Mitigating Risks Throughout the Lifecycle for Government Agencies - Seguridad Mania.com - España y América Latina

As the cyber threat landscape evolves and external dependencies grow more complex, managing risks to enterprises and connected embedded systems requires more than reactive measures. Many organizations are proactively reducing their attack surfaces both in their cyber supply chain and in assets being targeted for exploitation. This is particularly significant for network-connectable devices. The Internet of Things (IoT) is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure sectors. Testing can provide the information needed to determine “fitness for use” and trustworthiness of assets. IT asset management should leverage automated means for detecting weaknesses and vulnerabilities in software. Addressing cyber supply chain dependencies enables enterprises to harden their attack surface by comprehensively identifying exploit targets, understanding how assets are attacked, and providing more responsive mitigations. Security automation tools and services, testing, and certification programs now provide means for organizations to reduce risk exposures attributable to exploitable software. This presentation addresses means for using information to prioritize mitigation efforts focused on reducing exploitable attack vectors, thus enabling organizations to proactively harden their attack surface and become more resilient in the face of growing threats and asymmetric attacks. Joe Jarzombek is Director for Government, Aerospace & Defense Programs in Synopsys, Inc. He guides efforts to focus Synopsys’ global leadership in electronic design automation (EDA), silicon IP, and software security and quality solutions on addressing the needs of the public sector and the aerospace and defense communities. Jarzombek has over 30 years’ experience focused on software security, safety, and quality in embedded and networked systems and enterprise IT.