Abstract image of a woman sitting on books and studying on a laptop

Thecavalryisus owasp eee-oct2015_v2

A
Aurelijus Stanislovaitis

The document emphasizes the urgent need for improved security in connected technologies, as society adopts these technologies faster than they can be secured. It outlines the mission of 'I am the Cavalry' to ensure that connected devices are trustworthy and safe, advocating collaboration among various stakeholders. The initiative promotes a 5-star framework for cyber safety, aiming to prevent failures and enhance public safety across medical, automotive, and infrastructure sectors.

Internet
1 of 36
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
I AM THE CAVALRY http://iamthecavalry.org @iamthecavalry SHOULDN’T YOU BE ALSO?
CLAUS CRAMON HOUMANN Infosec Community Manager @ Peerlyst (A start-up Infosec community/Social platform that wants to turn the tables on cyber security) Infosec Consultant The Analogies contributor Twitter: @claushoumann
IDEA “Our dependence on technology is growing faster than our ability to secure it”
IDEA “Our society has evolved faster than our laws”
IDEA But why wait.......
ALL SYSTEMS FAIL* * Yes; all
WHERE DO WE SEE CONNECTIVITY NOW? In Our Bodies In Our Homes In Our InfrastructureIn Our Cars
HEARTBLEED + (UNPATCHABLE) INTERNET OF THINGS == ___ ? In Our Bodies In Our Homes In Our InfrastructureIn Our Cars
SAY BABY MONITORS AGAIN? In Our Homes Source: Rapid7 research/Mark Stanislav: Baby monitors https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-
THEN
BUT ALSO
IT’S SAFETY NOT JUST SECURITY Ouch!
Cars have computers Computers have security issues Security issues in cars are safety issues Safety issues can cost or imperil lives
www.iamthecavalry.org @iamthecavalry Past versus Future Bolt-On Vs Built-In
SOMEONE WILL FIX IT FOR US Chapter 2
Thecavalryisus owasp eee-oct2015_v2
OR NOT…….. Chapter 3
Let’s create ripples
A DO-OCRACY OF DO’ERS. W H ER E D OIN G STARTS W ITH EMPATHY And by ripples I mean
Thecavalryisus owasp eee-oct2015_v2
Thecavalryisus owasp eee-oct2015_v2
Thecavalryisus owasp eee-oct2015_v2
The Point?
NEVER DOUBT THAT A SMALL GROUP OF THOUGHTFUL, COMMITTED CITIZENS CAN CHANGE THE WORLD; IT’S THE ONLY THING THAT EVER HAS. - MAR GAR ET MEAD ( A N A M E R I C A N C U LT U R A L A N T H R O P O L O G I S T )
•The The Cavalry isn’t coming… It falls to us Problem Statement Our society is adopting connected technology faster than we are able to secure it. Mission Statement To ensure connected technologies with the potential to impact public safety and human life are worthy of our trust. Collecting existing research, researchers, and resources Connecting researchers with each other, industry, media, policy, and legal Collaborating across a broad range of backgrounds, interests, and skillsets Catalyzing positive action sooner than it would have happened on its own Why Trust, public safety, human life How Education, outreach, research Who Infosec research community Who Global, grass roots initiative WhatLong-term vision for cyber safety Medical Automotive Connected Home Public Infrastructure I Am The Cavalry
Connections and Ongoing Collaborations 5-Star Framework 5-Star Capabilities  Safety by Design – Anticipate failure and plan mitigation  Third-Party Collaboration – Engage willing allies  Evidence Capture – Observe and learn from failure  Security Updates – Respond quickly to issues discovered  Segmentation & Isolation – Prevent cascading failure Addressing Automotive Cyber Systems Automotive Engineers Security Researchers Policy Makers Insurance Analysts Accident Investigators Standards Organizations https://www.iamthecavalry.org/auto/5star/
www.iamthecavalry.org @iamthecavalry 5-Star Cyber Safety Formal Capacities 1. Safety By Design 2. Third Party Collaboration 3. Evidence Capture 4. Security Updates 5. Segmentation and Isolation Plain Speak 1. Avoid Failure 2. Engage Allies To Avoid Failure 3. Learn From Failure 4. Respond to Failure 5. Isolate Failure
5 STARS 5 star ICS 5 star IoT 5 star medical devices
www.iamthecavalry.org @iamthecavalry And! • Dräger on board with I am the Cavalry as first medical device producer working directly in sync with us • Their Product Security Manager is even directly involved now
AND MORE IN OTHER AREAS COMING We try to connect researchers to 1. Lawmakers to inform of meaningful changes to laws to enforce secure by default 2. Vendors/producers to inform of secure ways to build securely by design and of identified vulnerabilities 3. Purchasers of devices (example: Pacemakers, car distributors) to explain to them why they need to contractually demand security – if there is demand vendors will supply
AND YES I DID SAY LAWMAKERS It is WEIRD for you to have to listen to. I agree, but
WHAT YOU CAN DO Chapter 5
CONNECTIONS/CONNECTORS WANTED Breakers and Builders Legal and Policy Citizens, Connectors Parents/Guardians Community Leaders/Bloggers/Podcasters/etc.
MOUNT UP AND BE THE CAVALRY YOU DON’T ACTUALY NEED A HORSE
SAFER. SOONER. TOGETHER http://iamthecavalry.org @iamthecavalry
-> OWASK SKF -> OWASP SECURITY SHEPHERD -> OWASP ZAP Recommendations: Use SDLC

