Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
David A. Brown Chief Information Security Officer State of Ohio
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Security+ Guide to Network Security Fundamentals
System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
SiteLock Internet Security: Big Threats for Small Business.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Lessons Learned in Smart Grid Cyber Security
Honeypot and Intrusion Detection System
Data Fusion & Multi-Sensors in Power Grids Rabinder N. Madan FIEEE Program Manager, Systems Theory Office of Naval Research.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Internet of Things Top Ten. Agenda -Introduction -Misconception -Considerations -The OWASP Internet of Things Top 10 Project -The Top 10 Walkthrough.
Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
I-Hack’08 International Hacking Competition “Details”
Smart Grid Energy Generation Renewable Energy Distributed Generation Transmission & Distribution Load Management Demand Response Electrical Vehicles Charging.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Internet of Things (Ref: Slideshare)
Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.
Internet of Things. IoT Novel paradigm – Rapidly gaining ground in the wireless scenario Basic idea – Pervasive presence around us a variety of things.
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
Role Of Network IDS in Network Perimeter Defense.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
State of IoT Gary Audin Delphi, Inc.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Internet of Things – Getting Started
فایل ارائه حاضر توسط مرکز تحقیقات فناوری «اینترنتی از اشیاء »
Critical Security Controls
Welcome to Our Presentation
CompTIA Security+ SY0-401 Real Exam Question Answer
Introduction to IOT and Firmware Reversing
Set up your own Cloud The search for a secure and acceptable means of gaining access to your files stored at the office from a remote location.
CompTIA Server+ Certification (Exam SK0-004)
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 1 Fundamentals of Information Systems.
Hello, Today we will look at cyber security and the Internet of Things and how it could impact our business.
Virtualize real-time sensor data from Azure IoT Hub
IOT ppt
The Internet of Things (IoT)
Internet of Things Vulnerabilities
What we learn during Program
Securing the Internet of Things: Key Insights and Best Practices Across the Industry Theresa Bui Revon IoT Cloud Strategy.
Back to the Future with Information Security How Embedded Devices Have Turned Back the Security Clock James Edge Information Security Specialist.
Internet of Things (IoT) for Industrial Development and Automation
IOT Acronym as “Internet Of Things”
فایل ارائه حاضر توسط مرکز تحقیقات فناوری «اینترنت اشیا» ایران
Internet of Things (IoT)
Welcome to The World of Internet of Things
Trust by Design: The Internet of Things
6. Application Software Security
IoT and Supply Chain Risk Management
Presentation transcript:

Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet of Things (IoT) Security Considerations for Higher Education

What is IoT? The Internet of Things (IoT) is the network of physical objects—devices, vehicles, buildings and other items embedded with electronics, software, sensors, and network connectivity—that enables these objects to collect and exchange data. Education – Partnership – Solutions Information Security Office of Budget and Finance

Various Names, One Concept M2M (Machine to Machine) “Internet of Everything” (Cisco Systems) “World Size Web” (Bruce Schneier) “Skynet” (Terminator movie) Education – Partnership – Solutions Information Security Office of Budget and Finance

Education – Partnership – Solutions Information Security Office of Budget and Finance

Where is IoT? Education – Partnership – Solutions Information Security Office of Budget and Finance It’s everywhere!

Smart Appliances Healthcare Education – Partnership – Solutions Information Security Office of Budget and Finance Wearable Tech

Education – Partnership – Solutions Information Security Office of Budget and Finance

Where is IoT? Education – Partnership – Solutions Information Security Office of Budget and Finance On your campus…

Education – Partnership – Solutions Information Security Office of Budget and Finance

The IoT Market As of 2013, 9.1 billion IoT units Expected to grow to 28.1 billion IoT devices by 2020 Revenue growth from $1.9 trillion in 2013 to $7.1 trillion in 2020 Education – Partnership – Solutions Information Security Office of Budget and Finance

Why be concerned about IoT? It’s just another computer, right? ◦ All of the same issues we have with access control, vulnerability management, patching, monitoring, etc. ◦ Imagine your network with 1,000,000 more devices ◦ Any compromised device is a foothold on the network Education – Partnership – Solutions Information Security Office of Budget and Finance

Does IoT add additional risk? Are highly portable devices captured during vulnerability scans? Where is your network perimeter? Are consumer devices being used in areas – like health care – where reliability is critical? Do users install device management software on other computers? Is that another attack vector? Education – Partnership – Solutions Information Security Office of Budget and Finance

Attacking IoT Default, weak, and hardcoded credentials Difficult to update firmware and OS Lack of vendor support for repairing vulnerabilities Vulnerable web interfaces (SQL injection, XSS) Coding errors (buffer overflow) Clear text protocols and unnecessary open ports DoS / DDoS Physical theft and tampering Education – Partnership – Solutions Information Security Office of Budget and Finance

Case Study: Trane Connected thermostat vulnerabilities detected by Cisco’s Talos group allowed foothold into network 12 months to publish fixes for 2 vulnerabilities 21 months to publish fix for 1 vulnerability Device owners may not be aware of fixes, or have the skill to install updates Education – Partnership – Solutions Information Security Office of Budget and Finance

Case Study: Lessons Learned All software can contain vulnerabilities Public not informed for months Vendors may delay or ignore issues Product lifecycles and end-of-support Patching IoT devices may not scale in large environments Education – Partnership – Solutions Information Security Office of Budget and Finance

Recommendations Accommodate IoT with existing practices: ◦ Policies, Procedures, & Standards ◦ Awareness Training ◦ Risk Management ◦ Vulnerability Management ◦ Forensics Education – Partnership – Solutions Information Security Office of Budget and Finance

Recommendations Plan for IoT growth: ◦ Additional types of logging, log storage: Can you find the needle in the haystack? ◦ Increased network traffic: will your firewall / IDS / IPS be compatible and keep up? ◦ Increased demand for IP addresses both IPv4 and IPv6 ◦ Increased network complexity – should these devices be isolated or segmented? Education – Partnership – Solutions Information Security Office of Budget and Finance

Recommendations Strengthen partnerships with researchers, vendors, and procurement department Education – Partnership – Solutions Information Security Office of Budget and Finance

Threat vs. Opportunity If misunderstood and misconfigured, IoT poses risk to our data, privacy, and safety If understood and secured, IoT will enhance communications, lifestyle, and delivery of services Education – Partnership – Solutions Information Security Office of Budget and Finance

Thank you! Oh, and if you know what this does, could you let me know after the presentation? Education – Partnership – Solutions Information Security Office of Budget and Finance

Education – Partnership – Solutions Information Security Office of Budget and Finance

Questions and Discussion Education – Partnership – Solutions Information Security Office of Budget and Finance

References Education – Partnership – Solutions Information Security Office of Budget and Finance

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.