In this session, we will discuss techniques for understanding and coping with the increase in attack surface introduced by IOT. We will touch on device-specific techniques such as protocol fuzzing and vulnerability assessment, validation of surrounding defensive systems, and the applicability of digital twins in validation scenarios.Learning Objectives:
The goals of SRE, DevSecOps and security are well-aligned with reliability and protection. Both aim to avoid as many incidents as possible by creating resilient secure systems. DevSecOps and SRE practices and tools can help compliment security objectives. Join this 6point6 and AWS session to find out how you can succeed with CNI security and modern practices
An update from the London ChapterLearning Objective:
AWS, Azure or Google Cloud Platform? Using live demonstrations, we'll compare security services and features for Identity, Private Networking and Content Delivery Networks - across all three clouds:
Identity: cloud customers typically create multiple AWS accounts, Azure subscriptions or GCP projects. How should a centralised source of identity be architected?
Private Networking: security conscious cloud customers use private networking as part of a defence in depth strategy - how can this be achieved with cloud services such as storage or serverless functions which are Internet facing by default?
Content Delivery Network: how can a web application be presented to global users with low latency and a high level of security?
And we'll wrap up by looking at the implications for organisations thinking about a multi-cloud approach to security.
Human is the weakest factor in information security, building their awareness and training them to be able to detect and appropriately respond to threat should be one of the top priorities of every CISO and company. This presentation will help you define your training and awareness needs, to identify and plan awareness raising and knowledge building activities, and will give you some tips, from my personal practice, to develop memorable content.Learning Objectives:
We all know that supply chains are getting longer and more complex - the world relies heavily on them and when someone in the chain catches a cold we all sneeze. Industries and businesses has seen them as a way of reducing cost, building efficiency and getting access to goods and services, cybersecurity professionals have seen them as another threat surface. In this session we will explore some of the recent developments and impacts and how they have changed in face of Covid.
People make mistakes. We can train them, we can write policies and procedures, we can run phishing tests, … and we still won’t have wiped out all the person-induced cyber risk from our organisations, because eventually someone will do something they shouldn’t.
So how should we act when this happens? Accept that we can’t stop all attacks all the time, and brush it off as “one of those things”? Go zero-tolerance on cyber error and call it gross misconduct by default? Can we, for that matter, even have a set policy on how we deal with someone doing something wrong?