This document summarizes a workshop on the National Strategy for Trusted Identities in Cyberspace (NSTIC). The workshop agenda includes presentations on NSTIC pilots testing multifactor authentication, attribute exchange networks, and privacy-preserving authentication. It also covers the Identity Ecosystem Steering Group, the Federal Cloud Credential Exchange, and NSTIC's relationship to the National Cybersecurity Center of Excellence. The document discusses how NSTIC aims to address barriers in the identity marketplace around security, business models, usability, liability, interoperability and privacy by acting as a convener rather than implementing its own identity program. It outlines NSTIC's implementation strategy of private sector leadership and federal support through standards development,
Presentation from the 2016 Scalar Security Study Roadshow, highlighting the findings from the second annual Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, which examines trends among Canadian organizations in dealing with growing cyber threats.
Etude PwC sécurité de l’information et protection des données (2014)PwC France
http://pwc.to/1gXASnC
Le "Global State of Information Security 2012" est une étude mondiale de PwC, du CIO Magazine et du CSO Magazine. C’est la 15ème année consécutive que PwC réalise cette enquête par PwC, et la 9ème année avec “CIO magazine” et “CSO magazine”. Plus de 9 600 réponses de PDG, Directeurs Financiers, DSI, RSSI et responsables IT et sécurité, répartis dans 115 pays. 36% des répondants sont d’Amérique du Nord, 26% d’Europe, 21% d’Asie-Pacifique, 16% d’Amérique du Sud, et 2% du Moyen-Orient et de l’Afrique.
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
Executive Summary of the 2016 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2016. The full report can be downloaded at: scalar.ca/security-study-2016/
CynergisTek’s Survey Data Reveals Leading Cybersecurity Concerns for Healthcare Organization Executives.
Client-Conference Data Unveils That Risks Associated with Internet of Things, Medical Devices, Third-Party Vendors, and Program Management are Top of Mind for Security Executives, Yet Action is Lagging
McAfee Labs explores top threats expected in the coming year.
Welcome to the McAfee Labs 2017 Threats Predictions
report. We have split this year’s report into two sections.
The first section digs into three very important topics,
looking at each through a long lens.
The second section makes specific predictions about
threats activity in 2017. Our predictions for next year
cover a wide range of threats, including ransomware,
vulnerabilities of all kinds, the use of threat intelligence
to improve defenses, and attacks on mobile devices.
6º Resseguro - A Evolução do Risco Cibernético e seu Impacto no Seguro - Kara...CNseg
Palestra apresentada por Kara Owens no 6º Encontro de Resseguro do Rio de Janeiro, realizado nos dias 5 e 6 de abril de 2017, no hotel Sofitel Copacabana.
Presentation from the 2016 Scalar Security Study Roadshow, highlighting the findings from the second annual Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, which examines trends among Canadian organizations in dealing with growing cyber threats.
Etude PwC sécurité de l’information et protection des données (2014)PwC France
http://pwc.to/1gXASnC
Le "Global State of Information Security 2012" est une étude mondiale de PwC, du CIO Magazine et du CSO Magazine. C’est la 15ème année consécutive que PwC réalise cette enquête par PwC, et la 9ème année avec “CIO magazine” et “CSO magazine”. Plus de 9 600 réponses de PDG, Directeurs Financiers, DSI, RSSI et responsables IT et sécurité, répartis dans 115 pays. 36% des répondants sont d’Amérique du Nord, 26% d’Europe, 21% d’Asie-Pacifique, 16% d’Amérique du Sud, et 2% du Moyen-Orient et de l’Afrique.
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
Executive Summary of the 2016 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2016. The full report can be downloaded at: scalar.ca/security-study-2016/
CynergisTek’s Survey Data Reveals Leading Cybersecurity Concerns for Healthcare Organization Executives.
Client-Conference Data Unveils That Risks Associated with Internet of Things, Medical Devices, Third-Party Vendors, and Program Management are Top of Mind for Security Executives, Yet Action is Lagging
McAfee Labs explores top threats expected in the coming year.
Welcome to the McAfee Labs 2017 Threats Predictions
report. We have split this year’s report into two sections.
The first section digs into three very important topics,
looking at each through a long lens.
The second section makes specific predictions about
threats activity in 2017. Our predictions for next year
cover a wide range of threats, including ransomware,
vulnerabilities of all kinds, the use of threat intelligence
to improve defenses, and attacks on mobile devices.
6º Resseguro - A Evolução do Risco Cibernético e seu Impacto no Seguro - Kara...CNseg
Palestra apresentada por Kara Owens no 6º Encontro de Resseguro do Rio de Janeiro, realizado nos dias 5 e 6 de abril de 2017, no hotel Sofitel Copacabana.