More Related Content

PPTX
Threat Check for Struts Released, Equifax Breach Dominates News
Black Duck by Synopsys
 
PPTX
Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability
Black Duck by Synopsys
 
PPTX
Are Your IT Systems Secure?
Nex-Tech
 
PPTX
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Black Duck by Synopsys
 
PPTX
Any of these folks work with you?
Kevin O'Connor
 
PDF
What are the top 10 web security risks?
Jacklin Berry
 
PPT
Organizational Security: When People are Involved
Social Media Performance Group
 
PDF
10 Consequences of tech use and abuse
Entefy
 
Threat Check for Struts Released, Equifax Breach Dominates News
Black Duck by Synopsys
 
Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability
Black Duck by Synopsys
 
Are Your IT Systems Secure?
Nex-Tech
 
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Black Duck by Synopsys
 
Any of these folks work with you?
Kevin O'Connor
 
What are the top 10 web security risks?
Jacklin Berry
 
Organizational Security: When People are Involved
Social Media Performance Group
 
10 Consequences of tech use and abuse
Entefy
 

What's hot (20)

PDF
9 Alarming developments in the fight for digital privacy
Entefy
 
PDF
The Silver Bullet of Cyber Security v1.1
William Kiss
 
PDF
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Enterprise Management Associates
 
DOC
Five Mistakes of Incident Response
Anton Chuvakin
 
PDF
Stki summit2013 infra_pini sigaltechnologies_v5 final
Ariel Evans
 
PPTX
Protecting your Data in Google Apps
Elastica Inc.
 
PDF
Cybersecurity Powerpoint Presentation Slides
SlideTeam
 
PPTX
How to Improve Your Board’s Cyber Security Literacy
Tripwire
 
PPTX
100903 e assessment (dundee)
JISC Legal
 
PDF
Wiretap 5-collaboration-security-risks-revealed
Britt Newton
 
PDF
Maleeff university of toronto 11 july 2019
Stephen Abram
 
PPT
Social Media Policy
Elizabeth Engel
 
PDF
Autisable com-2020-05-13-cybersecurity-matters-
Saad Ahmad
 
PPTX
Business continuity in the lean times
Steven Aiello
 
PDF
How secure is your company's information?
eLeaP
 
PDF
7 cyber security questions for boards
Paul McGillicuddy
 
PPT
Managing insider threat
milliemill
 
PDF
Review Paper ( Research Articles )
SaadSaif6
 
PPT
Philippines ‘lagging behind’ on cloud adoption
John Davis
 
PPTX
Valuing Data in the Age of Ransomware
IBM Security
 
9 Alarming developments in the fight for digital privacy
Entefy
 
The Silver Bullet of Cyber Security v1.1
William Kiss
 
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Enterprise Management Associates
 
Five Mistakes of Incident Response
Anton Chuvakin
 
Stki summit2013 infra_pini sigaltechnologies_v5 final
Ariel Evans
 
Protecting your Data in Google Apps
Elastica Inc.
 
