Podcasts about smm description

Podcast: Industrial IoT SpotlightEpisode: EP038 - Security and Trustworthiness in IoT Deployments - An Interview with Sven Schrecker of IntelPub date: 2018-10-04*This episode of the Industrial IoT Spotlight Podcast is sponsored by the Industrial Internet Consortium What are the differences between Greenfield and Brownfield IoT deployment environments in terms of security? How does security relate to trustworthiness? What are the best practices for IoT deployments? Sven Schrecker explains to us the IIC view on system security and why the trustworthiness of a system matters. Sven Schrecker is the chief architect of IoT security solutions at Intel. Sven is also the co-chair of the IIC Security Working Group, co-chair of the IIC JTG5 Security Team and a member of the Industrial Internet Consortium Steering Committee.   Links mentioned: IIC Security framework: https://www.iiconsortium.org/IISF.htm IIC Security Maturity model: https://www.iiconsortium.org/pdf/SMM_Description_and_Intended_Use_2018-04-09.pdf IIC Journal of Innovation on Trustworthiness: https://www.iiconsortium.org/journal-of-innovation.htm   IoT ONE is an online platform devoted to accelerating adoption of Industrial Internet solutions. We are mapping the global ecosystem of IoT vendors, use cases, case studies, and technologies. We leverage this data to help companies source technology, research competitors, and enter new markets. https://www.iotone.comThe podcast and artwork embedded on this page are from Erik Walenza: CEO, IoT ONE | Chair, IIC Smart Factory Task Group | Director, Startup Grind, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

intro CFP for Bsides Barcelona is open! https://bsides.barcelona Aaron Guzman: @scriptingxss https://www.computerweekly.com/news/252443777/Global-IoT-security-standard-remains-elusive https://www.owasp.org/index.php/IoT_Attack_Surface_Areas https://scriptingxss.gitbooks.io/embedded-appsec-best-practices//executive_summary/9_usage_of_data_collection_and_storage_-_privacy.html OWASP SLACK: https://owasp.slack.com/ https://www.owasp.org/images/7/79/OWASP_2018_IoT_Top10_Final.jpg Team of 10 or so… list of “do’s and don’ts” Sub-projects? Embedded systems, car hacking Embedded applications best practices? *potential show* Standards: https://xkcd.com/927/ CCPA:  https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act California SB-327: https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327 How did you decide on the initial criteria? Weak, Guessable, or Hardcoded passwords Insecure Network Services Insecure Ecosystem interfaces Lack of Secure Update mechanism Use of insecure or outdated components Insufficient Privacy Mechanisms Insecure data transfer and storage Lack of device management Insecure default settings Lack of physical hardening 2014 OWASP IoT list: https://www.owasp.org/index.php/Top_10_IoT_Vulnerabilities_(2014) 2014 list: I1 Insecure Web Interface I2 Insufficient Authentication/Authorization I3 Insecure Network Services I4 Lack of Transport Encryption I5 Privacy Concerns I6 Insecure Cloud Interface I7 Insecure Mobile Interface I8 Insufficient Security Configurability I9 Insecure Software/Firmware I10 Poor Physical Security BrakeSec Episode on ASVS http://traffic.libsyn.com/brakeingsecurity/2015-046_ASVS_with_Bill_Sempf.mp3 OWASP SLACK: https://owasp.slack.com/ What didn’t make the list? How do we get Devs onboard with these? How does someone interested get involved with OWASP Iot working group? https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-security-best-practices https://www.iiconsortium.org/pdf/SMM_Description_and_Intended_Use_2018-04-09.pdf https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL_v2-dg11.pdf https://api.ctia.org/wp-content/uploads/2018/08/CTIA-IoT-Cybersecurity-Certification-Test-Plan-V1_0.pdf https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/747977/Mapping_of_IoT__Security_Recommendations_Guidance_and_Standards_to_CoP_Oct_2018.pdf   https://www.mocana.com/news/mocana-xilinx-avnet-infineon-and-microsoft-join-forces-to-secure-industrial-control-and-iot-devices   https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec  

Aaron Guzman: @scriptingxss https://www.computerweekly.com/news/252443777/Global-IoT-security-standard-remains-elusive https://www.owasp.org/index.php/IoT_Attack_Surface_Areas https://scriptingxss.gitbooks.io/embedded-appsec-best-practices//executive_summary/9_usage_of_data_collection_and_storage_-_privacy.html OWASP SLACK: https://owasp.slack.com/ https://www.owasp.org/images/7/79/OWASP_2018_IoT_Top10_Final.jpg Team of 10 or so… list of “do’s and don’ts” Sub-projects? Embedded systems, car hacking Embedded applications best practices? *potential show* Standards: https://xkcd.com/927/ CCPA:  https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act California SB-327: https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327 How did you decide on the initial criteria? Weak, Guessable, or Hardcoded passwords Insecure Network Services Insecure Ecosystem interfaces Lack of Secure Update mechanism Use of insecure or outdated components Insufficient Privacy Mechanisms Insecure data transfer and storage Lack of device management Insecure default settings Lack of physical hardening 2014 OWASP IoT list: https://www.owasp.org/index.php/Top_10_IoT_Vulnerabilities_(2014) 2014 list: I1 Insecure Web Interface I2 Insufficient Authentication/Authorization I3 Insecure Network Services I4 Lack of Transport Encryption I5 Privacy Concerns I6 Insecure Cloud Interface I7 Insecure Mobile Interface I8 Insufficient Security Configurability I9 Insecure Software/Firmware I10 Poor Physical Security BrakeSec Episode on ASVS http://traffic.libsyn.com/brakeingsecurity/2015-046_ASVS_with_Bill_Sempf.mp3 OWASP SLACK: https://owasp.slack.com/ What didn’t make the list? How do we get Devs onboard with these? How does someone interested get involved with OWASP Iot working group? https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-security-best-practices https://www.iiconsortium.org/pdf/SMM_Description_and_Intended_Use_2018-04-09.pdf https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL_v2-dg11.pdf https://api.ctia.org/wp-content/uploads/2018/08/CTIA-IoT-Cybersecurity-Certification-Test-Plan-V1_0.pdf https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/747977/Mapping_of_IoT__Security_Recommendations_Guidance_and_Standards_to_CoP_Oct_2018.pdf   https://www.mocana.com/news/mocana-xilinx-avnet-infineon-and-microsoft-join-forces-to-secure-industrial-control-and-iot-devices   https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf

*This episode of the Industrial IoT Spotlight Podcast is sponsored by the Industrial Internet Consortium What are the differences between Greenfield and Brownfield IoT deployment environments in terms of security? How does security relate to trustworthiness? What are the best practices for IoT deployments? Sven Schrecker explains to us the IIC view on system security and why the trustworthiness of a system matters. Sven Schrecker is the chief architect of IoT security solutions at Intel. Sven is also the co-chair of the IIC Security Working Group, co-chair of the IIC JTG5 Security Team and a member of the Industrial Internet Consortium Steering Committee.   Links mentioned: IIC Security framework: https://www.iiconsortium.org/IISF.htm IIC Security Maturity model: https://www.iiconsortium.org/pdf/SMM_Description_and_Intended_Use_2018-04-09.pdf IIC Journal of Innovation on Trustworthiness: https://www.iiconsortium.org/journal-of-innovation.htm   IoT ONE is an online platform devoted to accelerating adoption of Industrial Internet solutions. We are mapping the global ecosystem of IoT vendors, use cases, case studies, and technologies. We leverage this data to help companies source technology, research competitors, and enter new markets. https://www.iotone.com