SlideShare a Scribd company logo

Preventing Predictable Problems (Possibly)

Gareth Niblett
Gareth Niblett

Presentation given during a panel session on Innovation, Complexity, Risk and Trust at the MAPPING Second General Assembly in Prague, Czech Republic, on 1st November 2016.

Technology
1 of 23
Download to read offline
PREVENTING PREDICTABLE PROBLEMS (POSSIBLY) Gareth Niblett
PROBLEMS Problems, Problems
BADTHINGS CAN HAPPEN ACTION • ‘Wise Monkeys’ approach • Vulnerability disclosure • Service failure / denial • Data leak / breach • Data destruction REACTION • Increased costs • Recall / reputation damage • Fine / loss of license • Loss of revenue / value • Job losses / business closure
OPPORTUNITIES Optimism & Options
PLANTO WIN • Solve a problem / innovate • Think ahead • Listen to experts • Prepare for failure • You can’t predict it all
BUILDTO SURVIVE • Assess risks honestly • Scale flexibly & efficiently • Built-in security, not bolt-on • Test resilience plans • Adapt and overcome issues
BE ‘UNWISE’ • Listen to customers, experts, and regulators • Speak (and ask) about concerns and problems • Look proactively for problems, and don't ignore Failure can be ‘fatal’
EASY PICKINGS • Follow standards and test • Use secure protocols • Avoid bad defaults • Make patchable & automatic • Don’t overburden users
INNOVATE SECURELY • Internet ofThings • Identity schemes • Surveillance tech • Augmented / virtual reality • Big data & analytics • Machine Learning / AI • Autonomous vehicles • Drones • Regulation & legislation • Blockchain
TECHNOLOGY TacklingThreats
INTERNET OFTHINGS • Use interoperable standards • Have on-device protection • Enable automatic updates • Manage external trust • Limit data collection & use
IDENTITY SCHEMES • Provide broad user benefits • Make it citizen/user-centric • Decentralised & federated • Trusted throughout lifecycle • Transparent and auditable
SURVEILLANCETECH • Necessary & proportionate • Minimise data & retention • Limit purposes & access • Oversight & accountability • Don’t be ‘evil’, or facilitate it
AUGMENTED REALITY • Tackle online abuse • Be fair with ads & targeting • Ensure data quality • Take care with location data • AR/VR use may be sensitive
BIG DATA & ANALYTICS • Limit scope / purpose • Be responsible and ethical • Understand anonymisation • Try prevent reidentification • Correct bad data & decisions
MACHINE LEARNING / AI • Address ethics properly • Minimise algorithm biases • Accept robots taking jobs • Secure user-derived learning • Avoid Skynet / singularity
AUTONOMOUSVEHICLES • Ensure secure connectivity • Address trolley problem • Get government support • Get insurance co backing • Leverage sensor data wisely
DRONES • Regulate for safety & privacy • Geo-fence for safety & security • Handle GPS spoofing / jamming • Risk-based registration/ license • Monitor misuse and respond
REGULATION & LEGISLATION • Keep it light touch • Limit strict / restrictive rules • Use to open opportunities • Status quos are not sacred • Accept always behind curve
BLOCKCHAIN • Use appropriately • Beware of trade-offs • Features can help, or bite • Regulators & users matter • It’s just another database
THOUGHTS ThinkingTime
SECURITY GIVES PRIVACY • False dichotomy begone • Remember Ben Franklin • Backdoors undermine us all • Design for privacy, by default • Build and operate securely
garethniblett.com @garethniblett Gareth Niblett

Recommended

AGAINST ALL ODDS,PRESS ON
AGAINST ALL ODDS,PRESS ONAGAINST ALL ODDS,PRESS ON
AGAINST ALL ODDS,PRESS ONAmb Steve Mbugua
 
Polyglot Persistence with OSGi - Alexander Grzesik
Polyglot Persistence with OSGi - Alexander GrzesikPolyglot Persistence with OSGi - Alexander Grzesik
Polyglot Persistence with OSGi - Alexander Grzesikmfrancis
 
RPO Software
RPO SoftwareRPO Software
RPO SoftwareRrahul Sethi
 
Bitcoin : Beaucoup plus qu'une monnaie
Bitcoin : Beaucoup plus qu'une monnaieBitcoin : Beaucoup plus qu'une monnaie
Bitcoin : Beaucoup plus qu'une monnaiePhilippe Rodriguez
 
