A Practical Guide to Complying with SB-327 (Information Privacy of Connected Devices)

Presented at Global AppSec - DC 2019, Sept. 13, 2019, 11:30 a.m. (45 minutes).

Senate Bill 327 sets a new standard for the security and privacy of connected devices. It will come into force in January 2020. The way connected devices are defined in this bill is broad. The effect of the law is not limited to a state since it is not justifiable, or in many cases feasible, for a typical manufacturer to launch different products in different geo-locations within a country. During the talk, several questions around the scope and applicability of the law are rigorously analyzed and answered after careful examination of the possible scenarios and products. The talk presents categories of 'appropriate' security features to take into consideration, and provides a taxonomy of security controls applicable in various cases and scenarios. The audience will leave the talk with practical steps and guidelines as of how they can comply with the regulation.


Presenters:

  • Farbod H Foomany - Security Compass
    Farbod H Foomany is a technical lead (of security research) at Security Compass. He has degrees in electrical engineering (control systems), computer engineering (artificial intelligence), and has completed a PhD with main research on security aspects of using voice-print and other biometrics in criminological and security applications. Farbod has been involved in various academic research and industry projects in the areas of smart card Java application development, Java EE based enterprise e-banking application development, privacy and security in software development, secure design of enterprise applications, advanced signal processing techniques in biomedical engineering (MRI and CDI) and evaluation of various aspects of Biometric identification (including social impacts and privacy factors). Farbod has published and presented his work on signal processing and security in several IEEE conferences and journals, ISACA journal, crime science conferences and networks, IAPP conference and OWASP AppSec Conferences.

Links:

Similar Presentations: