Computer Society Meet Up
Join the Computer Society after the Wednesday programme at Cyber Security Chicago for presentations and networking in the Cloud Mobile & IAM Theater presentation theater.
Presented by IEEE
- Dmitri Vellikok, Senior Principal Consultant , F-Secure North America
- Bob Timpany, Chief, Idaho Operations, NCCIC-ICS-CERT at US Department of Homeland Security
This presentation looks into the concept of layered security and the challenges an IT environment transforming from on-prem to cloud paradigm faces in maintaining it. Secondly, we’ll look at the disappearance of clear barriers between a secured company network and external unsecure internet. Collaboration between companies, partners and ecosystems and the value of information moving freely but safely between the different actors has become a critical success factor. Partner portals, customer communities, cloud platforms and crowdsourcing have brought unquestionable benefits but have also expanded the attack surface. From the problem setting we’ll move onto how F-Secure approaches the security and keeps the organizations protected. Finally we’ll look into a case study: How to protect a partner portal running on a Salesforce Community Cloud with F-Secure Cloud Protection for Salesforce solution. The case study has all the elements of complexity identified above: A cloud based solution providing access to registered partners, crowdsourced contributors and company employees paired with the need to keep all of them secure and protected. The learnings are applicable to a number of business processes from helpdesk agents to CRM and from claim/application processes to vendor/supplier network management.
ICS-CERT works to reduce industrial control system risks within and across all critical infrastructure and key resource sectors by coordinating efforts among federal, state, local and tribal governments, as well as industrial control systems owners, operators and vendors. In collaboration with the other NCCIC components the ICS-CERT responds to and analyzes control systems related incidents, conducts vulnerability and malware analysis, and shares and coordinates vulnerability information and threat analysis through products and alerts.