Как перестать бояться и начать любить медийку. Алгоритмический маркетинг.
Как перестать бояться и начать любить медийку. Алгоритмический маркетинг.Как перестать бояться и начать любить медийку. Алгоритмический маркетинг.
Как перестать бояться и начать любить медийку. Алгоритмический маркетинг.Molinos
 
Ethernetの受信処理
Ethernetの受信処理Ethernetの受信処理
Ethernetの受信処理Takuya ASADA
 
IBM research 5 in 5 report for 2017
IBM research 5 in 5 report for 2017IBM research 5 in 5 report for 2017
IBM research 5 in 5 report for 2017Pietro Leo
 
Esquema teams, grupos y planes (microsoft office 365)
Esquema teams, grupos y planes (microsoft office 365)Esquema teams, grupos y planes (microsoft office 365)
Esquema teams, grupos y planes (microsoft office 365)Ramon Costa i Pujol
 

Recommended

AGAINST ALL ODDS,PRESS ON
AGAINST ALL ODDS,PRESS ONAGAINST ALL ODDS,PRESS ON
AGAINST ALL ODDS,PRESS ONAmb Steve Mbugua
 
Polyglot Persistence with OSGi - Alexander Grzesik
Polyglot Persistence with OSGi - Alexander GrzesikPolyglot Persistence with OSGi - Alexander Grzesik
Polyglot Persistence with OSGi - Alexander Grzesikmfrancis
 
RPO Software
RPO SoftwareRPO Software
RPO SoftwareRrahul Sethi
 
Bitcoin : Beaucoup plus qu'une monnaie
Bitcoin : Beaucoup plus qu'une monnaieBitcoin : Beaucoup plus qu'une monnaie
Bitcoin : Beaucoup plus qu'une monnaiePhilippe Rodriguez
 
Как перестать бояться и начать любить медийку. Алгоритмический маркетинг.
Как перестать бояться и начать любить медийку. Алгоритмический маркетинг.Как перестать бояться и начать любить медийку. Алгоритмический маркетинг.
Как перестать бояться и начать любить медийку. Алгоритмический маркетинг.Molinos
 
Ethernetの受信処理
Ethernetの受信処理Ethernetの受信処理
Ethernetの受信処理Takuya ASADA
 
IBM research 5 in 5 report for 2017
IBM research 5 in 5 report for 2017IBM research 5 in 5 report for 2017
IBM research 5 in 5 report for 2017Pietro Leo
 
Esquema teams, grupos y planes (microsoft office 365)
Esquema teams, grupos y planes (microsoft office 365)Esquema teams, grupos y planes (microsoft office 365)
Esquema teams, grupos y planes (microsoft office 365)Ramon Costa i Pujol
 
managingyouraccesscontrolsystems-130223182036-phpapp01
managingyouraccesscontrolsystems-130223182036-phpapp01managingyouraccesscontrolsystems-130223182036-phpapp01
managingyouraccesscontrolsystems-130223182036-phpapp01Walter Sinchak,
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Bianca Mueller, LL.M.
 
BYOD risk management best practices
BYOD risk management best practices BYOD risk management best practices
BYOD risk management best practices Troy C. Fulton
 
DCD Converged Brazil 2016
DCD Converged Brazil 2016 DCD Converged Brazil 2016
DCD Converged Brazil 2016 Scott Carlson
 
Cyber security series vulnerability assessments
Cyber security series vulnerability assessmentsCyber security series vulnerability assessments
Cyber security series vulnerability assessmentsJim Kaplan CIA CFE
 
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Cloudera, Inc.
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security ResilienceJoel Aleburu
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
Privacy by Design or Privacy by Re-engineering
Privacy by Design or Privacy by Re-engineeringPrivacy by Design or Privacy by Re-engineering
Privacy by Design or Privacy by Re-engineeringAndre Cardinaal
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesAugmentedWorldExpo
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techiesBrenton Johnson
 
Is Bad Data Killing Your Customer Engagement Strategy?
Is Bad Data Killing Your Customer Engagement Strategy? Is Bad Data Killing Your Customer Engagement Strategy?
Is Bad Data Killing Your Customer Engagement Strategy? Marketo
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceVeridium
 
Secure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your BusinessSecure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your BusinessStacy Clements
 
Threat modelling & apps testing
Threat modelling & apps testingThreat modelling & apps testing
Threat modelling & apps testingAdrian Munteanu
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Scott Carlson
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseChristopher Beiring
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 
BCS ITNow 201609 - Defining the Latest Threats
BCS ITNow 201609 - Defining the Latest ThreatsBCS ITNow 201609 - Defining the Latest Threats
BCS ITNow 201609 - Defining the Latest ThreatsGareth Niblett
 
BCS ITNow 201606 - Insider Threats
BCS ITNow 201606 - Insider ThreatsBCS ITNow 201606 - Insider Threats
BCS ITNow 201606 - Insider ThreatsGareth Niblett
 

More Related Content

Similar to Preventing Predictable Problems (Possibly)

managingyouraccesscontrolsystems-130223182036-phpapp01
managingyouraccesscontrolsystems-130223182036-phpapp01managingyouraccesscontrolsystems-130223182036-phpapp01
managingyouraccesscontrolsystems-130223182036-phpapp01Walter Sinchak,
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Bianca Mueller, LL.M.
 
BYOD risk management best practices
BYOD risk management best practices BYOD risk management best practices
BYOD risk management best practices Troy C. Fulton
 
DCD Converged Brazil 2016
DCD Converged Brazil 2016 DCD Converged Brazil 2016
DCD Converged Brazil 2016 Scott Carlson
 
Cyber security series vulnerability assessments
Cyber security series vulnerability assessmentsCyber security series vulnerability assessments
Cyber security series vulnerability assessmentsJim Kaplan CIA CFE
 
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Cloudera, Inc.
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security ResilienceJoel Aleburu
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
Privacy by Design or Privacy by Re-engineering
Privacy by Design or Privacy by Re-engineeringPrivacy by Design or Privacy by Re-engineering
Privacy by Design or Privacy by Re-engineeringAndre Cardinaal
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesAugmentedWorldExpo
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techiesBrenton Johnson
 
Is Bad Data Killing Your Customer Engagement Strategy?
Is Bad Data Killing Your Customer Engagement Strategy? Is Bad Data Killing Your Customer Engagement Strategy?
Is Bad Data Killing Your Customer Engagement Strategy? Marketo
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceVeridium
 
Secure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your BusinessSecure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your BusinessStacy Clements
 
Threat modelling & apps testing
Threat modelling & apps testingThreat modelling & apps testing
Threat modelling & apps testingAdrian Munteanu
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Scott Carlson
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseChristopher Beiring
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 

Similar to Preventing Predictable Problems (Possibly) (20)

managingyouraccesscontrolsystems-130223182036-phpapp01
managingyouraccesscontrolsystems-130223182036-phpapp01managingyouraccesscontrolsystems-130223182036-phpapp01
managingyouraccesscontrolsystems-130223182036-phpapp01
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data?
 
BYOD risk management best practices
BYOD risk management best practices BYOD risk management best practices
BYOD risk management best practices
 
DCD Converged Brazil 2016
DCD Converged Brazil 2016 DCD Converged Brazil 2016
DCD Converged Brazil 2016
 
Cyber security series vulnerability assessments
Cyber security series vulnerability assessmentsCyber security series vulnerability assessments
Cyber security series vulnerability assessments
 
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security Resilience
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
Privacy by Design or Privacy by Re-engineering
Privacy by Design or Privacy by Re-engineeringPrivacy by Design or Privacy by Re-engineering
Privacy by Design or Privacy by Re-engineering
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techies
 
Is Bad Data Killing Your Customer Engagement Strategy?
Is Bad Data Killing Your Customer Engagement Strategy? Is Bad Data Killing Your Customer Engagement Strategy?
Is Bad Data Killing Your Customer Engagement Strategy?
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of Compliance
 
Secure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your BusinessSecure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your Business
 
Threat modelling & apps testing
Threat modelling & apps testingThreat modelling & apps testing
Threat modelling & apps testing
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident Response
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
 

More from Gareth Niblett

BCS ITNow 201609 - Defining the Latest Threats
BCS ITNow 201609 - Defining the Latest ThreatsBCS ITNow 201609 - Defining the Latest Threats
BCS ITNow 201609 - Defining the Latest ThreatsGareth Niblett
 
