ashar

Asset registers are an extremely important part of cyber security in ICS/OT environments, not just required for operations and maintenance.

Unfortunately, they can be overlooked as they are not considered quite as interesting or as "sexy" as other aspects of cyber security. Having a complete, accurate inventory is essential. As the old saying goes - "How can we protect what we don't know we have?"

And as the same time, I think about the same from a slightly different perspective. Vulnerability management in ICS/OT is built off of the asset register which allow us to understand what we have in the environment and map the various hardware, software and firmware to potential vulnerabilities.

Not only that but having a sound asset inventory allows us to identify new hardware and software that are connected to the environment, whether authorized or not.

• What happens if a maintenance technician connects a new field device?

• What if a PLC programmer connects a new EWS to the network?

• What happens if a bored team member in the control room connects an Xbox to the network?

• What if an attacker connects a device and is either able to gain an IP address through DHCP or manually assign themselves one?

We have to understand what exists today before we can understand what could suddenly be new.

ISO 27001:2022 has key changes to the 2013 edition. Watch our webinar to learn more about the changes, details of ISO 27001 controls and the transition process, as well as our certification and training services.

Speakers: Khawaja Faisal Javed and Waqas Awan, Auditor and Trainer at SGS in Pakistan.

00:00 History of ISO 27001 02:36 Key facts about ISO 27001 & ISO 27002 05:10 Key differences in 2013 and 2022 version 10:40 Management Clauses and Changes 22:32 Poll 26:18 ISO 27001:2022 Annax A Controls 38:41 Merged controls 40:32 Something about 27002:2022 48:48 Transition to ISO 27001:2022 52:24 SGS Cyber Solution – Our Services 57:52 SGS Academy Training Courses

An introduction to ISO 27001 with Edgar Reinke

In today’s increasingly digital world, the need for information security has never been greater. And while documentation in itself doesn’t keep us safe, it’s proof of our security objectives and regulatory processes. In this session, we’ll explore ISO 27001, the internationally recognised standard for information security. We’ll start with a short introduction to the standard itself and information security management systems (ISMS), before diving into some practical examples. Finally, we’ll show you how we use ISO 27001 to help our customers enhance and embed a cybersecurity mindset.

Climate change, AI, politics – all pressing topics that have continued to garner attention both within and beyond the cybersecurity industry. Key topics that could feature in the next edition of Threat Horizon.

Listen as ISF Analysts Max Brook, Richard Absalom and Mark Ward debate how the uncertainties and changes born from these trends will shape the near future.

"…I think there’s a kind of trap people tend to fall into, which is assuming the future will play out exactly as the past has done…but population and demographic dips, could fundamentally change things…"

Modern Security Podcast: Dev Akhawe on How to Scale Security with Secure Defaults

For our first episode of The Modern Security Podcast, we had a wide-ranging conversation with Dev Akhawe, Head of Security at Figma, on: 3:50 - The rise of security engineering 22:42 - Career advice 29:08 - How secure defaults can effectively scale your security team’s effectiveness, eliminating classes of vulnerabilities, and how to embrace them at your company 38:41 - What makes a security tool great 1:01:25 - How to automatically get continuous visibility into the code your company is writing and scale just-in-time developer education

In this documentary, learn about "white hat" hackers, the U.S. Secret Service's cyber crime division working to protect us from the risks associated with persistent connectivity. This Hacking Documentary takes you to the world of Modern Hackers and their Hacking techniques.

A ddep dive review of the Reddit user interface by Peter Ramsay

#UX

Episode 135 "AI and Security: The Good, the Bad, and the Magical" of Cloud Security Podcast where hosts @anton_chuvakin and @_TimPeacock interview Phil Venables the CISO at @GoogleCloud about the intersections of #AI and #security

Back in May, a Russian-speaking cyber gang named Clop broke into MOVEit, a little-known file transfer program. They managed to steal data from some 60 million people (and counting). While the scale of the attack was impressive, what really raised eyebrows was how they did it.

Control Shopping Cart Wheels With Your Phone!

DEF CON 29 - Joseph Gabay - DoS Denial of Shopping Analyzing and Exploiting Physical Shopping Cart

Many supermarkets and shopping centers have implemented devices that “lock” their shopping carts if they’re taken outside of an approved boundary (e.g, a parking lot). This talk examines some of the technology that’s used to do this, as well as ways to capture and spoof the control signals to defeat these devices.

We will go over the anatomy of remotely lockable shopping cart wheels, their basic theory, and get into how they’re controlled. We’ll deconstruct some samples of the lock and unlock signals captured using a homemade antenna and a HackRF, and briefly discuss methods of rebroadcasting them – as well as the challenges inherent to this process.

Critical digital infrastructure: Why societies are becoming so vulnerable to cyberattacks

For weeks, a cyberattack paralyzed the German district of Anhalt-Bitterfeld in 2021, bringing its whole administration to a standstill. It was a stark illustration of how hackers can knock out entire communities in milliseconds — and how digital technology has become vital for running our societies.

Such “critical digital infrastructure” helps boost efficiency. But it also makes communities ever more vulnerable to hacking. And attacks are on the rise. In this episode of Techtopia, DW Chief Technology Correspondent Janosch Delcker investigates how a criminal industry makes billions by taking computers hostage — and how governments can use similar methods as a political weapon.

#cybersecurity #cyberwar

Video of the talk

This talk is James Whittaker's Life advice. It might be a little dated, given recent advances in LLMs, but then it might just be what you need to hear.

Creativity is the one universal ingredient of success. Creatives report higher job satisfaction and lead more fulfilling lives than any other class of people. And yet our school curricula focus on rote learning and test taking at the expense of creativity, problem-solving and higher-order thinking. Microsoft Distinguished Engineer James Whittaker shows you how to develop your creative mind and use it as the fulcrum of a lifestyle where creativity doesn’t just happen, it becomes the default case for everything you do in work and life. Come to this session and learn to supercharge your creativity to make your work more interesting and your life more exciting.