Speaker:
John Walker, Visiting Prof., Nottingham Trent University; Advisory Board, Research Centre in Cyber Security (KirCCS), University of Kent and Fmr Royal Air Force Security and Counter Intelligence

English

In the beginning, the Genesis age of the Internet offered positive opportunities for connectivity, creativity and commercial opportunities, and shrunk the potential of low cost access to communications to all. However, as time has always demonstrated, no matter the landscape, the dark clouds of criminality and abuse will always form to feed of the public and commercial activities. To this end, the over-complex computerized systems, and the embracement of technology, and an always on-line lifestyle choice have offered up a significant surface of attacks for exploitation and compromise. Be the danger Ransomware, Malware, Exposed WiFi, the Darknet, or support of illicit activities in the form of Drugs, People Trafficking and Child Abuse (exploitation), with levels of adversity continuing to reach even darker depths! Today, in a world of three Cyber Security Classifications, which are:

• You have been hacked
• You will be hacked
• You have been hacked but don't know it

We look into the history of insecure computing, investigate the real-potentials that facilities Cyber Crime, dig into the Dark Web of illicit shopping offerings, and look to the future of regulating the internet. To add the positive, we will also explore the mitigation of good security practice, OSINT (Open Source Intelligence), and First Response Cyber Forensics Engagement to maximize the potential of Cyber Survival in the Electronic World.

Português

No início, a era da Internet na Gênesis oferecia oportunidades positivas de conectividade, criatividade e oportunidades comerciais e reduzia o potencial de acesso de baixo custo às comunicações para todos. No entanto, como o tempo sempre demonstrou, não importa a paisagem, as nuvens escuras de criminalidade e abuso sempre se formarão para alimentar as atividades públicas e comerciais. Para esse fim, os sistemas computadorizados supercomplexos, o acolhimento da tecnologia e uma escolha de estilo de vida sempre on-line ofereceram uma superfície significativa de ataques por exploração e comprometimento. Seja o perigo Ransomware, Malware, Expostos WiFi, o Darknet, ou apoio de atividades ilícitas na forma de drogas, tráfico de pessoas e abuso infantil (exploração), com níveis de adversidade continuam a atingir profundidades ainda mais escuras! Hoje, em um mundo de três classificações de segurança cibernética, que são:

• Você foi hackeado
• Você será hackeado
• Você foi hackeado, mas não sabe

Vamos olhar para a história da computação insegura, investigar os potenciais reais que as instalações do Cyber

Speaker:
Jeremy King, International Director, PCI Security Standards Council

In an increasingly digital world, where players from virtually all sectors are racing to innovate, the risk of data theft is very real. The payment card industry has defined standards for protecting cardholder account data. But what about other data types? And what can be learned from payment card industry standards? As recent, high-profile breaches have shown, personal data is increasingly being targeted by cyberattackers and must be protected. Even email addresses, if left unprotected, can be valuable resources for attackers interested in waging socially engineered attacks against customers and consumers.

So what lessons can be learned from the data security practices that the payment card industry has introduced over the years? This session reviews the various solutions used to secure cardholder data and describes why ongoing work to devalue data, regardless of the data type, has become increasingly critical.

Speaker:
Prashant Pillai, Director of the Wolverhampton Cyber Research Institute, University of Wolverhampton

Critical National Infrastructure (CNI) refer to the various systems, networks, facilities and services upon which daily life depends. One such infrastructure is our power networks that are responsible for providing us with electricity that has become central to the ability of modern societies to function. Apart from being used in homes and industries, several critical infrastructures like hospitals, air traffic control, water and gas supply networks, mobile communication and even the financial sector are dependent upon electricity. A major attack on a nation's power grid would shut down any country. Future Smart Grid technology facilitates the integration of storage and renewables with the grid to ensure sustainability of electricity supply, mitigate rising power outages and help meet the rapidly rising demand for clean energy in urban and rural areas. Reliable, fast and secure communication infrastructure is required to attain these benefits of smart grids. Future smart power grids that aim to use Internet communication to provide such efficient control are vulnerable to various security attacks. This talk also introduces the security and QoS requirements for smart grid communications, Key security vulnerabilities, types of attacks and the arising research challenges are detailed.

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and it has just released Version 6 of its Best Practices to Mitigating Insider Threats. As part of this research, the center addresses how to detect and prevent insider fraud, as well as how to map insider threat programs to existing standards such as the NIST Cybersecurity Framework.

Attend this session to learn:

• The latest research on insider fraud
• How "accidental insiders" are enabling fraud schemes
• How to map your insider fraud/threat program against industry standards, including the NIST Cybersecurity Framework.