{"id":345,"date":"2022-06-14T01:05:30","date_gmt":"2022-06-14T01:05:30","guid":{"rendered":"https:\/\/securitybydesign.de\/?p=345"},"modified":"2022-06-20T10:23:50","modified_gmt":"2022-06-20T10:23:50","slug":"insights-from-rsa-conference-2022","status":"publish","type":"post","link":"https:\/\/securitybydesign.de\/?p=345","title":{"rendered":"Insights from RSA Conference 2022"},"content":{"rendered":"\n<p>Banners advertising cybersecurity on houses, busses and everywhere. The city of San Francisco talks security in the week of <a href=\"https:\/\/www.rsaconference.com\/usa\">RSA Conference<\/a>. The event itself is really huge with many tracks in parallel. I even got lost one time at the expo which seems to be twice the size of the German it-sa. But I had to refill my stock of pens anyway after the break of in-person events caused by Corona \ud83d\ude09<br>However, I did not only bring home pens and shirts, but also new insights described in this article.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/securitybydesign.de\/wp-content\/uploads\/2022\/06\/RSAC2022.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"1024\" src=\"https:\/\/securitybydesign.de\/wp-content\/uploads\/2022\/06\/RSAC2022-1024x1024.jpg\" alt=\"\" class=\"wp-image-346\" srcset=\"https:\/\/securitybydesign.de\/wp-content\/uploads\/2022\/06\/RSAC2022-1024x1024.jpg 1024w, https:\/\/securitybydesign.de\/wp-content\/uploads\/2022\/06\/RSAC2022-300x300.jpg 300w, https:\/\/securitybydesign.de\/wp-content\/uploads\/2022\/06\/RSAC2022-150x150.jpg 150w, https:\/\/securitybydesign.de\/wp-content\/uploads\/2022\/06\/RSAC2022-768x768.jpg 768w, https:\/\/securitybydesign.de\/wp-content\/uploads\/2022\/06\/RSAC2022.jpg 1372w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Threat Modelling made easy<\/h2>\n\n\n\n<p>Threat modelling often fails because methods are too complex. Alyssa Miller, one of the authors of the <a href=\"https:\/\/www.threatmodelingmanifesto.org\/\">threat modelling manifesto<\/a>, pointed out in her presentation that threat modelling can be easy and everyone is able to do it. We already do it every day like when deciding if we wear a mask at the conference or not. She also showed with the example in the picture above how natural language can be used to simplify threat modelling. At this point I was reminded about threat modelling requirements from the automotive cybersecurity standard ISO\/SAE 21434 and whether they might be too detailed (cp. Anti-Pattern \u201cTendency to Overfocus\u201d from Threat Modelling Manifesto). I will spend some more thoughts on this later on. There is definitely a tendency to focus (too?) much on details and methods in Automotive TARA (Threat Analysis and Risk Assessment).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Privacy<\/strong> on the rise, but still way to go<\/h2>\n\n\n\n<p>Privacy is definitely on the rise, also at RSA Conference. There was a keynote with the Chief Privacy Officers (CPOs) of Google and Apple and they pointed out that privacy has highest attention in their companies. But imho there is still way to go and most tech giants (except Apple) are struggling with practical implementation because their business model does not go well together with privacy. Google\u2019s CPO Keith Enright mentioned consent as the gold standard. I disagreed in my presentation because \u201cConsent on Everything\u201d is often misused to legitimate processing of personal data. That\u2019s why it became risk #4 of the updated <a href=\"https:\/\/owasp.org\/www-project-top-10-privacy-risks\/\">OWASP Top 10 Privacy Risks<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Bruce Schneier<\/strong>&#8216;s new book<\/h2>\n\n\n\n<p>Bruce Schneier presented contents of his new book that will be published in January. It\u2019s about hacking, but not only about IT hacks. It covers cheating on systems and laws in general like the tax system or emission regulation and how AI could speed up finding such hacks. There is more information on his talk in <a href=\"https:\/\/www.darkreading.com\/dr-tech\/why-ais-will-become-hackers\">this article<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Business Information Security Officers needed<\/h2>\n\n\n\n<p>Nicole Dove pointed out that BISOs (Business Information Security Officers) are on the rise and needed to support business teams in implementing cybersecurity. They should move from a \u201cNO\u201d to a \u201cYES, and\u201d attitude to get better results. There is also a <a href=\"https:\/\/www.youtube.com\/watch?v=2y22KtfybL8\">video<\/a> with Nicole where she talks about the role of the BISO.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Cybersecurity Workforce Gap<\/h2>\n\n\n\n<p>The cybersecurity workforce gap and how to address it was topic of several presentations. Bryan Palma proposed in his keynote \u201cSoulless to Soulful: Security\u2019s Chance to Save Tech\u201d to come up with new ideas and collaborate across company-borders to close the workforce gap. He proposed the new campaign \u201cI do <strong>#soulfulwork<\/strong>\u201d because for many employees it is important to do something good and valuable in their work which is definitely the case in the area of cybersecurity.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Disinformation<\/h2>\n\n\n\n<p>The closing keynote \u201cThe Hugh Thompson Show\u201d started very funny, but only to discuss one of the most serious topics in today\u2019s world later on: Disinformation and how it threatens our democratic values. The panelists proposed several ideas on how to address it, but in the end they pointed out that education and awareness will be key to be able to challenge (fake) news and validate sources. They also recommended to talk to each other in real and not only on social media.<\/p>\n<div class=\"shariff\" data-title=\"Insights from RSA Conference 2022\" data-info-url=\"http:\/\/ct.de\/-2467514\" data-backend-url=\"https:\/\/securitybydesign.de\/wp-content\/plugins\/shariff-sharing\/backend\/index.php\" data-temp=\"\/tmp\" data-ttl=\"60\" data-service=\"gftlx\" data-services='[\"googleplus\",\"facebook\",\"twitter\",\"linkedin\",\"xing\",\"info\"]' data-image=\"https:\/\/securitybydesign.de\/wp-content\/uploads\/2022\/06\/RSAC2022-1024x1024.jpg\" data-url=\"https:\/\/securitybydesign.de\/?p=345\" data-lang=\"en\" data-theme=\"round\" data-orientation=\"horizontal\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Banners advertising cybersecurity on houses, busses and everywhere. The city of San Francisco talks security in the week of RSA Conference. The event itself is really huge with many tracks in parallel. I even got lost one time at the &hellip; <a href=\"https:\/\/securitybydesign.de\/?p=345\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,6,4,2],"tags":[],"class_list":["post-345","post","type-post","status-publish","format-standard","hentry","category-governance-risk","category-law-politics","category-privacy","category-security-management"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/securitybydesign.de\/index.php?rest_route=\/wp\/v2\/posts\/345","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securitybydesign.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securitybydesign.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securitybydesign.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securitybydesign.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=345"}],"version-history":[{"count":10,"href":"https:\/\/securitybydesign.de\/index.php?rest_route=\/wp\/v2\/posts\/345\/revisions"}],"predecessor-version":[{"id":359,"href":"https:\/\/securitybydesign.de\/index.php?rest_route=\/wp\/v2\/posts\/345\/revisions\/359"}],"wp:attachment":[{"href":"https:\/\/securitybydesign.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securitybydesign.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securitybydesign.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}