SlideShare a Scribd company logo

Preventing Predictable Problems (Possibly)

Gareth Niblett
Gareth Niblett

Presentation given during a panel session on Innovation, Complexity, Risk and Trust at the MAPPING Second General Assembly in Prague, Czech Republic, on 1st November 2016.

Technology
1 of 23
Download to read offline
PREVENTING PREDICTABLE PROBLEMS (POSSIBLY) Gareth Niblett
PROBLEMS Problems, Problems
BADTHINGS CAN HAPPEN ACTION • ‘Wise Monkeys’ approach • Vulnerability disclosure • Service failure / denial • Data leak / breach • Data destruction REACTION • Increased costs • Recall / reputation damage • Fine / loss of license • Loss of revenue / value • Job losses / business closure
OPPORTUNITIES Optimism & Options
PLANTO WIN • Solve a problem / innovate • Think ahead • Listen to experts • Prepare for failure • You can’t predict it all
BUILDTO SURVIVE • Assess risks honestly • Scale flexibly & efficiently • Built-in security, not bolt-on • Test resilience plans • Adapt and overcome issues
BE ‘UNWISE’ • Listen to customers, experts, and regulators • Speak (and ask) about concerns and problems • Look proactively for problems, and don't ignore Failure can be ‘fatal’
EASY PICKINGS • Follow standards and test • Use secure protocols • Avoid bad defaults • Make patchable & automatic • Don’t overburden users
INNOVATE SECURELY • Internet ofThings • Identity schemes • Surveillance tech • Augmented / virtual reality • Big data & analytics • Machine Learning / AI • Autonomous vehicles • Drones • Regulation & legislation • Blockchain
TECHNOLOGY TacklingThreats
INTERNET OFTHINGS • Use interoperable standards • Have on-device protection • Enable automatic updates • Manage external trust • Limit data collection & use
IDENTITY SCHEMES • Provide broad user benefits • Make it citizen/user-centric • Decentralised & federated • Trusted throughout lifecycle • Transparent and auditable
SURVEILLANCETECH • Necessary & proportionate • Minimise data & retention • Limit purposes & access • Oversight & accountability • Don’t be ‘evil’, or facilitate it
AUGMENTED REALITY • Tackle online abuse • Be fair with ads & targeting • Ensure data quality • Take care with location data • AR/VR use may be sensitive
BIG DATA & ANALYTICS • Limit scope / purpose • Be responsible and ethical • Understand anonymisation • Try prevent reidentification • Correct bad data & decisions
MACHINE LEARNING / AI • Address ethics properly • Minimise algorithm biases • Accept robots taking jobs • Secure user-derived learning • Avoid Skynet / singularity
AUTONOMOUSVEHICLES • Ensure secure connectivity • Address trolley problem • Get government support • Get insurance co backing • Leverage sensor data wisely
DRONES • Regulate for safety & privacy • Geo-fence for safety & security • Handle GPS spoofing / jamming • Risk-based registration/ license • Monitor misuse and respond
REGULATION & LEGISLATION • Keep it light touch • Limit strict / restrictive rules • Use to open opportunities • Status quos are not sacred • Accept always behind curve
BLOCKCHAIN • Use appropriately • Beware of trade-offs • Features can help, or bite • Regulators & users matter • It’s just another database
THOUGHTS ThinkingTime
SECURITY GIVES PRIVACY • False dichotomy begone • Remember Ben Franklin • Backdoors undermine us all • Design for privacy, by default • Build and operate securely
garethniblett.com @garethniblett Gareth Niblett

Recommended

AGAINST ALL ODDS,PRESS ON
AGAINST ALL ODDS,PRESS ONAGAINST ALL ODDS,PRESS ON
AGAINST ALL ODDS,PRESS ONAmb Steve Mbugua
 
Polyglot Persistence with OSGi - Alexander Grzesik
Polyglot Persistence with OSGi - Alexander GrzesikPolyglot Persistence with OSGi - Alexander Grzesik
Polyglot Persistence with OSGi - Alexander Grzesikmfrancis
 
RPO Software
RPO SoftwareRPO Software
RPO SoftwareRrahul Sethi
 
Bitcoin : Beaucoup plus qu'une monnaie
Bitcoin : Beaucoup plus qu'une monnaieBitcoin : Beaucoup plus qu'une monnaie
Bitcoin : Beaucoup plus qu'une monnaiePhilippe Rodriguez
 