Scalar security study2017_slideshare_rev[1]Tracey Ong
Highlights of the 2017 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2017. The full report can be downloaded at scalar.ca/en/landing/2017-scalar-security-study/
Organizations continue to struggle to connect the dots and extract meaningful insight from the growing volume and variety of data in Hadoop.
Our Solution: Data Refinement, Entity Resolution and Analysis: Novetta Entity Analytics unifies the data scattered across your systems to give you a single unified view of the people, organizations, locations, and other entities or “things” and their relationships in your enterprise. By revealing the real-world networks, behaviors, and trends of the entities and relationships that exist within corporate data repositories and data silos, you can connect the dots to do completely new things such as enhance the customer experience, do more targeted marketing and reduce the risk of fraud. Novetta Entity Analytics makes Hadoop data useful to anyone using an adaptive process to unify all types of data – regardless of schema – and allows analysts to look at and connect their data in entirely new ways.
The Benefits:
- Accelerate operational insights by constructing complete 360 degree views of a customer, organization, location, product, event, at any volume from any source whether structured or unstructured
- Improve customer service and retention by identifying dissatisfied customers and service problems found in call details, transactions and other volumes of interaction data and documents
- Increase revenues by creating unified customer profiles and relationships to products and services improving cross-sell/up-sell opportunities
- Detect threat and fraud by connecting the dots between people, organizations and events across data sources including transactional details
-Lower costs by solving large complex data integration and management problems using a predictable, linearly scalable platform
OUR DIFFERENTIATORS
Understands unstructured content in context
Uncovers relationships
Finds the signal within the noise
No More Snake Oil: Why InfoSec Needs Security GuaranteesJeremiah Grossman
Ever notice how everything in InfoSec is sold “as is”? No guarantees, no warrantees, no return policies. For some reason in InfoSec, providing customers with a form of financial coverage for their investment is seen as gimmicky, but the tides and times are changing. This talk discusses use cases on why guarantees are a must have and how guarantees benefit customers as well as InfoSec as a whole.
State of Endpoint Security: The Buyers MindsetCrowdStrike
Where is endpoint security headed? How do your priorities and capabilities compare to those of your peers?
As the battle against breaches rages on, many enterprises are focused on revamping their endpoint security strategy – from enhancing efficacy to reducing complexity and agent bloat. A new webcast, “State of the Endpoint: The Buyer Mindset,” discusses the current state of endpoint security and offers insights from an all-star panel of thought leaders, including Internationally recognized cybersecurity leader and CrowdStrike Co-founder Dmitri Alperovitch, VP of Product Marketing Dan Larson, and other experts as they discuss today’s most important security issues. Join them as they explore the findings from a new research report, “Trends in Endpoint Security: A State of Constant Change,” a study conducted by ESG and commissioned by CrowdStrike and other technology vendors. The panel will provide their impressions of the data in the survey and how the viewpoints revealed mesh with current technology trends, offering insights that can help inform your security strategy going forward.
Join this webcast to learn:
-The current state of Antivirus (AV) including how many organizations are choosing to change vendors and why
-Best of breed vs. comprehensive suites – which approach do your peers prefer and what are the advantages and challenges of each?
-How solutions are affecting endpoints and your IT Security peers, including the increase in agents installed and the impact of increased complexity
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...Scalar Decisions
Highlights of the 2016 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2016. The full report can be downloaded at: scalar.ca/security-study-2016
Haystax carbon for Insider Threat Management & Continuous EvaluationHaystax Technology
Haystax Technology, Inc. provides next-generation intelligence and analytics solutions that deliver up to the minute situational awareness and actionable intelligence for the public and commercial sectors. Haystax uses a combination of software and human analysis to turn large, disparate and unstructured data volumes into comprehensive and actionable information. In essence, these technologies allow users to find “the needle in the haystack” quickly and reliably.
Why the DoD Uses Advanced Network-traffic Analytics to Secure its NetworkNovetta
Advanced network-traffic analytics changed the way many of the largest agencies within the Department of Defense handle their cyber security efforts, and we've just published a whitepaper describing why and how. The paper provides important information about how an enterprise can significantly reduce damages caused by sophisticated attackers, including:[clear]
A description of the limitations of today’s security solutions and how advanced network-traffic analytics can help improve enterprise security.
Two case studies about how the Department of Defense benefits today from advanced analytics.
A high-level review of the technical architecture of an advanced network analytics solution and how it can be used to thwart attacks.
A discussion of how enterprises and their security teams will benefit from a network-traffic analytics approach to enterprise security.
Applying advanced analytic techniques to enable rapid real-time enterprise threat intelligence and awareness. This presentation looks at how data + algorithms can help enterprises improve their overall threat posture.
Adobe conducted a first-of-its-kind survey of more than 500 private and public sector cybersecurity professionals in the United States to explore their awareness and understanding of public policy developments and gauge how those public policy developments impact their jobs on a daily basis.
