The current state of IoT security and privacy may look different to many people, businesses, and governments. This discrepancy could be a problem. With so many different viewpoints, it can be challenging to raise the bar and protect society from the technologies they are using.

In this episode with security researcher and privacy advocate, David Rogers, we explore how organizations can leverage the work legislators and industry standards bodies such as ETSI are producing to help their operations (product development, IT operations, security operations, and more) bring consumer devices to market with security and privacy built in. We even discuss the value of translating codes of practice into multiple languages to help bridge the gap and remove the barriers to gaining traction with best practices around the world.

Also, there's a lot that goes into create a standard that get published or a bill that gets passed into law. That journey, the way different individuals look at it, write, and translate it into something can actually be applied — and then audited and enforced — can be very tricky. For example, if the law includes the word "timely," what does that actually mean in practice? David and I get to discuss this a bit as well, as this is something that may not be well understood.

There's a shout-out to Aaron Guzman [@scriptingxss] re: the work he and others are doing at the Cloud Security Alliance [@CloudSA] and OWASP [@OWASP].

Have a listen.

____________________________

Guest David Rogers Founder and CEO at Copper Horse Ltd [@copperhorseuk] On LinkedIn | https://www.linkedin.com/in/davidrogersuk/ On Twitter | https://twitter.com/drogersuk

____________________________

This Episode’s Sponsors Imperva: https://itspm.ag/imperva277117988 Asgardeo | https://itspm.ag/asgardeo-by-wso2-u8vc

Are you interested in sponsoring an ITSPmagazine Channel? 👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

____________________________

Resources

Inspiring post: https://www.linkedin.com/posts/davidrogersuk_mapping-security-privacy-in-the-internet-activity-6929775703894728704-v3Zc

The Long Road to a Law on Product Security in the UK: https://mobilephonesecurity.org/2021/11/the-long-road-to-a-law-on-product-security-in-the-uk/

Product Security and Telecommunications Infrastructure Bill: https://bills.parliament.uk/bills/3069

ETSI EN 303 645: https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf

Podcast | Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | David Rogers: https://redefining-cybersecurity.simplecast.com/episodes/black-hat-25-def-con-30-live-streaming-coverage-with-itspmagazine-david-rogers-redefining-cybersecurity-podcast-with-sean-martin-and-marco-ciappelli

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.