BCS ITNow 201606 - Insider Threats
BCS ITNow 201606 - Insider ThreatsBCS ITNow 201606 - Insider Threats
BCS ITNow 201606 - Insider ThreatsGareth Niblett
 
BCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber ResponseBCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber ResponseGareth Niblett
 
BCS ITNow 201303 - Cope, Educate, Secure
BCS ITNow 201303 - Cope, Educate, SecureBCS ITNow 201303 - Cope, Educate, Secure
BCS ITNow 201303 - Cope, Educate, SecureGareth Niblett
 
BCS ITNow 201306 - Share Securely
BCS ITNow 201306 - Share SecurelyBCS ITNow 201306 - Share Securely
BCS ITNow 201306 - Share SecurelyGareth Niblett
 
BCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic SecurityBCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic SecurityGareth Niblett
 
BCS ITNow 201312 - 2014 Threats
BCS ITNow 201312 - 2014 ThreatsBCS ITNow 201312 - 2014 Threats
BCS ITNow 201312 - 2014 ThreatsGareth Niblett
 
BCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionBCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionGareth Niblett
 
BCS ITNow 201406 - The Risk Business
BCS ITNow 201406 - The Risk BusinessBCS ITNow 201406 - The Risk Business
BCS ITNow 201406 - The Risk BusinessGareth Niblett
 
BCS ITNow 201409 - What's Going On
BCS ITNow 201409 - What's Going OnBCS ITNow 201409 - What's Going On
BCS ITNow 201409 - What's Going OnGareth Niblett
 
BCS ITNow 201412 - Stay Alert
BCS ITNow 201412 - Stay AlertBCS ITNow 201412 - Stay Alert
BCS ITNow 201412 - Stay AlertGareth Niblett
 
BCS ITNow 201506 - Silver Bullet
BCS ITNow 201506 - Silver BulletBCS ITNow 201506 - Silver Bullet
BCS ITNow 201506 - Silver BulletGareth Niblett
 
BCS ITNow 201509 - Identity
BCS ITNow 201509 - IdentityBCS ITNow 201509 - Identity
BCS ITNow 201509 - IdentityGareth Niblett
 
BCS ITNow 201512 - Cyber Innovation
BCS ITNow 201512 - Cyber InnovationBCS ITNow 201512 - Cyber Innovation
BCS ITNow 201512 - Cyber InnovationGareth Niblett
 
Why the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceWhy the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceGareth Niblett
 
RIPA: Perception and Practice
RIPA: Perception and PracticeRIPA: Perception and Practice
RIPA: Perception and PracticeGareth Niblett
 

More from Gareth Niblett (16)

BCS ITNow 201609 - Defining the Latest Threats
BCS ITNow 201609 - Defining the Latest ThreatsBCS ITNow 201609 - Defining the Latest Threats
BCS ITNow 201609 - Defining the Latest Threats
 
BCS ITNow 201606 - Insider Threats
BCS ITNow 201606 - Insider ThreatsBCS ITNow 201606 - Insider Threats
BCS ITNow 201606 - Insider Threats
 
BCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber ResponseBCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber Response
 
BCS ITNow 201303 - Cope, Educate, Secure
BCS ITNow 201303 - Cope, Educate, SecureBCS ITNow 201303 - Cope, Educate, Secure
BCS ITNow 201303 - Cope, Educate, Secure
 
BCS ITNow 201306 - Share Securely
BCS ITNow 201306 - Share SecurelyBCS ITNow 201306 - Share Securely
BCS ITNow 201306 - Share Securely
 
BCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic SecurityBCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic Security
 
BCS ITNow 201312 - 2014 Threats
BCS ITNow 201312 - 2014 ThreatsBCS ITNow 201312 - 2014 Threats
BCS ITNow 201312 - 2014 Threats
 
BCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionBCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss Prevention
 
BCS ITNow 201406 - The Risk Business
BCS ITNow 201406 - The Risk BusinessBCS ITNow 201406 - The Risk Business
BCS ITNow 201406 - The Risk Business
 
