June Speaker Series - John Wang - Security Requirements - 21-June 6:30 pm

When
21 Jun 2017
6:30 PM - 8:00 PM
Location
George Brown College Casa Loma Campus, 146 Kendall Avenue, Toronto, ON (Dupont TTC Subway Station)

Registration

2017 PM*BA World Toronto
Enter code to attend this Speaker Series
George Brown Students in Current BA Program
IIBA Toronto Member
Member in good standing of the IIBA Toronto Chapter
Non-member of Toronto Chapter – $25.00
Not currently an IIBA Toronto Member. $25 if pre registered. $35 at the door. Online registration closes at 3 PM on the day of the event.

Registration is closed

Assessing and Managing Security Risk in IT Systems

A Structured Methodology
John Wang

“An increasing number of software organizations recognize that developing security requirements is more important than designing protections because paying attention to security requirements in the early stages of the software lifecycle potentially saves millions of dollars.”

~Qian Gao

Building Security Requirements

Security is not about features.

It is typically difficult (or impossible) to patch bad software, and nearly always costly to do so. Early consideration of security makes it part of the standard SDLC, and places it on a par with functional requirements. You can’t test what you don’t specify.

"75% of all attacks today occur at the application layer and bypass traditional firewalls."
~Gartner

1. Information States
Transmission
Storage
Processing

2. Countermeasures
Human Factors
Policy and Practices
Technology

3. Security Goals
Confidentiality
Integrity
Availability

4. Anatomy of A Breach

Why security requirements matter

SECURITY NEWS THIS WEEK: MICROSOFT’S PATCHING OLD VERSIONS OF WINDOWS BECAUSE THINGS ARE THAT BAD

INTEREST IN NORTH Korean hacking comes and goes, but this week experts cautioned that the US shouldn't underestimate or ignore this persistent and growing threat. The FBI and DHS even officially attributed the destructive WannaCry ransomware to the reclusive nation.

Meanwhile, new analysis from the cybersecurity firms ESET and Dragos Inc. offered details on the advanced, grid-sabotaging malware hackers used to attack a Ukrainian electrical power station last December. Incarceration rates are rising in the rural US. And Georgia's voting systems have no backup means of audit if the state's digital systems malfunction (or are, say, hacked).

At least the Department of Defense is still on the cutting edge. Its Strategic Capabilities Office is working on developing ways to weaponize video games. And special prosecutor Robert Mueller has put together an all-star investigatory team.

Plus the CIA could be lurking on basically every router out there, according to documents released by WikiLeaks. So here's a list of everyone President Donald Trump has blocked on Twitter to take your mind off things.

And there's more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.

MICROSOFT PUSHED PATCHES FOR OLD WINDOWS SYSTEMS TO AVOID ANOTHER WANNACRY SITUATION

In May, Microsoft released patches for the virulent WannaCry ransomware for Windows XP even though that operating system is no longer officially supported. This week, the company followed up with a dozen additional patches that cover no-longer-supported versions including Windows XP, Windows Vista, Windows 8, Windows Server 2003, and Windows Server 2003 R2. Microsoft said that though it is not reinstating support for these aging OSes, it does want to take "action to provide additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures." While working to anticipate and preempt the next WannaCry-type incident is important, some experts worry that making too much of a habit of patching old systems will give stragglers an excuse to hold out on these dangerously insecure platforms even longer instead of being forced to upgrade. On the other hand, security pressure hasn't really created that urgency so far.

Source: https://www.wired.com/story/microsoft-windows-xp-security-patch/

Event Particulars

ROOM E430
George Brown College
Casa Loma Campus
146 Kendal Avenue, Toronto
May 24, 2017. 6:30 pm

Map

Wednesday, June 21, 2017
Time: 6:30 – 8:00 pm
Registration & Networking: 6:00 – 6:30 pm
Presentation: 6:30 – 8:00 pm

Networking: 8:00 -

Room E430

Event Partner

IIBA Toronto
Summer Collaboration

Get Certified
This Summer