Как перестать бояться и начать любить медийку. Алгоритмический маркетинг.
Как перестать бояться и начать любить медийку. Алгоритмический маркетинг.Как перестать бояться и начать любить медийку. Алгоритмический маркетинг.
Как перестать бояться и начать любить медийку. Алгоритмический маркетинг.Molinos
 
Ethernetの受信処理
Ethernetの受信処理Ethernetの受信処理
Ethernetの受信処理Takuya ASADA
 
IBM research 5 in 5 report for 2017
IBM research 5 in 5 report for 2017IBM research 5 in 5 report for 2017
IBM research 5 in 5 report for 2017Pietro Leo
 
Esquema teams, grupos y planes (microsoft office 365)
Esquema teams, grupos y planes (microsoft office 365)Esquema teams, grupos y planes (microsoft office 365)
Esquema teams, grupos y planes (microsoft office 365)Ramon Costa i Pujol
 

Recommended

AGAINST ALL ODDS,PRESS ON
AGAINST ALL ODDS,PRESS ONAGAINST ALL ODDS,PRESS ON
AGAINST ALL ODDS,PRESS ONAmb Steve Mbugua
 
Polyglot Persistence with OSGi - Alexander Grzesik
Polyglot Persistence with OSGi - Alexander GrzesikPolyglot Persistence with OSGi - Alexander Grzesik
Polyglot Persistence with OSGi - Alexander Grzesikmfrancis
 
RPO Software
RPO SoftwareRPO Software
RPO SoftwareRrahul Sethi
 
Bitcoin : Beaucoup plus qu'une monnaie
Bitcoin : Beaucoup plus qu'une monnaieBitcoin : Beaucoup plus qu'une monnaie
Bitcoin : Beaucoup plus qu'une monnaiePhilippe Rodriguez
 
Как перестать бояться и начать любить медийку. Алгоритмический маркетинг.
Как перестать бояться и начать любить медийку. Алгоритмический маркетинг.Как перестать бояться и начать любить медийку. Алгоритмический маркетинг.
Как перестать бояться и начать любить медийку. Алгоритмический маркетинг.Molinos
 
Ethernetの受信処理
Ethernetの受信処理Ethernetの受信処理
Ethernetの受信処理Takuya ASADA
 
IBM research 5 in 5 report for 2017
IBM research 5 in 5 report for 2017IBM research 5 in 5 report for 2017
IBM research 5 in 5 report for 2017Pietro Leo
 
Esquema teams, grupos y planes (microsoft office 365)
Esquema teams, grupos y planes (microsoft office 365)Esquema teams, grupos y planes (microsoft office 365)
Esquema teams, grupos y planes (microsoft office 365)Ramon Costa i Pujol
 
managingyouraccesscontrolsystems-130223182036-phpapp01
managingyouraccesscontrolsystems-130223182036-phpapp01managingyouraccesscontrolsystems-130223182036-phpapp01
managingyouraccesscontrolsystems-130223182036-phpapp01Walter Sinchak,
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Bianca Mueller, LL.M.
 
BYOD risk management best practices
BYOD risk management best practices BYOD risk management best practices
BYOD risk management best practices Troy C. Fulton
 
DCD Converged Brazil 2016
DCD Converged Brazil 2016 DCD Converged Brazil 2016
DCD Converged Brazil 2016 Scott Carlson
 
Cyber security series vulnerability assessments
Cyber security series vulnerability assessmentsCyber security series vulnerability assessments
Cyber security series vulnerability assessmentsJim Kaplan CIA CFE
 
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Cloudera, Inc.
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security ResilienceJoel Aleburu
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
Privacy by Design or Privacy by Re-engineering
Privacy by Design or Privacy by Re-engineeringPrivacy by Design or Privacy by Re-engineering
Privacy by Design or Privacy by Re-engineeringAndre Cardinaal
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesAugmentedWorldExpo
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techiesBrenton Johnson
 
Is Bad Data Killing Your Customer Engagement Strategy?
Is Bad Data Killing Your Customer Engagement Strategy? Is Bad Data Killing Your Customer Engagement Strategy?
Is Bad Data Killing Your Customer Engagement Strategy? Marketo
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceVeridium
 
