Recently MinJin and I went to a conference: 5th Security World The conference mainly focused on Zero Trust, AI, Cloud.
The conference was mainly talking about the how corperates and the national government agency should react to the hyper connected society. In fact, I thought this conference is teaching national government agency and companies to reduce the gap between now and past. The time did not past that much, but development of technology widen the gap over and over.
In the conference, there was two sessions I thought interesting. One was about what Korean government should do to catch up the 4th industrial revolution.
1. Korean government needs to separate the net
To do so, make a net for classified secure data. (this is for preventing the data leak incident like Korea Hydro & Nuclear Power case .) Rest of them are connected to internet with cloud.
2. Korean government should focus on trustworthiness and security by desgin
In this 5G & IoT generation , every products and net should be focus on the thrustworthiness which is more than just focusing on the security.
If National government and companies wants the secure enviroment, it is time for them to consider availability, realiability, safety and secuirty as one. Just like in the picture below.
Previously, most of people consider the avialibility, reliability and safety as one package. But since the trustworthy become important, people tried to add security inside additionally. And this really burdens many developers. So instead of additional work , it is time to think four things as one package.
3. Korean government should recommand government agency and company to hire more secuirty personnel
Currently, each place have small number of secuirty team. But considering IoT data which is pretty important, they should hire secuirty team more and more as large scale.
Second presentation was about the importance and key point of cybersecurity culture. Basically speaker pointed main two things.
1. Understand your cybersecurity culture
understanding own company’s cybersecuirty culture is very important. This is because, by understanding own culture makes easier to see what is their vulneralbility is.
2. Rewarding and recognizing is important
one of the speaker said it is important to reward and recognize is important in the company. She said it is important to make mood to make company people not scare about the cybersecuirty. For example, she often send a phising email to thier companies. If they brings the phishing mail to her, she gives little prize for rewarding. That way people started not to fear and company can see what is thier vulnerability such as who are trying to attack them.
zero trust = should not trust anyone in the security field anymore. Do not even trust myself.
cloud =it is important to reduce gap. It is important to figure out how much company and cloud will share the responsiblilty. And how to regulate.