SlideShare une entreprise Scribd logo

How to adapt to the IOT

Caston Thomas
Caston Thomas

Information Security Professionals are fast realizing that they are facing new challenges: 1) How do I strategize, budget, & execute today for a world that I can’t even imagine five years from now? 2) How do I sleep at night when after 99 successes, one small miscalculation could put my name on the front page of the Wall Street Journal or the headline of the Drudge Report? 3) Now that the guys in the high-back chairs in the corner offices want to invite me to their meetings, how do I put all this craziness into words that they can understand? In this fast changing world, let’s be honest, the pocketbooks have opened & IT Security is getting the funds <<yea>> & the attention <<boo>> that we need. The bottom line? You’ll leave this discussion with four or five things you can do that will keep you on the road to those 99 successes while making that story above the fold a little less likely.

Technologie
1  sur  17
Télécharger pour lire hors ligne
© 2015 InterWorks, Page 1 Caston Thomas How to Adapt to the IoT cthomas@iworkstech.com 586.530.4981
© 2015 InterWorks, Page 2 • IoT is NOT BYoD Defining IoT/What is IoT?
© 2015 InterWorks, Page 3 How Did This Slide Get in Here?!?
© 2015 InterWorks, Page 4 Sentinel Events – Examples we’ve seen to date… Night Dragon - 2011 Shamoon - 2012 Energetic Bear - 2012 Norwegian Oil & Gas - 2014 German steel works - 2014 Car Washes - 2015 Insulin Pumps - 2013
© 2015 InterWorks, Page 6 How Things Will Change
© 2015 InterWorks, Page 7 Potential impact & exposures?
© 2015 InterWorks, Page 9 Creating a New Security Framework
© 2015 InterWorks, Page 10 Be as specific as possible Identify all components Note business objectives Create use cases for each variant The “devil will be in the details” Start with the worst thing that can happen Make sure you include all relevant externalities (e.g., consumers, regulators, public opinion) Start with interfaces & potential attack surfaces including physical access Stay just outside the realm of what is reasonably foreseeable Pair the impacts with the vulnerabilities New threats will become apparent Potential threats may be considered speculative Use threats to help define impacts & vulnerabilities Threats will evolve as incentives change Threats will evolve as IoT becomes more common Build the Risk Model Define Use Cases Identify potential impact Define likely vulnerabilities Identify evolving threats
© 2015 InterWorks, Page 11 The Devices & Risks are Diverseso How Do We Secure Them?
© 2015 InterWorks, Page 12 Useful to Think in Terms of Overall Process Courtesy: F5 Labs
© 2015 InterWorks, Page 13 NIST smart meter flow diagram (2014)
© 2015 InterWorks, Page 14 Look at the Threat & Pair with Appropriate Controls Courtesy: ©2015 Leidos. Used with permission.
© 2015 InterWorks, Page 15 Campaign analysis is used to determine the patterns & behaviors of attackers Cyber Kill Chain® Campaign “Heat Map” Group intrusions together into “Campaigns” Prioritize & measure against each Campaign Understand the Threat Landscape
© 2015 InterWorks, Page 16 • Rethink Everything!!! – Reduce the surface!!! – Tech Selection – Based on Meta Trends! • Know Your Line-Up!!! – Your Users, Executives & Management – Learn & Teach – Your Adversaries – Anticipate their Tactics, Techniques & Procedures – Your Network (IoP) – Take a Vendor to Lunch • Use the Resources that Are on Your Side!!! – Leverage Management’s Focus on Security – Retool your Response Processes – Measure & Adapt Creating an IoT security strategy
© 2015 InterWorks, Page 17 Prevention is ideal, but detection is a must. However, detection without correction has minimal value. Automate the Response Based on Policies. MOVE & DISABLERESTRICT ACCESSALERT & REMEDIATE Deploy a Virtual Firewall around an infected or non-compliant device Reassign the device into a VLAN with restricted access Update access lists (ACLs) on switches, firewalls & routers to restrict access Automatically move device to a pre- configured guest network Open trouble ticket Send email notification SNMP Traps Syslog HTTP browser hijack Auditable end-user acknowledgement Self-remediation Integrate with SMS, WSUS, SCCM, Lumension, BigFix Reassign device from production VLAN to quarantine VLAN Block access with 802.1X Alter login credentials to block access Block access with device authentication Turn off switch port (802.1X or SNMP) Terminate unauthorized applications Disable peripheral device Rethinking the Technology Components & Responses
© 2015 InterWorks, Page 20 • Next week you should: – Begin identifying the IoT implementations that are in place, planned, or anticipated – not just inside your organization, but also in possession of your key people & partners – Identify security policies or procedures that may be impacted by IoT • In the next 90 days: – Begin applying the risk models & review results with management – Identify mitigation steps & associated costs to achieve desired state – Review insurance coverage & applicability • In the next year: – Implement ongoing security monitoring (real-time with automated response) – Continue identifying the IoT risks that you don’t control that affect your organization – Build your IoP to collaborate on your evolution into this new world we’re entering – Revise risk management model & obtain necessary approvals after each change of scope (and you better believe that scope will change frequently) 7 or 8 or 9 things we can do to prepare
© 2015 InterWorks, Page 23 Thank You! And Now… It’s YOUR Turn!

