to address point in time and forward-looking risks and embed cybersecurity culture (P) 4. Assess/obtain cyber insurance coverage (P) 5. Conduct penetration tests and vulnerability scans (internal and external) on a reasonable frequency (D); remediate highest risk areas 6. Get up to date on patches and subscribe to security advisory mailing lists (P) 7. Set up an InsiderThreat Program, even bare bones will do as a starting place (P) 8. Conduct security awareness and training on a regular frequency (once a quarter) (P) 9. Manage vendor security through policies and processes (P) 10.Have contingency and incident response plans in place that include law enforcement, forensics (digital, human and physical), client, investor, legal, media and PR responses (P) 11. Implement technologies that complement your processes (P) Legend: P – Preventive controls D – DetectiveControls 19
  • 21. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Roles & Responsibilities Role Responsibilities Board of Directors • Be well-informed regarding IT strategic plans, cyber risks, and IT initiatives • Continuously monitor risks and ensure alignment with business strategy through timely reporting Risk ManagementCommittee • Meet on a periodic basis to discuss and manage enterprise risks, which include IT and cyber risks • Oversee risk management solutions and remediation efforts Chief Information Officer (CIO) / Chief Information Security Officer (CISO) • Oversee the strategic and operational aspects of the cybersecurity program • Develop and discuss status reporting with leadership & stakeholders • Coordinate with the Board, Risk ManagementCommittee, andCFO to involve IT in strategic and risk management plans • Coordinate with the CFO on joint interest compliance programs and initiatives Chief Financial Officer (CFO) • Coordinate with the Board, Risk ManagementCommittee, andCIO/CISO to allocate sufficient current and future funds to support IT initiatives including cybersecurity • Identify, manage, and report operational risks Auditors • Include cyber in the IT audits • Engage in board level discussion on various risks including IT and cyber 21
  • 22. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | Culture, Governance & Compliance • The Board of Directors must get involved to set the tone at the top • A well-defined governance structure provides a good relationship and communication between the board, management, and employees • The governance structure must reasonably balance security with business needs while remaining vigilant • Cyber hygiene should be intrinsically woven into the culture of the organization • Cybersecurity policies shouldn’t become paperweights • Compliance activities should be carried out to ensure alignment with industry leading practices No matter how large or small, every organization has to have a process in place to govern policies and practices, measure risk and compliance, and instill a cyber-aware culture. 22
  • 23. © 2016 | www.aronsonllc.com | www.aronsonllc.com/blogs | In Summary Trends indicate building management systems will increase in prevalence in the coming years REC companies must make cybersecurity a priority Implement a scalable cybersecurity strategy that matures over time Ensure key roles recognize the importance of cybersecurity and drive a cyber-aware culture Consider cyber insurance coverage Ensure cyber hygiene is practiced across all levels of the organization 23
  • 25. 25