Cybersecurity Powerpoint Presentation Slides
SlideTeam
 
How to Improve Your Board’s Cyber Security Literacy
Tripwire
 
100903 e assessment (dundee)
JISC Legal
 
Wiretap 5-collaboration-security-risks-revealed
Britt Newton
 
Maleeff university of toronto 11 july 2019
Stephen Abram
 
Social Media Policy
Elizabeth Engel
 
Autisable com-2020-05-13-cybersecurity-matters-
Saad Ahmad
 
Business continuity in the lean times
Steven Aiello
 
How secure is your company's information?
eLeaP
 
7 cyber security questions for boards
Paul McGillicuddy
 
Managing insider threat
milliemill
 
Review Paper ( Research Articles )
SaadSaif6
 
Philippines ‘lagging behind’ on cloud adoption
John Davis
 
Valuing Data in the Age of Ransomware
IBM Security
 
Ad

Similar to Thecavalryisus owasp eee-oct2015_v2 (20)

PPTX
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
Claus Cramon Houmann
 
PPTX
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
Claus Cramon Houmann
 
PDF
Netflix SIRT - Culture and Tech -Trainman
Alex Maestretti
 
PDF
Unpatchable: Living with a vulnerable implanted device
Marie Elisabeth Gaup Moe
 
PDF
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
Neil Curran MSc CISSP CRISC CGEIT CISM CISA
 
PDF
Tech Talent Meetup Hacking Security Event Recap
Dominic Vogel
 
DOCX
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
woodruffeloisa
 
PPTX
Copy of OWASP Threat and Safeguard Matrix.pptx
jayceefied
 
PDF
Cybrary's navigating a security wasteland
Devendra kashyap
 
PPTX
Cognitive Computing in Security with AI
JoAnna Cheshire
 
PPTX
IT security
Steven Aiello
 
PPTX
Digital Defense for Activists (and the rest of us)
Michele Chubirka
 
PDF
The Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
laurieannwilliams
 
PDF
Avoiding The Seven Deadly Sins of IT
Envision Technology Advisors
 
PPTX
Intro to INFOSEC
Sean Whalen
 
DOCX
Why security is the kidney not the tail of the dog v3
Ernest Staats
 
PDF
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Dana Gardner
 
PDF
Threat intelligence minority report
Eliahu (Eli) Assif (Amar)
 
PPT
Bulletproof IT Security
London School of Cyber Security
 
PDF
Looking into the future of security
Southern Cross Group Services
 
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
Claus Cramon Houmann
 
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
Claus Cramon Houmann
 
Netflix SIRT - Culture and Tech -Trainman
Alex Maestretti
 
Unpatchable: Living with a vulnerable implanted device
Marie Elisabeth Gaup Moe
 
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
Neil Curran MSc CISSP CRISC CGEIT CISM CISA
 
Tech Talent Meetup Hacking Security Event Recap
Dominic Vogel
 
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
woodruffeloisa
 
Copy of OWASP Threat and Safeguard Matrix.pptx
jayceefied
 
Cybrary's navigating a security wasteland
Devendra kashyap
 
Cognitive Computing in Security with AI
JoAnna Cheshire
 
IT security
Steven Aiello
 
Digital Defense for Activists (and the rest of us)
Michele Chubirka
 
The Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
laurieannwilliams
 
Avoiding The Seven Deadly Sins of IT
Envision Technology Advisors
 
Intro to INFOSEC
Sean Whalen
 
Why security is the kidney not the tail of the dog v3
Ernest Staats
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Dana Gardner
 
Threat intelligence minority report
Eliahu (Eli) Assif (Amar)
 
Bulletproof IT Security
London School of Cyber Security
 
Looking into the future of security
Southern Cross Group Services
 
Ad

Recently uploaded (20)

PPT
Expect The Impossiblesssssssssssssss.ppt
LAWRENCEJEREMYBRIONE
 
PDF
Paper: World Game (s) Great Redesign.pdf
Steven McGee
 
PPTX
北安普顿大学毕业证UoN成绩单GPA修改北安普顿大学i20学历认证文凭
伦敦政治经济学院毕业证【Q微号:1954 292 140】购买法国成绩单LSE学位证
 