Recommandé

Outpost24 Webinar - Common wireless security threats and how to avoid them
Outpost24 Webinar - Common wireless security threats and how to avoid themOutpost24 Webinar - Common wireless security threats and how to avoid them
Outpost24 Webinar - Common wireless security threats and how to avoid themOutpost24
 
Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint SecurityAdrian Sanabria
 
Cylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewCylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewInnovation Network Technologies: InNet
 
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusFive Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusSarah Vanier
 
5 benefits of network monitoring
5 benefits of network monitoring5 benefits of network monitoring
5 benefits of network monitoringFlightcase1
 
Container Security: What Enterprises Need to Know
Container Security: What Enterprises Need to KnowContainer Security: What Enterprises Need to Know
Container Security: What Enterprises Need to KnowDevOps.com
 
Intel Security Endpoint Protection
Intel Security Endpoint ProtectionIntel Security Endpoint Protection
Intel Security Endpoint ProtectionTrustmarque
 

Recommandé

Outpost24 Webinar - Common wireless security threats and how to avoid them
Outpost24 Webinar - Common wireless security threats and how to avoid themOutpost24 Webinar - Common wireless security threats and how to avoid them
Outpost24 Webinar - Common wireless security threats and how to avoid themOutpost24
 
Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint SecurityAdrian Sanabria
 
Cylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewCylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewInnovation Network Technologies: InNet
 
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusFive Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusSarah Vanier
 
5 benefits of network monitoring
5 benefits of network monitoring5 benefits of network monitoring
5 benefits of network monitoringFlightcase1
 
Container Security: What Enterprises Need to Know
Container Security: What Enterprises Need to KnowContainer Security: What Enterprises Need to Know
Container Security: What Enterprises Need to KnowDevOps.com
 
Intel Security Endpoint Protection
Intel Security Endpoint ProtectionIntel Security Endpoint Protection
Intel Security Endpoint ProtectionTrustmarque
 
The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesMajor Hayden
 
Outpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24
 
Outpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24
 
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015TierPoint
 
If We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantIf We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantNathan Burke
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security TestingPECB
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachEast Midlands Cyber Security Forum
 
The view of auditor on cybercrime
The view of auditor on cybercrimeThe view of auditor on cybercrime
The view of auditor on cybercrimeMarc Vael
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNorth Texas Chapter of the ISSA
 
ImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePageImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePageAlisa Alvich
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24
 
Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24
 
Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24
 
Infographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud SecurityInfographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud SecurityIntronis MSP Solutions by Barracuda
 
10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITYRazorpoint Security
 
Revitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr HealthRevitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr Healthbugcrowd
 
You can't teach an old dog new tricks
You can't teach an old dog new tricksYou can't teach an old dog new tricks
You can't teach an old dog new tricksWatchful Software
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24
 
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITYSOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITYDialogueScience
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?London School of Cyber Security
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iotCaston Thomas
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report SummaryAccenture Technology
 

Contenu connexe

Tendances

The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesMajor Hayden
 
Outpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24
 
Outpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24
 
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015TierPoint
 
If We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantIf We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantNathan Burke
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security TestingPECB
 
The view of auditor on cybercrime
The view of auditor on cybercrimeThe view of auditor on cybercrime
The view of auditor on cybercrimeMarc Vael
 
ImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePageImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePageAlisa Alvich
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24
 
Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24
 
Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24
 
Infographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud SecurityInfographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud SecurityIntronis MSP Solutions by Barracuda
 
10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITYRazorpoint Security
 
Revitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr HealthRevitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr Healthbugcrowd
 
You can't teach an old dog new tricks
You can't teach an old dog new tricksYou can't teach an old dog new tricks
You can't teach an old dog new tricksWatchful Software
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24
 
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITYSOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITYDialogueScience
 

Tendances (20)

The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilities
 
Outpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24 webinar: Risk-based approach to security assessments
Outpost24 webinar: Risk-based approach to security assessments
 
Outpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust model
 
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015
Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015
 
If We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantIf We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s Important
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security Testing
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
 
The view of auditor on cybercrime
The view of auditor on cybercrimeThe view of auditor on cybercrime
The view of auditor on cybercrime
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
 
ImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePageImageQuest_Cybersecurity_OnePage
ImageQuest_Cybersecurity_OnePage
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud security
 
Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...
 
Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security
 
Infographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud SecurityInfographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud Security
 
10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY
 
Revitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr HealthRevitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr Health
 
You can't teach an old dog new tricks
You can't teach an old dog new tricksYou can't teach an old dog new tricks
You can't teach an old dog new tricks
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk score
 
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITYSOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 

Similaire à How to adapt to the IOT

7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iotCaston Thomas
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report SummaryAccenture Technology
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18japijapi
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud worldZscaler
 
Quantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate LeadershipQuantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate LeadershipNetskope
 
智慧市政大未來 主題一
智慧市政大未來 主題一智慧市政大未來 主題一
智慧市政大未來 主題一Mavis CHU
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)Rui Miguel Feio
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductSalesforce Developers
 
IBM Mobile Overview for Ecosystem Partners
IBM Mobile Overview for Ecosystem PartnersIBM Mobile Overview for Ecosystem Partners
IBM Mobile Overview for Ecosystem PartnersJeremy Siewert
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinCloud Expo
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 
Webinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsWebinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsSolarWinds
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldMark Nunnikhoven
 

Similaire à How to adapt to the IOT (20)

7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report Summary
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
 
Quantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate LeadershipQuantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate Leadership
 
智慧市政大未來 主題一
智慧市政大未來 主題一智慧市政大未來 主題一
智慧市政大未來 主題一
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT Product
 
IBM Mobile Overview for Ecosystem Partners
IBM Mobile Overview for Ecosystem PartnersIBM Mobile Overview for Ecosystem Partners
IBM Mobile Overview for Ecosystem Partners
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny Heaberlin
 
The Economics of Security
The Economics of SecurityThe Economics of Security
The Economics of Security
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
Webinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsWebinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWinds
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
 

Plus de Caston Thomas

Master gardeners... meet... "High Yech"
Master gardeners... meet... "High Yech"Master gardeners... meet... "High Yech"
Master gardeners... meet... "High Yech"Caston Thomas
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Caston Thomas
 
New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)Caston Thomas
 
How to adapt to the IoT
How to adapt to the IoTHow to adapt to the IoT
How to adapt to the IoTCaston Thomas
 
The internet of things (io t) for issa v1.3
The internet of things (io t) for issa v1.3The internet of things (io t) for issa v1.3
The internet of things (io t) for issa v1.3Caston Thomas
 
Inter works golden circles for healthcare it
Inter works golden circles for healthcare itInter works golden circles for healthcare it
Inter works golden circles for healthcare itCaston Thomas
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing InvestmentsCaston Thomas
 
How I learned to stop worrying & love the BYOD
How I learned to stop worrying & love the BYODHow I learned to stop worrying & love the BYOD
How I learned to stop worrying & love the BYODCaston Thomas
 

Plus de Caston Thomas (8)

Master gardeners... meet... "High Yech"
Master gardeners... meet... "High Yech"Master gardeners... meet... "High Yech"
Master gardeners... meet... "High Yech"
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3
 
New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)
 
How to adapt to the IoT
How to adapt to the IoTHow to adapt to the IoT
How to adapt to the IoT
 
The internet of things (io t) for issa v1.3
The internet of things (io t) for issa v1.3The internet of things (io t) for issa v1.3
The internet of things (io t) for issa v1.3
 
Inter works golden circles for healthcare it
Inter works golden circles for healthcare itInter works golden circles for healthcare it
Inter works golden circles for healthcare it
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments
 
How I learned to stop worrying & love the BYOD
How I learned to stop worrying & love the BYODHow I learned to stop worrying & love the BYOD
How I learned to stop worrying & love the BYOD
 

