kijiji 160616

Carlos Chalico LI, CISA, CISSP, CISM, CGEIT, CRISC, PbDLA, ISO27001LA

Instructor University of Toronto

School of Continuing Studies +1(647)406-7785

carlos.chalico@utoronto.ca @CarlosChalicoT

#IoT

Understanding IoT

Internet of Things

Understanding IoT

Thing

Identification Communication

Sensitivity Control

Native

Enabled

IoT Expected Market Growth

7.11.8700531

Trillion - USA

Trillion - China

Billion - Germany

Billion - UK

Estimated Value for

the Internet Of Things in 2030

Fuente: The Growth Game-Changer; Accenture

IoT GDP Impact (Current Conditions)

IoT GDP Impact (with additional measures)

7.11.8700531

Trillion - USA

Trillion - China

Billion - Germany

Billion - UK

Estimated Value for

the Internet Of Things in 2030

Fuente: Winning with the Industrial Internet of Things; Accenture

• NAC = National Absorptive Capacity - Reliable banking and finance - Education - Good governance - Healthy network of suppliers - Levels of research and development

- Presence of High-Tech companies - Degree of Technology Skills - Level of social and end-user acceptance - Willingness to embrace organizational

change - Ability to respond to the impacts on

human capital

Most conductive environments

Weaker enabling environments

Middle Performing Cohort

IoT Expected Market Growth

100%

Is there any threat for the IoT?

Fuente: Defending the Digital Frontier: A Security Agenda; Jose Granado, Sajay Rai, Mark Doll

Inve

stm

ent

High

Low

1990s 2000sTime

Information Security

Inform

ation

Techno

logy

Security

Breach

Is there any threat for the IoT?

Is there any threat for the IoT?

Is there any threat for the IoT?

XX

XX

X

XX

NYSE - Navigating the Digital AgeVI. Cybersecurity beyond your network

32. The Internet of Things • IoT Benefits • IoT Privacy Issues • IoT Security Issues • Addressing the Issues

• Not future, here, today • Consider risks and challenges • One step ahead • Security protocols standardization • Notifying security breaches • Solve issues related to breaches • Develop legal agreements with IoT

vendors

The OWASP Model - The IoT Top 10 Project• I1 Insecure Web Interface • I2 Insufficient Authentication/

Authorization • I3 Insecure Network Services • I4 Lack of Transport Encryption • I5 Privacy Concerns • I6 Insecure Cloud Interface • I7 Insecure Mobile Interface • I8 Insufficient Security Configurability • I9 Insecure Software/Firmware • I10 Poor Physical Security Ethics

https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project

Protect from the very very beginning

Good Readings

Carlos Chalico LI, CISA, CISSP, CISM, CGEIT, CRISC, PbDLA, ISO27001LA

Instructor University of Toronto

School of Continuing Studies +1(647)406-7785

carlos.chalico@utoronto.ca @CarlosChalicoT

#IoT