The current state of IoT security and privacy may look different to many people, businesses, and governments. This discrepancy could be a problem. With so many different viewpoints, it can be challenging to raise the bar and protect society from the technologies they are using.
In this episode with security researcher and privacy advocate, David Rogers, we explore how organizations can leverage the work legislators and industry standards bodies such as ETSI are producing to help their operations (product development, IT operations, security operations, and more) bring consumer devices to market with security and privacy built in. We even discuss the value of translating codes of practice into multiple languages to help bridge the gap and remove the barriers to gaining traction with best practices around the world.
Also, there's a lot that goes into create a standard that get published or a bill that gets passed into law. That journey, the way different individuals look at it, write, and translate it into something can actually be applied — and then audited and enforced — can be very tricky. For example, if the law includes the word "timely," what does that actually mean in practice? David and I get to discuss this a bit as well, as this is something that may not be well understood.
There's a shout-out to Aaron Guzman [@scriptingxss] re: the work he and others are doing at the Cloud Security Alliance [@CloudSA] and OWASP [@OWASP].
Have a listen.
____________________________
Guest
David Rogers
Founder and CEO at Copper Horse Ltd [@copperhorseuk]
On LinkedIn | https://www.linkedin.com/in/davidrogersuk/
On Twitter | https://twitter.com/drogersuk
____________________________
This Episode’s Sponsors
Imperva: https://itspm.ag/imperva277117988
Asgardeo | https://itspm.ag/asgardeo-by-wso2-u8vc
Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network
____________________________
Resources
Inspiring post: https://www.linkedin.com/posts/davidrogersuk_mapping-security-privacy-in-the-internet-activity-6929775703894728704-v3Zc
The Long Road to a Law on Product Security in the UK: https://mobilephonesecurity.org/2021/11/the-long-road-to-a-law-on-product-security-in-the-uk/
Product Security and Telecommunications Infrastructure Bill: https://bills.parliament.uk/bills/3069
ETSI EN 303 645: https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf
Podcast | Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | David Rogers: https://redefining-cybersecurity.simplecast.com/episodes/black-hat-25-def-con-30-live-streaming-coverage-with-itspmagazine-david-rogers-redefining-cybersecurity-podcast-with-sean-martin-and-marco-ciappelli
____________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast