A practical approach to cyber security architectures: In a hybrid ecosystem we have not only to find a suitable security model for IT but also for OT like in production environments. And after all cloud services are adding another dimension of complexity. We will take a short look at the security basics, compare some outdated, updated and up-to-date security models finding suitable models for IT-security, OT-security and cloud-security. Finally we will put it all together in combined scenarios. This presentation will focus on practical security architecture rather than on formal compliance.
Key Topics:
* IT-security, OT-security, cloud-security
* Cyber security: from basics, perimeter, air gap to zero trust
* Hybrid world: isolation or integration
* Tops and flops in practical cyber security
This presentation will explore adding deception as a component of a security-in-depth strategy to increase cyber resilience (in case the garlic, crosses, and wooden stakes are not effective). We will discuss whether you should invite attackers into your network. Much like with vampires, inviting attackers in can have serious repercussions. However, unlike vampires, cyber attackers do not need an invitation. Fortunately, deception within our networks can aid in identifying, delaying, and evicting unwanted guests, including insider threats (or vampires already amongst us). We will explore several deception use cases that can dramatically increase cyber resilience without attracting more attackers.