Demonstrating Information Security Program EffectivenessDoug Copley
Doug Copley outlines how to demonstrate progress of your information security program, how to display metrics and provides some sample scorecards and dashboards.
Curious about the US National Strategy for Trusted Identities in Cyberspace (NSTIC) and its private sector-lead partner the Identity Ecosystem Steering Group (IDESG)? Look no further. Here is the deck I used to give an update at the Kantara workshop at the Identity Relationship Management Summit.
Scalar security study2017_slideshare_rev[1]Tracey Ong
Highlights of the 2017 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2017. The full report can be downloaded at scalar.ca/en/landing/2017-scalar-security-study/
Organizations continue to struggle to connect the dots and extract meaningful insight from the growing volume and variety of data in Hadoop.
Our Solution: Data Refinement, Entity Resolution and Analysis: Novetta Entity Analytics unifies the data scattered across your systems to give you a single unified view of the people, organizations, locations, and other entities or “things” and their relationships in your enterprise. By revealing the real-world networks, behaviors, and trends of the entities and relationships that exist within corporate data repositories and data silos, you can connect the dots to do completely new things such as enhance the customer experience, do more targeted marketing and reduce the risk of fraud. Novetta Entity Analytics makes Hadoop data useful to anyone using an adaptive process to unify all types of data – regardless of schema – and allows analysts to look at and connect their data in entirely new ways.
The Benefits:
- Accelerate operational insights by constructing complete 360 degree views of a customer, organization, location, product, event, at any volume from any source whether structured or unstructured
- Improve customer service and retention by identifying dissatisfied customers and service problems found in call details, transactions and other volumes of interaction data and documents
- Increase revenues by creating unified customer profiles and relationships to products and services improving cross-sell/up-sell opportunities
- Detect threat and fraud by connecting the dots between people, organizations and events across data sources including transactional details
-Lower costs by solving large complex data integration and management problems using a predictable, linearly scalable platform
OUR DIFFERENTIATORS
Understands unstructured content in context
Uncovers relationships
Finds the signal within the noise
No More Snake Oil: Why InfoSec Needs Security GuaranteesJeremiah Grossman
Ever notice how everything in InfoSec is sold “as is”? No guarantees, no warrantees, no return policies. For some reason in InfoSec, providing customers with a form of financial coverage for their investment is seen as gimmicky, but the tides and times are changing. This talk discusses use cases on why guarantees are a must have and how guarantees benefit customers as well as InfoSec as a whole.
State of Endpoint Security: The Buyers MindsetCrowdStrike
Where is endpoint security headed? How do your priorities and capabilities compare to those of your peers?
As the battle against breaches rages on, many enterprises are focused on revamping their endpoint security strategy – from enhancing efficacy to reducing complexity and agent bloat. A new webcast, “State of the Endpoint: The Buyer Mindset,” discusses the current state of endpoint security and offers insights from an all-star panel of thought leaders, including Internationally recognized cybersecurity leader and CrowdStrike Co-founder Dmitri Alperovitch, VP of Product Marketing Dan Larson, and other experts as they discuss today’s most important security issues. Join them as they explore the findings from a new research report, “Trends in Endpoint Security: A State of Constant Change,” a study conducted by ESG and commissioned by CrowdStrike and other technology vendors. The panel will provide their impressions of the data in the survey and how the viewpoints revealed mesh with current technology trends, offering insights that can help inform your security strategy going forward.
Join this webcast to learn:
-The current state of Antivirus (AV) including how many organizations are choosing to change vendors and why
-Best of breed vs. comprehensive suites – which approach do your peers prefer and what are the advantages and challenges of each?
-How solutions are affecting endpoints and your IT Security peers, including the increase in agents installed and the impact of increased complexity
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...Scalar Decisions
Highlights of the 2016 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2016. The full report can be downloaded at: scalar.ca/security-study-2016
Haystax carbon for Insider Threat Management & Continuous EvaluationHaystax Technology
Haystax Technology, Inc. provides next-generation intelligence and analytics solutions that deliver up to the minute situational awareness and actionable intelligence for the public and commercial sectors. Haystax uses a combination of software and human analysis to turn large, disparate and unstructured data volumes into comprehensive and actionable information. In essence, these technologies allow users to find “the needle in the haystack” quickly and reliably.
Why the DoD Uses Advanced Network-traffic Analytics to Secure its NetworkNovetta
Advanced network-traffic analytics changed the way many of the largest agencies within the Department of Defense handle their cyber security efforts, and we've just published a whitepaper describing why and how. The paper provides important information about how an enterprise can significantly reduce damages caused by sophisticated attackers, including:[clear]
A description of the limitations of today’s security solutions and how advanced network-traffic analytics can help improve enterprise security.
Two case studies about how the Department of Defense benefits today from advanced analytics.
A high-level review of the technical architecture of an advanced network analytics solution and how it can be used to thwart attacks.
A discussion of how enterprises and their security teams will benefit from a network-traffic analytics approach to enterprise security.
Applying advanced analytic techniques to enable rapid real-time enterprise threat intelligence and awareness. This presentation looks at how data + algorithms can help enterprises improve their overall threat posture.
Adobe conducted a first-of-its-kind survey of more than 500 private and public sector cybersecurity professionals in the United States to explore their awareness and understanding of public policy developments and gauge how those public policy developments impact their jobs on a daily basis.
Demonstrating Information Security Program EffectivenessDoug Copley
Doug Copley outlines how to demonstrate progress of your information security program, how to display metrics and provides some sample scorecards and dashboards.
Curious about the US National Strategy for Trusted Identities in Cyberspace (NSTIC) and its private sector-lead partner the Identity Ecosystem Steering Group (IDESG)? Look no further. Here is the deck I used to give an update at the Kantara workshop at the Identity Relationship Management Summit.
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
El panorama de amenazas en evolución basado en nuestro ISTR (Reporte de Anual de Amenazas en Internet Vol. 24) recientemente publicado, refleja las últimas tendencias y cómo se aplican a Colombia y América Latina. Las principales tendencias de transformación digital, como la nube y la movilidad, junto con los nuevos desafíos de seguridad han cambiado el panorama de ciberseguridad por lo que la estrategia debe enfocarse en términos de riesgos clave, regulaciones y hallazgos sobre la madurez de la seguridad. Recomendaciones para enfocar y mejorar las posturas de ciberseguridad para abordar estas tendencias, incluidos los marcos clave, las tecnologías, los procesos y los cambios culturales son parte integral de los pasos a seguir.
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
Many law firms would suffer greatly from being breached due
to the extreme sensitive data they are handling on a daily basis.
Any cyber attack in this sector can be catastrophic so do lawyers
feel ready to stand against the rising tide of cybercrime?
With this in mind, Symantec, in conjunction with the law
publication Managing Partner, conducted a study into how law firms see cyber security.
Don’t be fooled by vague claims about data protection—especially in the cloud. HITRUST Common Security Framework (CFS) is the gold standard for data security and compliance. While security guidelines, like HIPAA, use phrases like “reasonable and appropriate” protection, HITRUST provides clear and actionable guidance for risk management. It’s the only certifiable framework that includes HIPAA, PCI, ISO, and NIST controls—here’s how you can benefit.
Takeaways & Learning Objectives
What is HITRUST CSF, and how does it differ from regulations like HIPAA?
How can your organization leverage HITRUST?
Best practices for secure cloud deployments
Join OnRamp’s VP of Product, Toby Owen, and OnRamp’s Head of Information Security, Nikola Todev in an educational and interactive session
Corporate Treasurers Focus on Cyber SecurityJoan Weber
Treasury departments at large U.S. companies rank IT security as their top priority for 2015 - ahead of such critical issues as cost management and regulatory/compliance challenges.
These finding come from the results Greenwich Associates 2014 U.S. Large Corporate Finance Study, for which the firm interviewed CFOs or treasury department representatives at more than 500 large U.S. companies.
The study results suggest that U.S. companies are taking action to address security concerns and other IT issues with 63% of the participants saying their treasury departments will increase technology spending in the year ahead.
Protect your confidential information while improving servicesCloudMask inc.
Over the last few decades, the financial sector has outgrown banks, as financial engineering, digital money and regulatory changes have evolved. Assets managed by financial firms (equity and various types of debt) are larger, as corporate debt has surpassed federal, state and local government’s debt. The US banks’ share of assets under management (AUM) accordingly declined from 58% in 1907 to 27% in 2008, while pension, mutual funds and non-depository firms (e.g., private equity and hedge funds) have grown substantially.
10 Steps for Taking Control of Your Organization's Digital Debris Perficient, Inc.
Do you have too much old information, but not enough guidance to begin the task of cleaning out your data stores? Join Perficient to learn 10 tips for creating a strategic roadmap to take control of your information and uncover the technology that can support your efforts, including how to:
Stop keeping everything forever
Create an information governance and disposal policy before implementing technology
Automate information management to improve employee productivity
Prepare a discovery response plan
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
With the exponential growth of data generation and collection stemming from new business models fueled by Big Data, cloud computing and the Internet of Things, we are potentially creating a cybercriminal's paradise where there are more opportunities than ever for that data to end up in the wrong hands. The biggest challenge in this interconnected world is merging data security with data value and productivity. If we are to realize the benefits promised by these new ways of doing business, we urgently need a data-centric strategy to protect the sensitive data flowing through these digital business systems. In this webinar, Ulf Mattsson explores these issues and provides solutions to bring together data insight and security to safely unlock the power of digital business.
