Hi [[ session.user.profile.firstName ]]

Identifying and Managing Vulnerabilities in Health Care

The nearly blinding pace of technology growth in health care has led to networks of systems and devices that not only help support and maintain human lives, but have also taken on some of the characteristics of the biological systems they interact with. As the patient changes so do the medical devices connected to the patient, and so does the network connected to the medical devices. This interconnected system of man and technology has led to an environment where vulnerabilities in the technological systems can lead to dire consequences for the patient. Like the human systems technology must interact with, the technological systems need to be managed throughout their entire lifecycle, from inception to retirement. Please join this session for an overview of how vulnerabilities can be discovered, and what we need to do to continue managing vulnerabilities throughout the lifecycle of a healthcare system.
Recorded Nov 13 2014 64 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Mike Ahmadi (Medical Device Security, Codenomicon); Debra Bruemmer (Security Analyst, Mayo Clinic); Skip Snow (Forrester)
Presentation preview: Identifying and Managing Vulnerabilities in Health Care

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Medical Device Security: An Industry Under Attack and Unprepared to Defend Jun 21 2017 4:00 pm UTC 45 mins
    Larry Ponemon, Chairman of Ponemon Institute & Mike Ahmadi, Director of Critical Systems Security of Synopsys
    A recent survey commissioned by Synopsys was designed to understand the risks to clinicians and patients due to insecure medical devices. The resulting report identified some expected findings, but others were extremely surprising. For instance, 67% of medical device manufacturers and 56% of healthcare delivery organizations believe an attack on a medical device built or in use by their organization is likely to occur over the next 12 months. Join Larry Ponemon of the Ponemon Institute and Mike Ahmadi of Synopsys as they discuss report highlights. They will also provide insight and predictions regarding the future of security in the medical device and healthcare industries.
  • Don’t WannaCry? Here’s How to Stop Those Ransomware Blues Jun 13 2017 4:00 pm UTC 60 mins
    Steve Cohen, Product Marketing Manager, Synopsys & Robert Vamosi, CISSP and Security Strategist, Synopsys
    After taking the world by storm, it’s time to dig into the WannaCry ransomware worm to learn how a decades-old technique is still catching us off-guard. We’ll also examine how to safeguard your organization in the future against this type of attack.

    In this webinar, our experts will discuss the benefits of securing your organization's software to keep the bad actors from pivoting from vulnerabilities in the network layer to those in the application layer. We'll show you how to shrink the time to value in the market without compromising quality and security via a secure SDLC.
  • Software Security Strategy with BSIMM Recorded: May 3 2017 54 mins
    Sammy Migues, Principal Scientist
    If you play a role in your organization’s software security program, you know there is no shortage of things to do. In fact, the Building Security In Maturity Model (BSIMM) calls out the 113 most commonly observed software security activities. The BSIMM enables experts like you to discover what others are doing in this universe, how those activities currently work, how they worked in the past, and how they are likely to work in the future.

    However, implementing BSIMM activities like a checklist won’t get you to success. It takes some real strategy to efficiently include new software security activities and also ensure existing activities continue to be applied well.

    Listen as Sammy Migues, Principal Scientist at Synopsys, discusses how to marry BSIMM activities to a strategy enabling you to build a viable security program. Sammy bases his insights on over 300 in-depth assessments within the BSIMM and 30+ years of industry experience.
  • Moving Toward Better Security Testing of Software for Financial Services Recorded: Apr 20 2017 62 mins
    Steve Kosten, SANS instructor & Mike Ware, managing principal at Synopsys Software Integrity Group
    The financial services industry (FSI) maintains high-value assets and typically operates in a very complex environment. Applications of all types—web applications, mobile applications, internal web services and so forth—are being developed quickly in response to market pressures by developers with limited security training and with relatively immature processes to support secure application development. This combination presents a juicy target for attackers, and data shows that the FSI continues to be a top target. Attempts to introduce security into the application life cycle frequently face challenges such as a lack of available application security expertise, concerns about costs for tooling, and a fear among product owners that security processes might impede the development cycle and slow their response to market conditions.

    This webinar will explore:
    - Who is the financial services industry (FSI)?
    - Drivers of application security
    - Inhibitors of application security
    - The foundation of a secure SDLC
  • Forrester Total Economic Impact™ Study: Seeker® – IAST Recorded: Mar 1 2017 52 mins
    Liz Witherspoon, Forrester & Nadav Kotlarsky, Sr. Product Manager, Seeker
    Implementing Seeker, Interactive Application Security Testing by Synopsys, in your Agile development environment not only reduces time and cost to remediate security vulnerabilities, but also reduces risk of a data breach. To quantify these benefits, Synopsys commissioned Forrester Consulting to conduct an in-depth customer case study to examine the potential ROI an organization may realize from deploying Seeker.

    Join guest speaker Liz Witherspoon, Principal Consultant at Forrester Research, and Nadav Kotlarsky, Sr. Product Manager, as they explore an in-depth customer case study quantifying the potential ROI of deploying Seeker.
  • What's New in Coverity 8.7 Recorded: Jan 25 2017 44 mins
    Yan Huang, Sr. Product Manager, Coverity
    Synopsys, Inc. recently released Coverity 8.7, the latest version of the company's industry-leading static analysis tool and one of the core components of its Software Integrity Platform.