Dernier

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 

Dernier (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 

How to adapt to the IOT

  • 1. © 2015 InterWorks, Page 1 Caston Thomas How to Adapt to the IoT cthomas@iworkstech.com 586.530.4981
  • 2. © 2015 InterWorks, Page 2 • IoT is NOT BYoD Defining IoT/What is IoT?
  • 3. © 2015 InterWorks, Page 3 How Did This Slide Get in Here?!?
  • 4. © 2015 InterWorks, Page 4 Sentinel Events – Examples we’ve seen to date… Night Dragon - 2011 Shamoon - 2012 Energetic Bear - 2012 Norwegian Oil & Gas - 2014 German steel works - 2014 Car Washes - 2015 Insulin Pumps - 2013
  • 5. © 2015 InterWorks, Page 6 How Things Will Change
  • 6. © 2015 InterWorks, Page 7 Potential impact & exposures?
  • 7. © 2015 InterWorks, Page 9 Creating a New Security Framework
  • 8. © 2015 InterWorks, Page 10 Be as specific as possible Identify all components Note business objectives Create use cases for each variant The “devil will be in the details” Start with the worst thing that can happen Make sure you include all relevant externalities (e.g., consumers, regulators, public opinion) Start with interfaces & potential attack surfaces including physical access Stay just outside the realm of what is reasonably foreseeable Pair the impacts with the vulnerabilities New threats will become apparent Potential threats may be considered speculative Use threats to help define impacts & vulnerabilities Threats will evolve as incentives change Threats will evolve as IoT becomes more common Build the Risk Model Define Use Cases Identify potential impact Define likely vulnerabilities Identify evolving threats
  • 9. © 2015 InterWorks, Page 11 The Devices & Risks are Diverseso How Do We Secure Them?
  • 10. © 2015 InterWorks, Page 12 Useful to Think in Terms of Overall Process Courtesy: F5 Labs
  • 11. © 2015 InterWorks, Page 13 NIST smart meter flow diagram (2014)
  • 12. © 2015 InterWorks, Page 14 Look at the Threat & Pair with Appropriate Controls Courtesy: ©2015 Leidos. Used with permission.
  • 13. © 2015 InterWorks, Page 15 Campaign analysis is used to determine the patterns & behaviors of attackers Cyber Kill Chain® Campaign “Heat Map” Group intrusions together into “Campaigns” Prioritize & measure against each Campaign Understand the Threat Landscape
  • 14. © 2015 InterWorks, Page 16 • Rethink Everything!!! – Reduce the surface!!! – Tech Selection – Based on Meta Trends! • Know Your Line-Up!!! – Your Users, Executives & Management – Learn & Teach – Your Adversaries – Anticipate their Tactics, Techniques & Procedures – Your Network (IoP) – Take a Vendor to Lunch • Use the Resources that Are on Your Side!!! – Leverage Management’s Focus on Security – Retool your Response Processes – Measure & Adapt Creating an IoT security strategy
  • 15. © 2015 InterWorks, Page 17 Prevention is ideal, but detection is a must. However, detection without correction has minimal value. Automate the Response Based on Policies. MOVE & DISABLERESTRICT ACCESSALERT & REMEDIATE Deploy a Virtual Firewall around an infected or non-compliant device Reassign the device into a VLAN with restricted access Update access lists (ACLs) on switches, firewalls & routers to restrict access Automatically move device to a pre- configured guest network Open trouble ticket Send email notification SNMP Traps Syslog HTTP browser hijack Auditable end-user acknowledgement Self-remediation Integrate with SMS, WSUS, SCCM, Lumension, BigFix Reassign device from production VLAN to quarantine VLAN Block access with 802.1X Alter login credentials to block access Block access with device authentication Turn off switch port (802.1X or SNMP) Terminate unauthorized applications Disable peripheral device Rethinking the Technology Components & Responses
  • 16. © 2015 InterWorks, Page 20 • Next week you should: – Begin identifying the IoT implementations that are in place, planned, or anticipated – not just inside your organization, but also in possession of your key people & partners – Identify security policies or procedures that may be impacted by IoT • In the next 90 days: – Begin applying the risk models & review results with management – Identify mitigation steps & associated costs to achieve desired state – Review insurance coverage & applicability • In the next year: – Implement ongoing security monitoring (real-time with automated response) – Continue identifying the IoT risks that you don’t control that affect your organization – Build your IoP to collaborate on your evolution into this new world we’re entering – Revise risk management model & obtain necessary approvals after each change of scope (and you better believe that scope will change frequently) 7 or 8 or 9 things we can do to prepare
  • 17. © 2015 InterWorks, Page 23 Thank You! And Now… It’s YOUR Turn!