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
The Cloud Identity Summit was founded by Ping Identity with support from industry leaders in 2010 to bring together the brightest minds across the identity and security industry. Today the event is recognized as the world’s premier identity industry conference and includes tracks from industry thought leaders, CIOs and practitioners. Cloud Identity Summit serves as a multi-year roadmap to deploy solutions that are here today but built for the future. For more info, go to www.cloudidentitysummit.com.
Be apart of the convo on Twitter: @CloudIDSummit + #CISNOLA
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
In an ever interconnected and inter-reliant world, the state of security has been a cause for deep pessimism. In the midst of all the gloom, there is good cause for optimism.
With some fits and starts, the building blocks for transforming mobile security are taking shape at every level from the processor, to the chipset to special purpose hardware to operating systems and protocols that address use cases from device integrity to user authentication to payments.
How do we think about security, privacy, identity and authentication in this world? This talk will provide a rapid overview of some selected building blocks and some practical examples that are now deployed at scale to illustrate the coming wave and how you as a practitioner or customer can participate and position yourself for maximum benefit.
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
Does anybody remember seeing a big red button with the word “PANICK!” written on it? I know it was around here somewhere. Also, there’s all these cats running pell-mell around the place, can someone give me a hand in herding them?
In this real-world case study, come and learn how a Fortune 100 with a diverse and extremely mobile work-force was able to turn up strong authentication protections for our critical cloud resources, and how the IT department lived to tell the tale. You’ll hear about the technical implementation of strong authentication enforcement, and how we made key design decisions in the ongoing balancing act between security and user experience, and how we managed up-and-down the chain from executive stakeholders to the boots-on-the-ground who were being asked to join us on this new security adventure.
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
This session will review digital identity’s transition from vulnerable authentication methods and what Microsoft and others are doing to address the hard problems associated with managing and protecting digital identities.
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
You'll laugh, you'll cry, and you might even pick up a useful nugget or two listening to a real-world enterprise IT architect share the experiences of the past year trying to support his business migrating to cloud services, and sharing the lessons learned from trying to integrate 2 hybrid enterprises into a single, streamlined company. You'll hear where the cloud came through for us, and how we often had to fall back to on-prem services such as FIM, Ping Federate, and ADFS to make the glue which binds it all together.
A "from the trenches" view into how GE is using federation standards to abstract & harden our growing cloud WAM platform. Topics covered: GE's approach to OpenID Connect for cross platform authentication (web, mobile), 2) GE's API management platform for API publishing, subscription & security, 3) how the two work together, 4) lessons learned & areas for improvement.
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
The IAM program needs to align behind the shift towards ITaaS, building the platform for execution and supporting transformation and migration activities. CIOs should keep informed through a relevant IAM capability roadmap in order to make calculated decisions on where investments should be made. Ongoing investments in the IAM program are crucial in order to fill capability gaps, keep up-to-date with support and license agreements and make opportunistic progress on the strategic roadmap. In this talk, Steve discusses recent experiences and lessons learned in preparing for and pitching VMware’s CIO on enterprise IAM program initiatives.
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
Companies and researchers are exploring ways to make software and hardware development easier for the masses. Soon you will be able to build your own autonomous drone, create a sensor that assess the watering needs of your plants, and develop a cat tracking device with minimal coding and hardware skills.
What is the place of security and privacy in this exciting development?
Are we building the next generation of Internet security vulnerabilities right now?
In his talk Hannes Tschofenig will highlight challenges with Internet of Things, what role standardization plays, and what contributions ARM, a provider of microprocessor IP, is making to improve IoT security.
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
The IDaaS (identity as a service) market segment continues to grow in popularity, and the scope of its vendor's capabilities continue to grow as well. It's still not a match for everyone, however. Join identity architect Sean Deuby for an overview of the most popular IDaaS deployment scenarios, scenarios where IDaaS has a tougher time meeting customer requirements, and whether your company is likely to find its perfect IDaaS mate.
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
In the past Enterprise Mobility Management (EMM) has focused primarily on MDM, MAM and MCM. Recently there has been a lot of focus on the fourth pillar of EMM - Mobile Identity Management (MIM). This session will cover the primary use cases and discuss current solutions available for managed/un-managed, internal/public and mobile/web apps for iOS/Android devices.
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
This talk will review the breadth of the Internet of Things (IoT), the challenges of Identity Management and the IoT and the impact to Industrial Enterprise.
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
Are you in a situation where you have two business units (maybe because of a merger) that have their own Federation solutions and now you need to share access to SaaS resources among the 2 workforces. But you don't want to have to setup to separate SaaS connections to the same vendor and you want to manage this connection on premises instead of in the Cloud. We can help with that, come see how!
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
Centralized session management has long been a goal of Web Access Management systems: the idea that one session can give end users access to dozens of protected applications with a seamless SSO experience, and terminating it (either by the end user themselves, or by an administrator) cuts off access instantly. It’s a nice dream isn’t it? Turns out that while most WAM products claim they can do this, when deployment time comes around (especially in globally distributed organizations) serious security and scalability challenges emerge that make it unfeasible. In this “session”, come and learn our vision for deploying session management at scale and see how Ping Identity has implemented it in our Federated Access Management solution.
