June 10th, 2021 MEMBER MEETING IoT Endpoint security: Failure of Security to Protect

Please enjoy this free playback link. https://register.gotowebinar.com/register/6492462645812148493

7:00 PM Session One: Internet of Things, IoT, Reducing Vulnerability and Unauthorized Endpoints by Implementing Least Privilege

Abstract: IT security organizations big and small are concerned about threats from applications, endpoints, especially unmanaged endpoints, and IoT devices. They want to reduce the number of unknown endpoints/IoT devices and are concerned about unauthorized endpoints in the network.

They are concerned about the vulnerability of these endpoints and are wondering how to detect IoT device compromise. Protecting IoT devices, to segment them with least privileged access is a real challenge.
Further, the organization must make sure sensitive data sent by these devices is protected while at rest and in motion.
Finally, they must address privacy concerns on the data stored, and data processing throughout the product lifecycle.
With all these challenges, where does the organization start? As security professionals, how do we onboard and secure these IoT devices?
This discussion provides approaches that help to identify, gather context, understand behavior, and implement necessary segmentation of IoT devices.

Speaker Krishnan Thiruvengadam, Sr. Technical Marketing Engineer at Cisco, Director Communications, ISC2 East Bay Chapter

Sr. Technical Marketing Engineer, Drives product technical direction for Endpoint Analytics and newer innovations towards the Trusted workplace. Providing deployment solutions to customers and integration with customer eco-systems, Krishnan is an expert in Cisco ISE, its performance, integrations, and use cases. He evangelizes and presents the solution with experts in a variety of forums. Krishnan Develops the TDM, Solution deployment documentation, white papers, videos, demos. Work with customer/partner in adoption/POV etc.

Learn more from Krishnan about End Point Analytics

8:00 PM to 9:00 PM Session Two: The Failure of Security to Protect

Jacques Remi Francoeur (MBA, M.A.Sc., B.A.Sc.) Presents Security and Assurance Working Group, Digital Currency Global Initiative

The Failure of Security to Protect
The total global economy in 2018 was estimated to be $86 Trillion. It is estimated that there are 4,5B people connected to the Internet, as of June 2019, based on a population of 7,7B, a 58.8% Internet penetration. The Global Risks Report 2019 outlines the greatest risks facing the world, cyber threats are the 4th most significant societal risk that is by no means under control. As the world accelerates into the 4th Industrial Revolution, according to the ITU Global Cybersecurity Index 2018, 73% of the Internet connected world today is unprotected while the remaining 27%, who think they are protected, spend 80% of the global security spending estimated to be $300B by 2023.
Is Protection just for the Rich?
Today, people extending themselves into the digital world are highly exposed to potential significant harm and have no way to detect or prevent the threat.
Should Digital Protection be a Human Right!
Security Inclusion Now! is a call-to-action to urgently drive global action to prevent an eventual untenable global situation that threatens the promises of the 4th industrial revolution – the increasing digital protection divide, the gap between the demand for protection and the available supply.
The asymmetry of the problem is ironic. When we look at a rapidly morphing, well-funded and increasingly sophisticated and difficult to attribute threat, in relation to our current industry capability, there are significant limitations that if not addresses will inherently prevent society from achieving the required “one protection for all” with enough assurance at a reasonable cost.
In a highly interconnected world, no one is protected unless everyone is.
The presenter will explore a new way forward to transition from notional to precision security and from security information in a world of friction to security knowledge in a frictionless world. This will enable those less expert to participate in the protection of their organizations.

Security Control Expressions (SCE) Store Security Knowledge

Everyday security professionals spend countless hours searching for information that is highly distributed and fragmented. This highly subjective and non-interoperable information must be interpreted, synthesized, and communicated to stakeholders.

All matters security can be described uniquely & unambiguously by a simple “expression” model between 6 actors engaged in 5 relationships. The model is published by the ITU, Study Group 17: Security as Technical Report Unified Security Model.

  • Genesis Cybersecurity Program is the practitioner training program on the SCE Model innovation. The program involves the transfer & institutionalization of the capability to different centers of expertise for the development of a sustainable & growing security training & knowledge capture capability.
  • SINOW Security Validation Platform is a software tool that emulates the SCE model. A nested and iterative process stores security knowledge which is then available frictionlessly to all other dependent practitioners for knowledge verification or their specialized dependent knowledge contribution. It transforms Security & Compliance information in a world of friction to Security & Compliance knowledge in a frictionless world. By enabling instant and frictionless navigation & visualization of any security control, its state, relationships, and dependencies, the security practitioner is free to focus on security and not finding information.

About our speaker: Jacques Remi Francoeur (MBA, M.A.Sc., B.A.Sc.)

Jacques is the founder and Chief Scientist of Security Inclusion Now – the USA, a California-based consulting, training, and software organization innovating in security tool development. Jacques is also a member of the World Economic Forum Expert Network recognized as a Blockchain security expert and the Team Lead of the Security & Assurance Working Group of the Digital Currency Global Initiative, a joint program of the International Telecommunications Union (ITU) & Stanford University.

Jacques has an MBA with honors from Concordia University, Montreal; M.A.Sc from the University of Toronto, Institute for Aerospace Studies and a B.A.Sc. in Engineering Science, Aerospace Engineering from the University of Toronto.

Jacques has over 30+ years of experience in high technology beginning his career as an Aerospace Engineer with the Canadian Space Agency, next moving to Silicon Valley in 1999, beginning his privacy and security consulting advisory career with KPMG, followed by SAIC and E&Y. Jacques is a 2018/19/20 US Delegate to the U.S. Department of State to ITU, Standardization Study Group 17: Security. He was also Vice-Chair of the ITU Focus Group on Digital Fiat Currency and co-chair of the Security Working Group. Finally, Jacques is also a US Marine Corp Cyber Auxiliary.

Jacques Remi Francoeur M.A.Sc, B.A.Sc, MBA

Chief Scientist & Founder
Security Inclusion Now, USA

SecurityInclusionNow.org
jacques@securityinclusionnow.org

https://www.linkedin.com/in/innoonewetrust/

Team Lead: Security & Assurance Working Group
Digital Currency Global Initiative,
International Telecommunications Union

USA Delegate (2018 to present) Security Expert & Contributor
ITU, Standardization, Study Group 17: SecurityExpert Network Member
World Economic Forum, Security