    This webinar presents several imporant updates to enhance its security analysis and extend its utility to a broader audience, including organizations developing web and mobile applications and software systems for vehicles and other safety-critical systems.

    Highlights:
    - Enhances Android security analysis to detect critical vulnerabilities and weaknesses on the OWASP Top 10
    - Improves security analysis and accuracy for JavaScript, Java and C# web applications
    - Expands desktop analysis with Integrated Development Environment (IDE) plugins for mobile and web application security testing
  • How to Deliver Robust and Secure Software Recorded: Dec 13 2016 59 mins
    Jonathan Knudsen
    Software development is a mad rush to market where it seems like the only thing that matters is functionality. Everyone is just trying to make something that works and start selling it before anyone else.
     
    In the long game, security, robustness, and safety are crucial. Resilient, enduring software demands a proper secure development life cycle (SDLC) in order to locate and eliminate vulnerabilities during product development and after release.
     
    Automated tools are indispensable for locating vulnerabilities, and a signoff approach to the SDLC results in a final product, brought to market in a timely fashion, that presents a minimized risk to both producer and consumer.
     
    This presentation examines the classes of tools that locate vulnerabilities and shows how they are used in the context of product development to save time and money and minimize risk.
  • 5 Questions to Ask Your Software Provider About Cybersecurity Recorded: Nov 11 2016 38 mins
    Robert Vamosi, Security Strategist
    Congratulations! You’ve taken the first steps to get that great IoT idea of yours into production. You’ve even hired a team of engineers to build out your dream. But in the rush to market, security (and software security in particular) cannot be an afterthought with IoT. Unlike a server crash in an enterprise environment, failure of an IoT device or component can result in direct physical harm. Think of medical devices. Or connected cars. Or industrial control systems. So, are you doing all you can to make sure your software does not contain weaknesses and vulnerabilities that could bite you later on down the road? In this talk I'll discuss the need for software testing, early and often, both known and unknown vulnerabilities. Not only for the code you create in house, but also for the code you adopt from outside sources -- up to 90% can come from sources outside of your control. Topics covered include static analysis, fuzz testing, software composition analysis, interactive application security testing, and test optimization.
  • The Total Economic Impact Of Software Testing Tools: Coverity & Defensics Recorded: Oct 19 2016 48 mins
    Yan Huang, Coverity Product Manager; Sami Petaejaesoja, Defensics Product Manager; Mark Van Elderen, Moderator
    Commissioned study conducted by Forrester Consulting on behalf of Synopsys. Join Yan Huang, Sr. Product Marketing Manager - Coverity, and Sami Pataejaesoja, Sr. Product Marketing Manager - Defensics, as they dive deeper into the "The Total Economic Impact of Synopsys Testing Tools: Coverity and Defensics," case study. In this webinar, learn how to use the Total Economic Impact (TEI) framework to assess the potential return on investment your organization can realize by deploying Coverity and Defensics. Watch this webinar to learn how to achieve: faster time to market, fewer post release business disruptions, and best practices from existing customers with years of experience using security testing tools.
  • SAE Technical Webinar: Cybersecurity for the Life of the Car Recorded: Jul 14 2016 61 mins
    Mike Ahmadi, Global Director, Critical Systems Security, Synopsys Software Integrity Group
    Connectivity is making cybersecurity a must-have obligation from initial designs through end of life. Automakers and suppliers have several unique challenges as they attempt to provide connectivity in vehicles that have burgeoning amounts of software that must remain secure and efficient over long vehicle lifetimes. Throughout the industry, there is a race to leverage safeguards used in other industries in ways that meet automotive safety and reliability requirements.

    During this one-hour webinar, industry experts will address design, development, and implementation of security-critical cyber-physical vehicle systems; implementation strategies, process, and lifecycle management; and cybersecurity assurance verification and validation practices being implemented by members of SAE working groups. A number of tools will be employed, many using over the air (OTA) updating to fix vulnerabilities and adapt to changing threats.

    An audience Q&A will follow the technical presentations.
  • Connected Cars: Driving Change in Automotive Software Security Recorded: Apr 5 2016 64 mins
    Chris Rommel (VDC Research); John Jacott (Synopsys Software Integrity Group)
    As the automotive industry embraces software and connectivity to deliver innovative features and functionality, the code bases of in-vehicle systems have grown exponentially, sustained by increasingly complex software supply chains. The pace and magnitude of this change challenges the incumbent resources and processes that OEMs and their suppliers possess to test and harden these interconnected and often safety-critical systems. This paradigm, compounded by the evolving threat landscape and sophistication of cyber attackers, is elevating the level of risk associated with automotive software quality, security, and compliance. As demonstrated by recent vehicles hacks and the subsequent recalls and unwanted attention from regulators and mainstream media, insecure software poses a very real threat to the automotive industry.