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
Are you asking yourself how do I take my inhouse application and make it available to internal users, partners or customers using SSO and access management technologies? Oh, and you don't want it to be a 6 month project? No problem. Come and find out how to leverage your existing investments and move to modern standards like OpenID Connect, without having to rip and replace infrastructure. Learn the capabilities and tradeoffs you can make to deploy the right level of identity and access management infrastructure to match your security needs.
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
Devices need owners, people need confidence in device authenticity, data needs to persist in systems long after devices change hands, and access needs to be authorized selectively. That's a lot to ask; even if emerging web identity and security technologies are simpler than the models of yesteryear, IoT devices have complicating limitations when it comes to processing power, memory, user interface, and connectivity. But many use cases span web and IoT environments, so we must try! What are the specific requirements? What elements of web technologies can we borrow outright? What elements may need tweaking?
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
КАТЕРИНА АБЗЯТОВА «Ефективне планування тестування ключові аспекти та практ...QADay
Lviv Direction QADay 2024 (Professional Development)
КАТЕРИНА АБЗЯТОВА
«Ефективне планування тестування ключові аспекти та практичні поради»
https://linktr.ee/qadayua
UiPath New York Community Day in-person eventDianaGray10
UiPath Community Day is a unique gathering designed to foster collaboration, learning, and networking with automation enthusiasts. Whether you're an automation developer, business analyst, IT professional, solution architect, CoE lead, practitioner or a student/educator excited about the prospects of artificial intelligence and automation technologies in the United States, then the UiPath Community Day is definitely the place you want to be.
Join UiPath leaders, experts from the industry, and the amazing community members and let's connect over expert sessions, demos and use cases around AI in automation as we highlight our technology with a special speaker on Document Understanding.
📌Agenda
3:00 PM Registrations
3:30 PM Welcome note and Introductions | Corina Gheonea (Senior Director of Global UiPath Community)
4:00 PM Introduction to Document Understanding
How to build and deploy Document Understanding process
Where would Document Understanding be used.
Demo
Q&A
4:45 PM Customer/Partner showcase
Accelirate
Intro to Accelirate and history with UiPath
Why are we excited about the new AI features of UiPath?
Customer highlight
a. Document Understanding – BJs Case Study
b. Document Understanding + generative AI
5.30 PM Networking
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
1. 1
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
NSTIC
in
Mo+on
Pilots,
Policy
and
Progress
Jeremy
Grant
Senior
Execu+ve
Advisor,
Iden+ty
Management
Na+onal
Ins+tute
of
Standards
and
Technology
(NIST)
2. 2
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
NSTIC
Workshop
Agenda
Sessions
1pm
Part
1
• “The
State
of
the
NSTIC”
–
Jeremy
Grant
• Pilot
Report
#1:
MFA
in
the
Commercial
Sector
–
Cathy
Tilton,
Daon
2pm
Part
2
• Pilot
Report
#2:
AKribute
Exchange
Network
–
Dave
Coxe,
Criterion
Systems
• Pilot
Report
#3:
Scalable
Privacy
and
MFA
–
Ken
Klingenstein,
Internet2
3pm
Part
3
• Iden%ty
Ecosystem
Steering
Group
(IDESG)
–
Bob
Blakely,
Ci%group
• Federal
Cloud
Creden%al
Exchange
(FCCX)
–
Jeremy
Grant
(NIST)
and
Doug
Glair
(USPS)
• NSTIC
and
the
Na%onal
Cybersecurity
Center
of
Excellence
(NCCoE)
–
Nate
Lesser
(NIST)
• Discussion
and
Perspec%ves
4. 4
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
Imagine
if…
Four
years
from
now,
80%
of
your
customers
arrived
at
your
website
already
holding
a
secure
creden+al
for
iden+fica+on
and
authen+ca+on
–
and
you
could
trust
this
creden+al
in
lieu
of
your
exis+ng
username/password
system.
Interoperable
with
your
login
system
(you
don’t
have
to
issue
creden%als)
Mul%-‐factor
authen%ca%on
(no
more
password
management)
Tied
to
a
robust
iden%ty
proofing
mechanism
(you
know
if
they
are
who
they
claim
to
be)
With
baked-‐in
rules
to
limit
liability
and
protect
privacy
5. 5
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
What
would
this
mean…
For
Security
and
Loss
Preven+on?
• 5
of
the
top
6
vectors
of
aKack
in
2011
data
breaches
%ed
to
passwords;
76%
of
all
2012
records
breached
%ed
to
passwords.
• The
number
of
Americans
impacted
by
data
breaches
rose
67%
from
2010
to
2011
• Weak
iden%ty
systems
fuel
online
fraud,
make
it
impossible
to
know
who
is
a
“dog
on
the
Internet”
For
Reducing
Fric+on
in
Online
Commerce?
