Redefining CyberSecurity

The rise of digitalization has led to more interconnected rail systems. While this has propelled forward our trains and metros at some seriously high speed, it has also dramatically expanded the threat landscape.In response, governments around the world are racing to implement measures that promote technological advancements for these rail systems whilst assuring that the systems are protected and secure. Sure, it's easy to think about providing timely service, operating efficiently, delivery comfort, keeping up constant communications, and more – but what really matters is that these digital data centers remain safe as they travel between and arrive at various stations both out in the sticks and in the heart of the cities.Where does this leave rail companies? What steps should they take in the event of a cyberattack?Listen in as Sean speaks with Amir Levintal as they get on track as they dig into the elements of the rail systems from the sensors to the tracks to the WiFi and more. It doesn't take long before they jump the rails to test the boundaries of reality.____________________________GuestAmir LevintalCEO and CoFounder of Cylus Cybersecurity [@cylus_security]On LinkedIn | https://www.linkedin.com/in/amir-levintal/On Twitter | https://twitter.com/amirlevintal____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesUnderstanding IEC 62443: https://www.iec.ch/blog/understanding-iec-62443European Standard CLC/TS 50701 Railway applications - Cybersecurity: https://www.en-standard.eu/clc/ts-50701-2021-railway-applications-cybersecurity/Train of Consequences: The Real Cost of Rail Cybersecurity Incidents: https://www.cylus.com/post/the-real-cost-of-rail-cybersecurity-incidentsThe Long-Term Effects of Log4Shell on Railway Systems: https://www.cylus.com/post/log4shell-effect-railway-systems____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Consumers worry about sharing data online, yet most feel they have “no choice” but to share their data if they want to use online services. It's a catch 22 — and it is not a bus.Trust is waning. A majority of consumers, globally, say that trust in the many digital service providers’ ability to keep their personal data secure has decreased over the past five years.Still, despite serious concerns, most consumers share their darkest secrets online via cloud messaging services even though they recognize there would be repercussions for them if the information they shared was leaked.No question, it's a catch 22. But what do we do? That's the catch. Again.Have a listen to learn more about the connections and responsibilities between consumers and the businesses they rely upon to live their digital lives.Note: This story contains promotional content. Learn more.GuestTerry RaySVP Data Security GTM, Field CTO and Imperva FellowOn Linkedin | https://www.linkedin.com/in/terry-ray/On Twitter | https://twitter.com/TerryRay_FellowResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Report | No Silver Linings: Insights into global consumers’ perception of trust, data security, and privacy in the digital world:https://itspm.ag/impervpovwAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

We are thrilled to kick off our event coverage for our first Chats On The Road to RSA Conference 2022 with our good friends to us to give the latest and greatest for what we can expect at this year's event.Listen in to hear more about the theme, venue, sessions, speakers, expo hall, community event, and so much more. And, yes, we decided to capture this one on video too, so be sure to give that a watch for a funny moment as well.Tune in and be sure to join us for more from RSA Conference USA 2022!____________________________GuestsLinda Gray MartinVice President at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/linda-gray-martin-223708/On Twitter | https://twitter.com/LindaJaneGrayBritta GladeSenior Director, Content & Curation at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/britta-glade-5251003/On Twitter | https://twitter.com/brittagladeCecilia Murtagh MarinierCybersecurity Advisor - Strategy, Innovation & Scholars at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/cecilia-murtagh-marinier-14967/On Twitter | https://twitter.com/CMarinier____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebCrowdSec: https://itspm.ag/crowdsec-b1vpBlue Lava: https://itspm.ag/blue-lava-w2qs____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76____________________________Catch the video here: https://youtu.be/UitxhJn2GpsFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp

Your organization has precious resources all over the place: on-premises in the data center on servers and in databases; in the office, at home, on the road on desktops, laptops, tablets, mobile phones, and smart devices; in the cloud inside containers, applications, and a variety of storage services.Assuming you have identified and verified the person and/or system and/or service as a valid entity, how do you ensure they only have access to these resources, when they need them, from the location they need them, from the system they are requesting them, and at the time they are requesting them? This challenge is much more complex than ensuring a user is set up in the directory and has entered a valid password. That’s what this discussion is going to be all about.Join us for this session as we explore the following points:◾️ What does “secure access” mean to security, to ops, to the users, to the business?◾️ Does the conversation and language need to change between groups?◾️ How and where is secure access managed?◾️ How to deal with the systems, applications, and data?◾️ How does it fit in with Risk Management and SecOps?◾️ What are some key challenges orgs face?◾️ What are some of the core elements many orgs leave out?◾️ Are there processes and/or tools to make things easier?◾️ Any best practices or tips to simplify the program?____________________________GuestsShinesa CambricIdentity Champion at Identity Defined Security Alliance [@idsalliance] | Principal Product Manager for Emerging Identity at Microsoft [@Microsoft]On LinkedIn | https://www.linkedin.com/in/shinesa-cambric-cissp-ccsp-cisa®-0480685/On Twitter | https://twitter.com/Gleauxbalsecur1John Sapp JrVP, Information Security & CISO at Texas Mutual Insurance Company [@texasmutual]On LinkedIn | https://www.linkedin.com/johnbsappjrOn Twitter | https://www.twitter.com/czarofcyber____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesIdentify Defined Security Alliance Best Practices: https://www.idsalliance.org/identity-defined-security-framework/best-practices/Enterprise Risk - Engaging Others: https://www.isaca.org/resources/isaca-journal/issues/2020/volume-5/addressing-risk-using-the-new-enterprise-security-risk-management-cycle____________________________Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/secure-access-and-authorization-keeping-precious-resources-safe-from-prying-eyes-and-bad-actors-redefining-cybersecurity-with-sean-martinTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

When it comes to implementing efficient and effective information security programs, higher education institutions can use all the help they can get. That's where the RRCoP community comes in.In today's episode, our guests, Carolyn Ellis, Erik Deumens, and Michael Parisi talk through the goals of the RRCoP community and the impact is has on the higher education cybersecurity community as they work hard to raise the security and compliance posture for their institutions.The 5 RRCoP GoalsGoal 1: Build a CommunityThe Regulated Research Community of Practice (RRCoP) builds a network of people able to help each other in implementing an affordable but effective cybersecurity and compliance program at academic institutions.Goal 2: Collect and Share ResourcesEstablish a leadership training and development program accelerating availability of distributed university resources.Goal 3: Advocate and NegotiateDevelop representation through strategic partnerships with industry and government entities.Goal 4: Manage ChangeThe Department of Defense modified the DFARS clause to mandate that NIST 800-171 be followed for data classified and marked as CUI in 2017. The next evolution of this program, CMMC, has already undergone significant changes now called CMMC 2.0. Other agencies, for example, Department of Education, have indicated that they are considering following a similar path to safeguard data.Goal 5: Simplify ComplianceA collective and streamline approach to compliance lowers the barrier to entrance for expansion of supported regulations by individual institutions.____________________________GuestsCarolyn EllisCMMC Program Manager at UC San Diego [@ucsandiego]On LinkedIn | https://www.linkedin.com/in/carolynellis1/Erik DeumensResearch Computing Director, Information Technology at University of Florida [@UF]On LinkedIn | https://www.linkedin.com/in/deumens-erik-164167146/Michael Parisi, VP of Adoption, @HITRUST____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988____________________________ResourcesRegulated Research Community of Practice: https://www.regulatedresearch.org/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

In this episode, NIST Fellow, Ron Ross, and Pepperdine Graziadio Business School Advisory Board Member, Howard Miller, join the show to discuss risk assessment, reward analysis, and security management in the age of advanced technology and complex system innovation.To secure a system, the sum of all of its parts must also be secure. This includes firmware, applications, APIs, networks, communications, storage, and more. Each complete system is often comprised of multiple subsystems, making it unique and bringing with it its own risk profile different from all other systems.Join us as we explore the concept of analyzing the reward in connection to the risk as a means to help make better risk-vs-reward decisions in support of securely fostering innovation as opposed to stifling innovation out of fear, uncertainty, and doubt.____________________________GuestsRon RossFellow at National Institute of Standards and Technology (NIST) [@NIST]On Twitter | https://twitter.com/ronrossecureOn LinkedIn | https://www.linkedin.com/in/ronrossecure/Howard MillerSVP, Director at Tech Secure and Adjunct Professor and Advisory Board Member at Pepperdine Graziadio Business School Cyber Risk Professional Certification [@Pepperdine / @GraziadioSchool]On LinkedIn | https://www.linkedin.com/in/howardmillerrisk/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesERMO - Enterprise Risk Management Optimization: https://link.springer.com/article/10.1007/s10669-021-09819-xSAE Cyber Physical Systems Security Engineering Plan (CPSSEP) JA7496: https://www.sae.org/standards/content/ja7496/?_ga=2.203579798.760907735.1641314977-1116152771.1641314951NIST Systems Engineering Group: https://www.nist.gov/el/systems-integration-division-73400/systems-engineering-group____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

