The aviation industry is synonymous with government regulation, but what does that mean in regards to cybersecurity? The industry is historically reluctant to provide information, leading to an assumption by those on the outside that security by obscurity is the standard. However there are several statutes in place if you know where to look. This presentation aims to decipher current aviation cybersecurity regulation by focusing on what would directly impact security researchers and how to better educate oneself on current & future regulation.
Presentations for Risk
Security is often not funded because risk costs, as evaluated by an organization for its own benefit, has a ROI that is below other possible investments. However, there are multiple benefits of evaluating risk from an ethical perspective. This presentation proposes a maturity model for the ethics of risk, based on an evaluation of research related to ethical risk. The framework describes risk, management, legal, and engineering concerns appropriate to risk analysts, security staff, or software engineering professionals. The framework provides a list of actionable items for each of five levels of ethical risk maturity.
System Administrators, information security professionals, and ethical hackers are often the first line of defense in protecting U.S. companies and public institutions from cyberattacks. However, there are local, state, and federal resources available to assist in mitigating and investigating a cyber incident. Presidential Policy Directive 41 (PPD-41) established the FBI as the lead federal agency for cyber threat response activities in the U.S. How does the FBI conduct this threat response? This presentation will discuss various cyber threats to U.S. institutions, seek to dispel various myths about the FBI’s cyber efforts, and seek to clarify what an institution can expect when contacting the FBI to report a computer intrusion, ransomware attack, or other incident. Special Agent Franz will also discuss the vital importance in IT professionals both reporting IOCs to the FBI and considering applying for an FBI Special Agent, Intelligence Analyst, or related position to bolster the U.S.’ national cyber defense capabilities.
Mike ‘Shecky’ Kavka
There are so many things we deal with in the field of Information Security, and so many vendors out there to deal with. The money to be made is staggering for vendors, but at what cost? Using a non-standard standard (i.e. Syslog), and not supporting easy of integration seem to be the norm, but is that not creating a less secure world? We shall take a brief look at reasoning why the world of security vendors might be hurting the security field overall with the non-standard standards used.
J. Wolfgang Goerlich
Zero Trust has evolved from hype to security concept, and is evolving into a security standard. Zero Trust has gone from being network-centric to applying to people, applications, and data. And yet? The value of any defensive security control can only be determined within the context of the offensive tactics. The value gets further obscured when unexpected vulnerabilities rip holes in our defenses. In this presentation, threat models and attack scenarios will highlight the strengths and weakness of Zero Trust. This session provides an adversarial view of limiting trust in our environments.