• Today,
75%
of
customers
will
avoid
crea%ng
new
accounts.
54%
leave
the
site
or
do
not
return
• Today,
45%
of
consumers
will
abandon
a
site
rather
than
aKempt
to
reset
their
passwords
or
answer
security
ques%ons
6. 6
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
Two
years,
two
months
and
24
days
ago…
An
Iden+ty
Ecosystem…with
4
Guiding
Principles
• Privacy-‐Enhancing
and
Voluntary
• Secure
and
Resilient
• Interoperable
• Cost-‐Effec%ve
and
Easy
To
Use
7. 7
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
There
is
a
marketplace
today
–
but
there
are
barriers
the
market
has
not
yet
addressed
on
its
own
Why
NSTIC?
8. 8
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
Barriers:
Security
is
a
big
issue
Source:
2012
Data
Breach
Inves%ga%ons
Report,
Verizon
and
USSS
2011:
5
of
the
top
6
aKack
vectors
are
%ed
to
passwords
2010:
4
of
the
top
10
9. 9
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
Business
Models
But
–
it’s
not
all
about
security
Usability
Liability
Interoperability
Privacy
Source:
xkcd
10. 10
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
There
is
a
marketplace
today
–
but
there
are
barriers
the
market
has
not
yet
addressed
on
its
own.
Government
can
serve
as
a
convener
and
facilitator,
and
a
catalyst.
Why
NSTIC?
11. 11
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
Our
Implementa+on
Strategy
12. 12
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
We don’t want to boil the ocean.
13. 13
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
Let’s go surfing where the waves are…
NSTIC
14. 14
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
Private
sector
will
lead
the
effort
Federal
government
will
provide
support
• Not
a
government-‐run
iden%ty
program
• Private
sector
is
in
the
best
posi%on
to
drive
technologies
and
solu%ons…
• …and
ensure
the
Iden%ty
Ecosystem
offers
improved
online
trust
and
beKer
customer
experiences
• Support
development
of
a
private-‐sector
led
governance
model
• Facilitate
and
lead
development
of
interoperable
standards
• Provide
clarity
on
na%onal
policy
and
legal
issues
(i.e.,
liability
and
privacy)
• Fund
pilots
to
s%mulate
the
marketplace
• Act
as
an
early
adopter
to
s%mulate
demand
What
does
NSTIC
call
for?
18. 18
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
…I
now
am
managing
one-‐off
2FA
solu+ons
for
19. 19
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
NSTIC
has
funded
5
pilots…with
more
coming
AAMVA
• Focus:
Develop
public-‐private
partnership
to
strengthen
private-‐sector
creden%als
with
aKributes
from
a
state
DMV
• Virginia
DMV,
Microsom,
CA,
AT&T
are
key
partners
• Coming
soon:
an
important
health
care
RP
Daon
• Focus:
deploy
smartphone
based,
mul%-‐
factor
authen%ca%on
to
consumers
• AARP,
PayPal,
Purdue
are
key
relying
par%es
• A
major
bank
(not
yet
publicly
named)
will
also
be
an
RP
Criterion
• Focus:
develop
a
viable
business
model
for
Iden%ty
Ecosystem
and
aKribute
exchange
• Broadridge
Financial,
eBay,
Wal-‐Mart,
AOL,
Verizon,
GE,
Experian,
Lexis
Nexis,
Ping,
CA,
PacificEast
are
key
partners
Internet2
• Focus:
deploy
smartphone
based,
mul%-‐
factor
authen%ca%on
across
3
major
universi%es,
integrate
it
with
a
privacy-‐
protec%ng
infrastructure.
• MIT,
University
of
Texas,
University
of
Utah
are
deployment
sites
Resilient
• Focus:
test
“privacy
enhancing”
infrastructure
in
health
care
and
K-‐12
environments.
• AMA,
American
College
of
Cardiology,
LexisNexis,
Neustar,
Knowledgefactor
are
key
partners
20. 20
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
Pilots
lessons
learned
Each
pilot
has
run
into
the
same
challenges
–
underscoring
the
need
for
a
robust
Iden%ty
Ecosystem
Framework.