    Join Chris Rommel of VDC Research and John Jacott of Synopsys’ Software Integrity Group as they explore the mounting software challenges faced by OEMs and their suppliers. Learn how the automotive industry can adapt by leveraging existing solutions and best practices to drive down risk while maintaining agility and the innovative edge that modern technology affords.
  • Practical Steps to Improve Testing Agility Recorded: Nov 18 2015 58 mins
    Jon Jarboe (Senior Technical Marketing Manager, Synopsys)
    There are plenty of good ideas for improving the testing process, but many teams struggle to put these ideas into practice. How can a QA team make the most of testing practices that span multiple teams and development phases, utilize different technologies, address different objectives and include automated and manual workflows?

    Listen in to learn how Synopsys can help your team take practical steps to improve testing by:
    -Enabling developers to improve code quality and security, early
    -Prioritizing testing runs based on business risk and the impact of product changes
    -Addressing important testing gaps while avoiding redundant testing
  • Managing Security in IoT: Vulnerabilities in the Cyber Supply Chain Recorded: Mar 24 2015 61 mins
    Mikko Varpiola (Co-Founder, Codenomicon), Tyler Shields (Sr Analyst, Forrester), Todd Carpenter (Chief Engineer, Adventium)
    Modern software development practices dominated by component-based engineering and short development cycles have largely been a catalyst for rapid advancements in technology. These practices, however, have also resulted in an epidemic of known vulnerabilities baked into third-party software components of IoT applications and devices. These widespread security flaws, many of which are critical in nature, often remain unnoticed or unaddressed throughout the software or device lifecycle, posing significant risks to the people and organizations that rely on them.

    As software continues to permeate the ever-expanding Internet of Things, software vulnerabilities represent a greater and greater threat. IoT devices, like traditional computers, run on software that is susceptible to malicious attacks. As more devices become connected, understanding how to identify and manage security vulnerabilities within widely used third-party software components is critical for all stakeholders, including manufacturers and end-users.

    In this webinar, our diverse panel of security experts will:
    •Propose an expanded definition and understanding of IoT and the stakeholders at risk
    •Present research highlighting the pervasiveness of vulnerabilities in third-party software components of IoT devices
    •Draw some conclusions about the state of software security in IoT today
    •Discuss some simple approaches to addressing these problems
  • Control Systems & IoT: Business Opportunities and Cybersecurity Challenges Recorded: Jan 22 2015 63 mins
    Mike Ahmadi (Critical System Security, Codenomicon); Billy Rios (Founder, Laconicly); Frank Gillett (Forrester)
    In an age of connectivity, the ever-expanding Internet of Things has evolved to encompass control systems that govern physical processes such as food production, chemical production, energy production, defense systems, and safety systems. As with other IoT devices, remote connectivity enhances the functionality and efficiency of control systems, paving the way for new opportunities. However, the vast majority of control systems in use today were not designed with connectivity in mind and are vulnerable to malicious cyber attacks. As many of these systems are critical in nature, introducing them into a networked environment presents as many security challenges as it does advantages. Join Codenomicon and our esteemed guests for an engaging discussion about the business opportunities, challenges, and shifting approach to risk management posed by control systems in the Internet of Things.
  • Identifying and Managing Vulnerabilities in Health Care Recorded: Nov 13 2014 64 mins
    Mike Ahmadi (Medical Device Security, Codenomicon); Debra Bruemmer (Security Analyst, Mayo Clinic); Skip Snow (Forrester)
    The nearly blinding pace of technology growth in health care has led to networks of systems and devices that not only help support and maintain human lives, but have also taken on some of the characteristics of the biological systems they interact with. As the patient changes so do the medical devices connected to the patient, and so does the network connected to the medical devices. This interconnected system of man and technology has led to an environment where vulnerabilities in the technological systems can lead to dire consequences for the patient. Like the human systems technology must interact with, the technological systems need to be managed throughout their entire lifecycle, from inception to retirement. Please join this session for an overview of how vulnerabilities can be discovered, and what we need to do to continue managing vulnerabilities throughout the lifecycle of a healthcare system.
  • How Codenomicon Discovered Heartbleed Solutions For Protecting Your Organization Recorded: Apr 24 2014 64 mins
    Ari Takanen, Co-Founder, Chief Research Officer, Mikko, Varpiola, Co-Founder, Developer, Sami Petajasoja, Vice President APAC
    Presented by the experts with the facts.

    The Inside Story of the Discovery, the Timeline and Solutions to Protect Your Organization. Finally, All of Your Questions Answered.

    Join the conversation and get the latest Heartbleed updates by following @CodenomiconLTD
Application security is a journey.
We go beyond traditional application testing to empower you to build security into your software at every stage of your development process. We offer application testing and remediation expertise, guidance for structuring a software security initiative, training, and professional services for a proactive approach to application security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Identifying and Managing Vulnerabilities in Health Care
  • Live at: Nov 13 2014 7:00 pm
  • Presented by: Mike Ahmadi (Medical Device Security, Codenomicon); Debra Bruemmer (Security Analyst, Mayo Clinic); Skip Snow (Forrester)
  • From:
Your email has been sent.
or close