Secure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your BusinessSecure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your BusinessStacy Clements
 
Threat modelling & apps testing
Threat modelling & apps testingThreat modelling & apps testing
Threat modelling & apps testingAdrian Munteanu
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Scott Carlson
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseChristopher Beiring
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 
BCS ITNow 201609 - Defining the Latest Threats
BCS ITNow 201609 - Defining the Latest ThreatsBCS ITNow 201609 - Defining the Latest Threats
BCS ITNow 201609 - Defining the Latest ThreatsGareth Niblett
 
BCS ITNow 201606 - Insider Threats
BCS ITNow 201606 - Insider ThreatsBCS ITNow 201606 - Insider Threats
BCS ITNow 201606 - Insider ThreatsGareth Niblett
 

More Related Content

Similar to Preventing Predictable Problems (Possibly)

managingyouraccesscontrolsystems-130223182036-phpapp01
managingyouraccesscontrolsystems-130223182036-phpapp01managingyouraccesscontrolsystems-130223182036-phpapp01
managingyouraccesscontrolsystems-130223182036-phpapp01Walter Sinchak,
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Bianca Mueller, LL.M.
 
BYOD risk management best practices
BYOD risk management best practices BYOD risk management best practices
BYOD risk management best practices Troy C. Fulton
 
DCD Converged Brazil 2016
DCD Converged Brazil 2016 DCD Converged Brazil 2016
DCD Converged Brazil 2016 Scott Carlson
 
Cyber security series vulnerability assessments
Cyber security series vulnerability assessmentsCyber security series vulnerability assessments
Cyber security series vulnerability assessmentsJim Kaplan CIA CFE
 
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Cloudera, Inc.
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security ResilienceJoel Aleburu
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
Privacy by Design or Privacy by Re-engineering
Privacy by Design or Privacy by Re-engineeringPrivacy by Design or Privacy by Re-engineering
Privacy by Design or Privacy by Re-engineeringAndre Cardinaal
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesAugmentedWorldExpo
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techiesBrenton Johnson
 
Is Bad Data Killing Your Customer Engagement Strategy?
Is Bad Data Killing Your Customer Engagement Strategy? Is Bad Data Killing Your Customer Engagement Strategy?
Is Bad Data Killing Your Customer Engagement Strategy? Marketo
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceVeridium
 
Secure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your BusinessSecure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your BusinessStacy Clements
 
Threat modelling & apps testing
Threat modelling & apps testingThreat modelling & apps testing
Threat modelling & apps testingAdrian Munteanu
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Scott Carlson
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseChristopher Beiring
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 

Similar to Preventing Predictable Problems (Possibly) (20)

managingyouraccesscontrolsystems-130223182036-phpapp01
managingyouraccesscontrolsystems-130223182036-phpapp01managingyouraccesscontrolsystems-130223182036-phpapp01
managingyouraccesscontrolsystems-130223182036-phpapp01
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data?
 
BYOD risk management best practices
BYOD risk management best practices BYOD risk management best practices
BYOD risk management best practices
 
DCD Converged Brazil 2016
DCD Converged Brazil 2016 DCD Converged Brazil 2016
DCD Converged Brazil 2016
 
Cyber security series vulnerability assessments
Cyber security series vulnerability assessmentsCyber security series vulnerability assessments
Cyber security series vulnerability assessments
 
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security Resilience
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
Privacy by Design or Privacy by Re-engineering
Privacy by Design or Privacy by Re-engineeringPrivacy by Design or Privacy by Re-engineering
Privacy by Design or Privacy by Re-engineering
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techies
 
Is Bad Data Killing Your Customer Engagement Strategy?
Is Bad Data Killing Your Customer Engagement Strategy? Is Bad Data Killing Your Customer Engagement Strategy?
Is Bad Data Killing Your Customer Engagement Strategy?
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of Compliance
 
Secure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your BusinessSecure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your Business
 
Threat modelling & apps testing
Threat modelling & apps testingThreat modelling & apps testing
Threat modelling & apps testing
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident Response
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
 

More from Gareth Niblett

BCS ITNow 201609 - Defining the Latest Threats
BCS ITNow 201609 - Defining the Latest ThreatsBCS ITNow 201609 - Defining the Latest Threats
BCS ITNow 201609 - Defining the Latest ThreatsGareth Niblett
 