We may see new "graph" processors in the future that can better handle the data-centric computations in data science. Will that be enough?About DavidDavid A. Bader is a Distinguished Professor in the Department of Computer Science and founder of the Department of Data Science and inaugural Director of the Institute for Data Science at New Jersey Institute of Technology. Prior to this, he served as founding Professor and Chair of the School of Computational Science and Engineering, College of Computing, at Georgia Institute of Technology.____________________________GuestDavid BaderDistinguished Professor and Director, Institute for Data Science, New Jersey Institute of Technology [@NJIT]On Twitter | https://twitter.com/Prof_DavidBaderOn LinkedIn | https://www.linkedin.com/in/dbader13/On Facebook | https://www.facebook.com/ProfDavidBaderWebsite: https://davidbader.net/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesGitHub: https://github.com/Bader-ResearchArkouda: https://github.com/Bears-R-Us/arkoudaNJIT Institute for Data Science: https://datascience.njit.edu/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

In a world where everything is connected and interdependent, complexity has become part of our very way of life, and it must be part of our way of thinking. But, especially when we look at infrastructure security, the boundaries between analog and digital, physical and cyber, are simply not there anymore.In today's conversation, we discuss the importance of looking at our society, economy, and security as a complex system of interdependent subsystems. Everything is connected, and we are not just referring to IoT.From bridges to nuclear plants, to the President's car, and all the way up to space, the security assessment of critical infrastructure is not a checklist but a mindset. About The BookAs a manager or engineer have you ever been assigned a task to perform a risk assessment of one of your facilities or plant systems? What if you are an insurance inspector or corporate auditor? Do you know how to prepare yourself for the inspection, decided what to look for, and how to write your report?This is a handbook for junior and senior personnel alike on what constitutes critical infrastructure and risk and offers guides to the risk assessor on preparation, performance, and documentation of a risk assessment of a complex facility. This is a definite “must read” for consultants, plant managers, corporate risk managers, junior and senior engineers, and university students before they jump into their first technical assignment.____________________________GuestErnie HaydenOn LinkedIn | https://www.linkedin.com/in/enhayden/Publisher's Twitter | https://twitter.com/RothsteinPub____________________________ResourcesBook: https://www.rothstein.com/product/critical-infrastructure-risk-assessment-the-definitive-threat-identification-and-threat-reduction-handbook/____________________________This Episode’s SponsorsArcher: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Every organization has exposure to risk. Every organization experiences events that cross over the risk threshold to quickly realize they are facing an incident head-on.It's how the organization prepares for these situations that matter most. Preparation is so much more than recognizing that a disaster might occur. It's also more than having a documented plan draft months (maybe even years ago) that, if activated, would prove worthless—or worse—counterproductive such that the disaster turns into an all-out crisis. A disaster doesn't need to result in a crisis, and that's what we will cover in this episode—how to keep the business running without killing the business in the process.Join us for this session as we explore the following points:◾️ What is a disaster?◾️ Goals of a disaster recovery plan◾️ How to build a functional plan◾️ Who builds it?◾️ Who validates it?◾️ What is in the plan◾️ How does a BC/DR plan fit into your IT/IS programs (IR, for example)◾️ Testing/Tabletop exercises____________________________GuestsDr Rebecca WynnChief Cybersecurity Strategist & CISO at Click Solutions GroupOn LinkedIn | https://www.linkedin.com/in/rebeccawynncisspGayle AndersGlobal Business Continuity Program Manager at Netflix [@netflix]On LinkedIn | http://linkedin.com/in/gayle-anders-business-continuity-professional____________________________This Episode’s SponsorsArcher: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________Resources____________________________Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/business-continuity-building-and-operationalizing-a-functional-disaster-recovery-plan-redefining-cybersecurity-with-sean-martinTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Data is the fuel that powers the business. What are organizations doing to protect it?Organizations have become the custodians of critical information needed to remain competitive and sensitive information that their customers have entrusted them with. While some organizations have taken this responsibility seriously, governments (state, federal, and international) have had to step in to help guide companies on how best to safely manage this data. There are a ton of rules to follow balanced with a ton of business goals to achieve. That's where a data security strategy and data security program come into play. But, what is data protection and how does it impact the business operations.Join us for this session as we explore the following points:◾️ Roles ◾️ Policies◾️ Controls◾️ Assessment◾️ Demonstrating posture◾️ Maintenance and tuning◾️ Advice for the future____________________________GuestsChris DaskalosData Protection Lead at University of Southern California [@USC]On LinkedIn | https://www.linkedin.com/in/chrisdaskalosAndy RappaportData Security Architect at iRobot [@iRobot]On LinkedIn | https://www.linkedin.com/in/andyrappaport/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesData Security Roadmap Example: https://docs.google.com/presentation/d/1t6otQ5a8h3d8euN6bnzCZMxhPcKtVUKf/edit#slide=id.p1____________________________Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/creating-a-data-security-strategy-and-operationalizing-a-mature-data-security-program-redefining-cybersecurity-with-sean-martinTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships