Threat Modeling Smart Buildings, Security and GDPR

Smart Buildings and the technology that makes them smart have been hitting the news over the last few years, with several headlines this year alone. The EU GDPR not only clarifies where breach impacts personal data, but also implies additional safeguards data controllers, data processors and even vendors need to put into place to protect personal data.

This session will clarify elements of the GDPR related to Smart Buildings, the roles different actors can play in their responsibilities to safeguard personal data, and a way to get started on Threat Modelling Smart Buildings.

The session is loosely based on a White paper written jointly by the speaker (with James Willison) on GDPR and large scale IoT projects.

Download presentation [3.74 MB]


Sarb Sembhi, CTO / CISO at Virtually Informed

D1 T1 16:00

Sarb is the CTO & CISO at Virtually Informed and has previously been a CTO & CISO for the Noord Group. Also, he has worked as a consultant covering most issues in risk and security. Sarb’s contributions to the industry include the London Chamber of Commerce and Industry Defence and Security Committee and its Cybersecurity working group, an Advisor to the Internet of Things Security Foundation, Smart Buildings working group. Other contributions include: Past President of the ISACA London Chapter, Chair of ISACA International GRA Region 3 Sub-Committee, Chair of ISACA International GRA Committee, ISSA UK Advisory Group member, InfoSecurity Magazine Editorial Group member.

Sarb has also served on several Security Standards Groups and continues to write and speak at risk and security events around the world. Sarb was shortlisted in the IFSEC Global Most Influential people in Cyber security 2018: 
Sarb has contributed to and written several white papers including the most recent one on Large scale IoT Projects (smart buildings and smart cities) and GDPR compliance available in June 2018.