BCS ITNow 201606 - Insider Threats
BCS ITNow 201606 - Insider ThreatsBCS ITNow 201606 - Insider Threats
BCS ITNow 201606 - Insider ThreatsGareth Niblett
 
BCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber ResponseBCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber ResponseGareth Niblett
 
BCS ITNow 201303 - Cope, Educate, Secure
BCS ITNow 201303 - Cope, Educate, SecureBCS ITNow 201303 - Cope, Educate, Secure
BCS ITNow 201303 - Cope, Educate, SecureGareth Niblett
 
BCS ITNow 201306 - Share Securely
BCS ITNow 201306 - Share SecurelyBCS ITNow 201306 - Share Securely
BCS ITNow 201306 - Share SecurelyGareth Niblett
 
BCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic SecurityBCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic SecurityGareth Niblett
 
BCS ITNow 201312 - 2014 Threats
BCS ITNow 201312 - 2014 ThreatsBCS ITNow 201312 - 2014 Threats
BCS ITNow 201312 - 2014 ThreatsGareth Niblett
 
BCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionBCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionGareth Niblett
 
BCS ITNow 201406 - The Risk Business
BCS ITNow 201406 - The Risk BusinessBCS ITNow 201406 - The Risk Business
BCS ITNow 201406 - The Risk BusinessGareth Niblett
 
BCS ITNow 201409 - What's Going On
BCS ITNow 201409 - What's Going OnBCS ITNow 201409 - What's Going On
BCS ITNow 201409 - What's Going OnGareth Niblett
 
BCS ITNow 201412 - Stay Alert
BCS ITNow 201412 - Stay AlertBCS ITNow 201412 - Stay Alert
BCS ITNow 201412 - Stay AlertGareth Niblett
 
BCS ITNow 201506 - Silver Bullet
BCS ITNow 201506 - Silver BulletBCS ITNow 201506 - Silver Bullet
BCS ITNow 201506 - Silver BulletGareth Niblett
 
BCS ITNow 201509 - Identity
BCS ITNow 201509 - IdentityBCS ITNow 201509 - Identity
BCS ITNow 201509 - IdentityGareth Niblett
 
BCS ITNow 201512 - Cyber Innovation
BCS ITNow 201512 - Cyber InnovationBCS ITNow 201512 - Cyber Innovation
BCS ITNow 201512 - Cyber InnovationGareth Niblett
 
Why the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceWhy the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceGareth Niblett
 
RIPA: Perception and Practice
RIPA: Perception and PracticeRIPA: Perception and Practice
RIPA: Perception and PracticeGareth Niblett
 

More from Gareth Niblett (16)

BCS ITNow 201609 - Defining the Latest Threats
BCS ITNow 201609 - Defining the Latest ThreatsBCS ITNow 201609 - Defining the Latest Threats
BCS ITNow 201609 - Defining the Latest Threats
 
BCS ITNow 201606 - Insider Threats
BCS ITNow 201606 - Insider ThreatsBCS ITNow 201606 - Insider Threats
BCS ITNow 201606 - Insider Threats
 
BCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber ResponseBCS ITNow 201603 - Cyber Response
BCS ITNow 201603 - Cyber Response
 
BCS ITNow 201303 - Cope, Educate, Secure
BCS ITNow 201303 - Cope, Educate, SecureBCS ITNow 201303 - Cope, Educate, Secure
BCS ITNow 201303 - Cope, Educate, Secure
 
BCS ITNow 201306 - Share Securely
BCS ITNow 201306 - Share SecurelyBCS ITNow 201306 - Share Securely
BCS ITNow 201306 - Share Securely
 
BCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic SecurityBCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic Security
 
BCS ITNow 201312 - 2014 Threats
BCS ITNow 201312 - 2014 ThreatsBCS ITNow 201312 - 2014 Threats
BCS ITNow 201312 - 2014 Threats
 
BCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionBCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss Prevention
 
BCS ITNow 201406 - The Risk Business
BCS ITNow 201406 - The Risk BusinessBCS ITNow 201406 - The Risk Business
BCS ITNow 201406 - The Risk Business
 