PDF
Lesson.-Reporting-and-Sharing-of-Findings.pdf
LorainePasiona
 
PPTX
National-Historical-Commission-of-the-PhilippinesNHCP.pptx
atjrreyn
 
PPTX
日本横滨国立大学毕业证书文凭定制YNU成绩单硕士文凭学历认证
成绩单定购弗林德斯大学毕业证【Q微号:1954 292 140】
 
PDF
JuanConnect E-Wallet Guide for new users.pdf
reggiepongasi2
 
PPSX
AI AppSec Threats and Defenses 20250822.ppsx
Robert Grupe, CSSLP CISSP PE PMP
 
PPTX
Data Flows presentation hubspot crm.pptx
blamine1
 
PPTX
WEEK 15.pptx WEEK 15.pptx WEEK 15.pptx WEEK 15.pptx
RayanRegalado
 
PPTX
IOT LECTURE IOT LECTURE IOT LECTURE IOT LECTURE
pratik695690
 
PPTX
最新版美国埃默里大学毕业证(Emory毕业证书)原版定制文凭学历认证
澳洲拉筹伯大学成绩单【q薇1954292140】拉筹伯大学毕业证购买
 
PPTX
IT-Human Computer Interaction Report.pptx
RooorrrroooR
 
PPTX
Basic_of_Computer_System.pptx class-8 com
skaur23305
 
PPTX
Introduction to networking local area networking
sagar490070
 
PPT
chapter 5: system unit computing essentials
IshratJehan3
 
PPTX
Networking2-LECTURE2 this is our lessons
MarkAngeloOprido
 
PPTX
PORTFOLIO SAMPLE…….………………………………. …pptx
funmiajibola16
 
DOCX
Audio to Video AI Technology Revolutiona
zhsjsiushsossushksis
 
PPTX
购买林肯大学毕业证|i20Lincoln成绩单GPA修改本科毕业证书购买学历认证
南昆士兰大学毕业证学历文凭如可办理【Q微号:1954 292 140】USQ成绩单
 
Expect The Impossiblesssssssssssssss.ppt
LAWRENCEJEREMYBRIONE
 
Paper: World Game (s) Great Redesign.pdf
Steven McGee
 
北安普顿大学毕业证UoN成绩单GPA修改北安普顿大学i20学历认证文凭
伦敦政治经济学院毕业证【Q微号:1954 292 140】购买法国成绩单LSE学位证
 
Lesson.-Reporting-and-Sharing-of-Findings.pdf
LorainePasiona
 
National-Historical-Commission-of-the-PhilippinesNHCP.pptx
atjrreyn
 
日本横滨国立大学毕业证书文凭定制YNU成绩单硕士文凭学历认证
成绩单定购弗林德斯大学毕业证【Q微号:1954 292 140】
 
JuanConnect E-Wallet Guide for new users.pdf
reggiepongasi2
 
AI AppSec Threats and Defenses 20250822.ppsx
Robert Grupe, CSSLP CISSP PE PMP
 
Data Flows presentation hubspot crm.pptx
blamine1
 
WEEK 15.pptx WEEK 15.pptx WEEK 15.pptx WEEK 15.pptx
RayanRegalado
 
IOT LECTURE IOT LECTURE IOT LECTURE IOT LECTURE
pratik695690
 
最新版美国埃默里大学毕业证(Emory毕业证书)原版定制文凭学历认证
澳洲拉筹伯大学成绩单【q薇1954292140】拉筹伯大学毕业证购买
 
IT-Human Computer Interaction Report.pptx
RooorrrroooR
 
Basic_of_Computer_System.pptx class-8 com
skaur23305
 
Introduction to networking local area networking
sagar490070
 
chapter 5: system unit computing essentials
IshratJehan3
 
Networking2-LECTURE2 this is our lessons
MarkAngeloOprido
 
PORTFOLIO SAMPLE…….………………………………. …pptx
funmiajibola16
 
Audio to Video AI Technology Revolutiona
zhsjsiushsossushksis
 
购买林肯大学毕业证|i20Lincoln成绩单GPA修改本科毕业证书购买学历认证
南昆士兰大学毕业证学历文凭如可办理【Q微号:1954 292 140】USQ成绩单
 

