Sector2015: Difference between revisions

From Federal Burro of Information
Jump to navigationJump to search
(Created page with " http://www.sector.ca/Program/Sessions/Schedule == There’s no such thing as a coincidence - Discovering Novel Cyber Threats - Jim Penrose == * leverage your own uniquenes...")
 
No edit summary
 
(One intermediate revision by the same user not shown)
Line 3: Line 3:
http://www.sector.ca/Program/Sessions/Schedule
http://www.sector.ca/Program/Sessions/Schedule


== There’s no such thing as a coincidence - Discovering Novel Cyber Threats - Jim Penrose ==
== oct 19 CSA pre conf conf ==
 
Oct 19th CSA Cloud Security Alliance
 
'''Cavoukian'''
 
twitter: ‏@AnnCavoukian
 
privacy bigger than security
 
basic sec safegaurds
presentation.
micheal chairtoff - sec of dept home land security - huffing ton post.
 
privacy is not the same secrecy
if nothing to hide then worry.
 
"duty of care"
"If you break the law then you forfeit your privacy." - Cavoukian ( ack! I don't hink so )
 
PHIPPA
 
hipppa I was talking to the stake holders: "institutions, doctors, health-care providers"... um what about patients?
 
informationalselfdetermination
 
Long German Words
@longgermanwords
 
informationelle Selbstbestimmung
 
privacy by design
7 fundamentals.
 
questions / Critique
1. some on in the business decideds to do this, they do it after deciding it's the right hting. Cost / benifit.
2. what is the cost compared to before?
3. what you get out of "gratitude and loyalty"
4. post snowden days. - most people don't know about snoden , why not assange / wikileaks?
are you promoting being open, or are you saying you need to be more secure ... don't be snodened.
5. collection , use , destruction
how to prove all that?
6. transparency - being open with
7. tell me about 23 and me.
8. duty of care - to protect the data.
9. it is uncumbant onyou to tell people about how you use the data. incumbant?
10. how long have you got their data.
 
PbD - rivacy by design
- survalence
- biometrics - eg with olg
- smart meteres on smart grid
 
There is a cetification ( ryerson ) Privacy by design ryerson.ca/PBD/Certification
 
Using privacy by design to achieve big data innovation without compromising privacy.
 
De-idenification
 
nymi band
cardiace rhythm
 
oiasis - co chair technical commitee - pbd- for software engineers - playbook.
 
case studies about cost.
 
question: risk harm , how to you fold riks problems into risk management.
 
OPM office of personelle management - break.
 
preso:
 
-------------
 
Microsoft guy
john weigelt
@thumbstackhead
 
train 3254
 
microsoft "lockbox"
 
scoped , temp admin access.
 
customer gated access
 
---
 
panel: future
 
brian higgins - entrust
then with third brigade
 
three things:
1. IT will influence all the old sckool inductries ( imagine 3d printer electrical / plumbing )
2. IT isn't one big thing. it's lots of little htrings nad some IT will go away.
  some stuff will be an commodity, foil this with what the pumlbing industry looks like.
3. two citizens wrt standarded : the influenceser s and the followers.
 
neila cruz - european
 
_______
 
 
track plan
 
oct 20:
 
 
 
 
 
== oct 20 ==
 
plan:
 
* 14:40 15:40 - 701A - Automation is your Friend: Embracing SkyNet to Scale Cloud Security - Mike Rothman
* 15:55 16:55 - 803  - Run Faster, Continuously Harden - Embracing DevOps to Secure All The Things - Chayim Kirshen
 
 
=== There’s no such thing as a coincidence - Discovering Novel Cyber Threats - Jim Penrose ===


* leverage your own uniqueness
* leverage your own uniqueness
Line 9: Line 129:
* understand the tradecraft of adversaries
* understand the tradecraft of adversaries
** how can one "know" your adversaries. resesarch, reports, forensice reports.
** how can one "know" your adversaries. resesarch, reports, forensice reports.
* reimaging does not keep them out.
* if you don't have the staff then get people who can.
Questions:
Q: honeypots ?
A: a server is a door a jar but it's not
Q: tell me about tools you use to characterize your uniqueness
A: Dark trace machine learning,

Latest revision as of 15:16, 20 October 2015


http://www.sector.ca/Program/Sessions/Schedule

oct 19 CSA pre conf conf

Oct 19th CSA Cloud Security Alliance

Cavoukian

twitter: ‏@AnnCavoukian

privacy bigger than security

basic sec safegaurds

presentation.
micheal chairtoff - sec of dept home land security - huffing ton post.

privacy is not the same secrecy

if nothing to hide then worry.

"duty of care" "If you break the law then you forfeit your privacy." - Cavoukian ( ack! I don't hink so )

PHIPPA

hipppa I was talking to the stake holders: "institutions, doctors, health-care providers"... um what about patients?

informationalselfdetermination

Long German Words @longgermanwords

informationelle Selbstbestimmung

privacy by design 7 fundamentals.

questions / Critique 1. some on in the business decideds to do this, they do it after deciding it's the right hting. Cost / benifit. 2. what is the cost compared to before? 3. what you get out of "gratitude and loyalty" 4. post snowden days. - most people don't know about snoden , why not assange / wikileaks?

are you promoting being open, or are you saying you need to be more secure ... don't be snodened.

5. collection , use , destruction

how to prove all that?

6. transparency - being open with 7. tell me about 23 and me. 8. duty of care - to protect the data. 9. it is uncumbant onyou to tell people about how you use the data. incumbant? 10. how long have you got their data.

PbD - rivacy by design - survalence - biometrics - eg with olg - smart meteres on smart grid

There is a cetification ( ryerson ) Privacy by design ryerson.ca/PBD/Certification

Using privacy by design to achieve big data innovation without compromising privacy.

De-idenification

nymi band cardiace rhythm

oiasis - co chair technical commitee - pbd- for software engineers - playbook.

case studies about cost.

question: risk harm , how to you fold riks problems into risk management.

OPM office of personelle management - break.

preso:


Microsoft guy john weigelt @thumbstackhead

train 3254

microsoft "lockbox"

scoped , temp admin access.

customer gated access

---

panel: future

brian higgins - entrust

then with third brigade

three things: 1. IT will influence all the old sckool inductries ( imagine 3d printer electrical / plumbing ) 2. IT isn't one big thing. it's lots of little htrings nad some IT will go away.

 some stuff will be an commodity, foil this with what the pumlbing industry looks like.

3. two citizens wrt standarded : the influenceser s and the followers.

neila cruz - european

_______


track plan

oct 20:



oct 20

plan:

  • 14:40 15:40 - 701A - Automation is your Friend: Embracing SkyNet to Scale Cloud Security - Mike Rothman
  • 15:55 16:55 - 803 - Run Faster, Continuously Harden - Embracing DevOps to Secure All The Things - Chayim Kirshen


There’s no such thing as a coincidence - Discovering Novel Cyber Threats - Jim Penrose

  • leverage your own uniqueness
  • assume obfuscating
  • understand the tradecraft of adversaries
    • how can one "know" your adversaries. resesarch, reports, forensice reports.
  • reimaging does not keep them out.
  • if you don't have the staff then get people who can.

Questions:

Q: honeypots ?

A: a server is a door a jar but it's not

Q: tell me about tools you use to characterize your uniqueness

A: Dark trace machine learning,