BCS ITNow 201409 - What's Going On
BCS ITNow 201409 - What's Going OnBCS ITNow 201409 - What's Going On
BCS ITNow 201409 - What's Going On
 
BCS ITNow 201412 - Stay Alert
BCS ITNow 201412 - Stay AlertBCS ITNow 201412 - Stay Alert
BCS ITNow 201412 - Stay Alert
 
BCS ITNow 201506 - Silver Bullet
BCS ITNow 201506 - Silver BulletBCS ITNow 201506 - Silver Bullet
BCS ITNow 201506 - Silver Bullet
 
BCS ITNow 201509 - Identity
BCS ITNow 201509 - IdentityBCS ITNow 201509 - Identity
BCS ITNow 201509 - Identity
 
BCS ITNow 201512 - Cyber Innovation
BCS ITNow 201512 - Cyber InnovationBCS ITNow 201512 - Cyber Innovation
BCS ITNow 201512 - Cyber Innovation
 
Why the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceWhy the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber Defence
 
RIPA: Perception and Practice
RIPA: Perception and PracticeRIPA: Perception and Practice
RIPA: Perception and Practice
 

Recently uploaded

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Recently uploaded (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

Preventing Predictable Problems (Possibly)

  • 3. BADTHINGS CAN HAPPEN ACTION • ‘Wise Monkeys’ approach • Vulnerability disclosure • Service failure / denial • Data leak / breach • Data destruction REACTION • Increased costs • Recall / reputation damage • Fine / loss of license • Loss of revenue / value • Job losses / business closure
  • 5. PLANTO WIN • Solve a problem / innovate • Think ahead • Listen to experts • Prepare for failure • You can’t predict it all
  • 6. BUILDTO SURVIVE • Assess risks honestly • Scale flexibly & efficiently • Built-in security, not bolt-on • Test resilience plans • Adapt and overcome issues
  • 7. BE ‘UNWISE’ • Listen to customers, experts, and regulators • Speak (and ask) about concerns and problems • Look proactively for problems, and don't ignore Failure can be ‘fatal’
  • 8. EASY PICKINGS • Follow standards and test • Use secure protocols • Avoid bad defaults • Make patchable & automatic • Don’t overburden users
  • 9. INNOVATE SECURELY • Internet ofThings • Identity schemes • Surveillance tech • Augmented / virtual reality • Big data & analytics • Machine Learning / AI • Autonomous vehicles • Drones • Regulation & legislation • Blockchain
  • 11. INTERNET OFTHINGS • Use interoperable standards • Have on-device protection • Enable automatic updates • Manage external trust • Limit data collection & use
  • 12. IDENTITY SCHEMES • Provide broad user benefits • Make it citizen/user-centric • Decentralised & federated • Trusted throughout lifecycle • Transparent and auditable
  • 13. SURVEILLANCETECH • Necessary & proportionate • Minimise data & retention • Limit purposes & access • Oversight & accountability • Don’t be ‘evil’, or facilitate it
  • 14. AUGMENTED REALITY • Tackle online abuse • Be fair with ads & targeting • Ensure data quality • Take care with location data • AR/VR use may be sensitive
  • 15. BIG DATA & ANALYTICS • Limit scope / purpose • Be responsible and ethical • Understand anonymisation • Try prevent reidentification • Correct bad data & decisions
  • 16. MACHINE LEARNING / AI • Address ethics properly • Minimise algorithm biases • Accept robots taking jobs • Secure user-derived learning • Avoid Skynet / singularity
  • 17. AUTONOMOUSVEHICLES • Ensure secure connectivity • Address trolley problem • Get government support • Get insurance co backing • Leverage sensor data wisely
  • 18. DRONES • Regulate for safety & privacy • Geo-fence for safety & security • Handle GPS spoofing / jamming • Risk-based registration/ license • Monitor misuse and respond
  • 19. REGULATION & LEGISLATION • Keep it light touch • Limit strict / restrictive rules • Use to open opportunities • Status quos are not sacred • Accept always behind curve
  • 20. BLOCKCHAIN • Use appropriately • Beware of trade-offs • Features can help, or bite • Regulators & users matter • It’s just another database
  • 22. SECURITY GIVES PRIVACY • False dichotomy begone • Remember Ben Franklin • Backdoors undermine us all • Design for privacy, by default • Build and operate securely