Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity Concepts for Engineers

Published byTheodora Ford Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity Concepts for Engineers"— Presentation transcript:

1 Cybersecurity Concepts for Engineers
James Kritikos Michelle le

2 What - Context Internet of things devices becoming more popular
More devices, more opportunities for hackers Mirai Botnet: Hacked IOT devices Hacking of cars Security must be a priority in the design, not an afterthought

3 WHO Engineering Students of all disciplines
Designers of systems that involve software Should understand most common problems

4 Why? Privacy Risks Safety Risks More IOT sensors, more cloud data
Financial Information Health Information Safety Risks Critical products depend on software Stoves, Ovens Cars Medical Devices

5 Why Again? PEO: Duty to public welfare is paramount
Engineers should understand their role in the security design

6 How? (OWASP) Open Web Application Security Project OWASP Top 10
OWASP Top 10 Understand most common vulnerabilities

7 Untrusted Input Mishandling user submitted data
Never use untrusted data as-is Enter a temperature: _____  “dog” Is “dog” > -40 ?  Error Unexpected behavior can lead to exploitation

8 BEWARE OF DEFAULTS Designing an electronic door lock
Off the shelf products: Raspberry Pi Linux OS Is Wi-Fi on by default? FTP? Printer Services? Firewall Enabled? Remove unnecessary pieces, reduce attack surface Make conscious decisions about settings

9 Logging and Alerts Many IOT devices have server-side components
E.g. Smart thermostat allowing remote control Detect abnormal behavior quickly In 2016, identifying a breach took an average of 191 days (Ponemon Institute, 2017) If hacking attempts are not detected, the likelihood of a successful attack approaches 100%. (OWASP, 2017) [1]: Cost of Data Breach Study. Ponemon Institue and IBM Security. (2017). Retrieved from [2]: The OWASP Foundation OWASP Top 10 – 2017, The Ten Most Critical Web Application Security Risks. (2017). Retrieved from

10 Conclusion Non-software products are running software
Engineers across disciplines are dealing with software Engineers must have knowledge of security and best practices

Download ppt "Cybersecurity Concepts for Engineers"

Similar presentations

Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Lecture 17 Introduction to Hacking. WHAT IS NETWORK SECURITY? Security is much larger than just packets, firewalls, and hackers. Security includes: –

Lecture 17 Introduction to Hacking. WHAT IS NETWORK SECURITY? Security is much larger than just packets, firewalls, and hackers. Security includes: –
The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.

The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.

Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Research Directions for the Internet of Things Supervised by: Dr. Nouh Sabry Presented by: Ahmed Mohamed Sayed.

Research Directions for the Internet of Things Supervised by: Dr. Nouh Sabry Presented by: Ahmed Mohamed Sayed.
REMOTE CONTROL CARS Jonathan Chandler CSCE 390 001 April 21, 2011.

REMOTE CONTROL CARS Jonathan Chandler CSCE April 21, 2011.
Risk management planning related to Health Information Technology

Risk management planning related to Health Information Technology
By Edith Butler Fall 2008. Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
Configuring Electronic Health Records Privacy and Security in the US Lecture f This material (Comp11_Unit7f) was developed by Oregon Health & Science University,

Configuring Electronic Health Records Privacy and Security in the US Lecture f This material (Comp11_Unit7f) was developed by Oregon Health & Science University,
Internet of Things Top Ten. Agenda -Introduction -Misconception -Considerations -The OWASP Internet of Things Top 10 Project -The Top 10 Walkthrough.

Internet of Things Top Ten. Agenda -Introduction -Misconception -Considerations -The OWASP Internet of Things Top 10 Project -The Top 10 Walkthrough.
© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.

© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Cyber Security Action against cyber crime. What is cyber security?  Cyber security standards are security standards which enable organizations to practice.

Cyber Security Action against cyber crime. What is cyber security?  Cyber security standards are security standards which enable organizations to practice.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.

Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

Similar presentations

Ads by Google