BCS ITNow 201409 - What's Going On
BCS ITNow 201409 - What's Going OnBCS ITNow 201409 - What's Going On
BCS ITNow 201409 - What's Going On
 
BCS ITNow 201412 - Stay Alert
BCS ITNow 201412 - Stay AlertBCS ITNow 201412 - Stay Alert
BCS ITNow 201412 - Stay Alert
 
BCS ITNow 201506 - Silver Bullet
BCS ITNow 201506 - Silver BulletBCS ITNow 201506 - Silver Bullet
BCS ITNow 201506 - Silver Bullet
 
BCS ITNow 201509 - Identity
BCS ITNow 201509 - IdentityBCS ITNow 201509 - Identity
BCS ITNow 201509 - Identity
 
BCS ITNow 201512 - Cyber Innovation
BCS ITNow 201512 - Cyber InnovationBCS ITNow 201512 - Cyber Innovation
BCS ITNow 201512 - Cyber Innovation
 
Why the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceWhy the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber Defence
 
RIPA: Perception and Practice
RIPA: Perception and PracticeRIPA: Perception and Practice
RIPA: Perception and Practice
 

Recently uploaded

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Recently uploaded (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 

Preventing Predictable Problems (Possibly)

  • 3. BADTHINGS CAN HAPPEN ACTION • ‘Wise Monkeys’ approach • Vulnerability disclosure • Service failure / denial • Data leak / breach • Data destruction REACTION • Increased costs • Recall / reputation damage • Fine / loss of license • Loss of revenue / value • Job losses / business closure
  • 5. PLANTO WIN • Solve a problem / innovate • Think ahead • Listen to experts • Prepare for failure • You can’t predict it all
  • 6. BUILDTO SURVIVE • Assess risks honestly • Scale flexibly & efficiently • Built-in security, not bolt-on • Test resilience plans • Adapt and overcome issues
  • 7. BE ‘UNWISE’ • Listen to customers, experts, and regulators • Speak (and ask) about concerns and problems • Look proactively for problems, and don't ignore Failure can be ‘fatal’
  • 8. EASY PICKINGS • Follow standards and test • Use secure protocols • Avoid bad defaults • Make patchable & automatic • Don’t overburden users
  • 9. INNOVATE SECURELY • Internet ofThings • Identity schemes • Surveillance tech • Augmented / virtual reality • Big data & analytics • Machine Learning / AI • Autonomous vehicles • Drones • Regulation & legislation • Blockchain
  • 11. INTERNET OFTHINGS • Use interoperable standards • Have on-device protection • Enable automatic updates • Manage external trust • Limit data collection & use
  • 12. IDENTITY SCHEMES • Provide broad user benefits • Make it citizen/user-centric • Decentralised & federated • Trusted throughout lifecycle • Transparent and auditable
  • 13. SURVEILLANCETECH • Necessary & proportionate • Minimise data & retention • Limit purposes & access • Oversight & accountability • Don’t be ‘evil’, or facilitate it
  • 14. AUGMENTED REALITY • Tackle online abuse • Be fair with ads & targeting • Ensure data quality • Take care with location data • AR/VR use may be sensitive
  • 15. BIG DATA & ANALYTICS • Limit scope / purpose • Be responsible and ethical • Understand anonymisation • Try prevent reidentification • Correct bad data & decisions
  • 16. MACHINE LEARNING / AI • Address ethics properly • Minimise algorithm biases • Accept robots taking jobs • Secure user-derived learning • Avoid Skynet / singularity
  • 17. AUTONOMOUSVEHICLES • Ensure secure connectivity • Address trolley problem • Get government support • Get insurance co backing • Leverage sensor data wisely
  • 18. DRONES • Regulate for safety & privacy • Geo-fence for safety & security • Handle GPS spoofing / jamming • Risk-based registration/ license • Monitor misuse and respond
  • 19. REGULATION & LEGISLATION • Keep it light touch • Limit strict / restrictive rules • Use to open opportunities • Status quos are not sacred • Accept always behind curve
  • 20. BLOCKCHAIN • Use appropriately • Beware of trade-offs • Features can help, or bite • Regulators & users matter • It’s just another database
  • 22. SECURITY GIVES PRIVACY • False dichotomy begone • Remember Ben Franklin • Backdoors undermine us all • Design for privacy, by default • Build and operate securely