Thecavalryisus owasp eee-oct2015_v2

  • 1. I AM THE CAVALRY http://iamthecavalry.org @iamthecavalry SHOULDN’T YOU BE ALSO?
  • 2. CLAUS CRAMON HOUMANN Infosec Community Manager @ Peerlyst (A start-up Infosec community/Social platform that wants to turn the tables on cyber security) Infosec Consultant The Analogies contributor Twitter: @claushoumann
  • 3. IDEA “Our dependence on technology is growing faster than our ability to secure it”
  • 4. IDEA “Our society has evolved faster than our laws”
  • 7. WHERE DO WE SEE CONNECTIVITY NOW? In Our Bodies In Our Homes In Our InfrastructureIn Our Cars
  • 8. HEARTBLEED + (UNPATCHABLE) INTERNET OF THINGS == ___ ? In Our Bodies In Our Homes In Our InfrastructureIn Our Cars
  • 9. SAY BABY MONITORS AGAIN? In Our Homes Source: Rapid7 research/Mark Stanislav: Baby monitors https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-
  • 10. THEN
  • 12. IT’S SAFETY NOT JUST SECURITY Ouch!
  • 13. Cars have computers Computers have security issues Security issues in cars are safety issues Safety issues can cost or imperil lives
  • 15. SOMEONE WILL FIX IT FOR US Chapter 2
  • 19. A DO-OCRACY OF DO’ERS. W H ER E D OIN G STARTS W ITH EMPATHY And by ripples I mean
  • 24. NEVER DOUBT THAT A SMALL GROUP OF THOUGHTFUL, COMMITTED CITIZENS CAN CHANGE THE WORLD; IT’S THE ONLY THING THAT EVER HAS. - MAR GAR ET MEAD ( A N A M E R I C A N C U LT U R A L A N T H R O P O L O G I S T )
  • 25. •The The Cavalry isn’t coming… It falls to us Problem Statement Our society is adopting connected technology faster than we are able to secure it. Mission Statement To ensure connected technologies with the potential to impact public safety and human life are worthy of our trust. Collecting existing research, researchers, and resources Connecting researchers with each other, industry, media, policy, and legal Collaborating across a broad range of backgrounds, interests, and skillsets Catalyzing positive action sooner than it would have happened on its own Why Trust, public safety, human life How Education, outreach, research Who Infosec research community Who Global, grass roots initiative WhatLong-term vision for cyber safety Medical Automotive Connected Home Public Infrastructure I Am The Cavalry
  • 26. Connections and Ongoing Collaborations 5-Star Framework 5-Star Capabilities  Safety by Design – Anticipate failure and plan mitigation  Third-Party Collaboration – Engage willing allies  Evidence Capture – Observe and learn from failure  Security Updates – Respond quickly to issues discovered  Segmentation & Isolation – Prevent cascading failure Addressing Automotive Cyber Systems Automotive Engineers Security Researchers Policy Makers Insurance Analysts Accident Investigators Standards Organizations https://www.iamthecavalry.org/auto/5star/
  • 27. www.iamthecavalry.org @iamthecavalry 5-Star Cyber Safety Formal Capacities 1. Safety By Design 2. Third Party Collaboration 3. Evidence Capture 4. Security Updates 5. Segmentation and Isolation Plain Speak 1. Avoid Failure 2. Engage Allies To Avoid Failure 3. Learn From Failure 4. Respond to Failure 5. Isolate Failure
  • 28. 5 STARS 5 star ICS 5 star IoT 5 star medical devices
  • 29. www.iamthecavalry.org @iamthecavalry And! • Dräger on board with I am the Cavalry as first medical device producer working directly in sync with us • Their Product Security Manager is even directly involved now
  • 30. AND MORE IN OTHER AREAS COMING We try to connect researchers to 1. Lawmakers to inform of meaningful changes to laws to enforce secure by default 2. Vendors/producers to inform of secure ways to build securely by design and of identified vulnerabilities 3. Purchasers of devices (example: Pacemakers, car distributors) to explain to them why they need to contractually demand security – if there is demand vendors will supply
  • 31. AND YES I DID SAY LAWMAKERS It is WEIRD for you to have to listen to. I agree, but
  • 32. WHAT YOU CAN DO Chapter 5
  • 33. CONNECTIONS/CONNECTORS WANTED Breakers and Builders Legal and Policy Citizens, Connectors Parents/Guardians Community Leaders/Bloggers/Podcasters/etc.
  • 34. MOUNT UP AND BE THE CAVALRY YOU DON’T ACTUALY NEED A HORSE
  • 36. -> OWASK SKF -> OWASP SECURITY SHEPHERD -> OWASP ZAP Recommendations: Use SDLC