Common
considera%ons:
o No
standard
way
to
bring
on
new
RP’s
(technical/policy/legal)
o Exis%ng
trust
frameworks
only
go
so
far
o RP’s
struggle
to
sort
out
how
to
apply
risk
assessment
to
determine
creden%al
strength/LOA
(800-‐63
aside,
no
great
alterna%ves)
o Trust
frameworks
do
not
extend
to
aKribute
providers/verifiers
o How
to
ensure
“data
minimiza%on”
in
aKribute
exchange,
when
some
APs
offer
“data
promiscuity”
o How
to
flow
down
consent
requirements
to
end-‐users
in
a
logical
fashion
21. 21
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
The
Iden+ty
Ecosystem
Steering
Group
Source:
Phil
Wolff,
hKp://www.flickr.com/photos/philwolff/7789263898/in/photostream
First
plenary,
August
2012
22. 22
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
The
Iden+ty
Ecosystem
Steering
Group:
Bringing
together
many
types
of
stakeholders
23. 23
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
• 200+
firms/organiza%ons;
60+
individuals
• Elected
Plenary
Chair
(Bob
Blakley/Ci%)
and
Management
Council
Chair
(Peter
Brown);
Elected
16
delegates
to
Management
Council
• Member
firms
include:
Verizon,
Visa,
PayPal,
Fidelity,
Ci%group,
Mass
Mutual,
IBM,
Bank
of
America,
Microsom,
Oracle,
3M,
CA,
Symantec,
Lexis
Nexis,
Experian,
Equifax,
Neiman
Marcus,
Aetna,
Merck,
United
Health,
Intel.
• Also:
AARP,
ACLU,
EPIC,
EFF,
and
more
than
65
universi%es.
Par%cipants
from
12+
countries.
• CommiKees
include:
The
Iden+ty
Ecosystem
Steering
Group
o Standards
o Policy
o Privacy
o User
Experience
o Security
o Trust
Frameworks
&
Trustmarks
o Health
Care
o Financial
Sector
o Interna%onal
Coordina%on
24. 24
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
Linking
Strategy
to
Execu+on
• Voluntary,
mul%-‐stakeholder
collabora%ve
efforts
are
hard.
• What
is
the
art
of
the
possible?
• What
incen%ves
might
be
needed
to
fully
realize
the
NSTIC
vision?
25. 25
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
NSTIC
envisions
the
poten+al
need
for
new
policies
“The
Federal
Government
may
need
to
establish
or
amend
both
policies
and
laws
to
address"
concerns
such
as
"the
uncertainty
and
fear
of
unbounded
liability
that
have
limited
the
market's
growth.”
-‐NSTIC,
page
31
• The
IDESG
Policy
CommiKee
is
reviewing
this
topic
• A
unique
window
of
opportunity
26. 26
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
Ensuring
the
U.S.
Government
can
be
an
early
Adopter
27. 27
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
Making
progress
in
government
is
tough…
29. 29
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
Where
we
started
FICAM
(TFPAP)
TFP
MoUs
Cer+fica+on
Agreements
IdP
IdP
IdP
TFP
Integra%on
???
$$$!!!
RP
RP
RP
RP
Agencies
32. 32
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
New
study
shows
real
USG
cost
savings
from
NSTIC
• Funded
by
NIST
Economic
Analysis
Office
,
conducted
in
partnership
with
the
IRS
• Focus:
cost-‐benefit
analysis
comparing
federa%on
(NSTIC)
approach
vs.
one-‐off
proprietary
authen%ca%on
system
• Looked
at
3
scenarios:
20%,
50%,
70%
adop%on
33. 33
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
New
study
shows
real
USG
cost
savings
from
NSTIC
Key
Findings
• Over
a
10-‐year
period,
IRS
would
save
$63
million
to
$298
million
by
aligning
its
ci%zen-‐facing
iden%ty
and
authen%ca%on
efforts
with
NSTIC
(vs.
building
a
stovepiped,
IRS-‐only
system)
• Up-‐front
adop%on
savings
would
be
$40
million
to
$111
million
• Savings
driven
both
by
avoidance
of
duplica%ve
iden%ty
proofing
and
authen%ca%on
costs,
as
well
as
increased
customer
uptake
of
online
offerings
• Opportunity:
IRS
spent
over
$1
billion
communica%ng
with
taxpayers
on
paper
and
by
telephone
in
2012
35. 35
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
$2
Trillion
The
total
projected
online
retail
sales
across
the
G20
na%ons
in
2016
$2.5
trillion
What
this
number
can
grow
to
if
consumers
believe
the
Internet
is
more
worthy
of
their
trust
$1.5
Trillion
What
this
number
will
fall
to
if
Trust
is
eroded
Trust
mafers
to
online
business
Source:
Rethinking
Personal
Data:
Strengthening
Trust.
World
Economic
Forum,
May
2012.
36. 36
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
Ques+ons?
Jeremy
Grant
jgrant@nist.gov
202.482.3050
Iden+ty
Ecosystem
Steering
Group
www.idecosytem.org
idecosystem@trustedfederal.com
37. 37
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
NSTIC
Workshop
Agenda
Sessions
1pm
Part
1
• “The
State
of
the
NSTIC”
–
Jeremy
Grant
• Pilot
Report
#1:
MFA
in
the
Commercial
Sector
–
Cathy
Tilton,
Daon
2pm
Part
2
• Pilot
Report
#2:
AKribute
Exchange
Network
–
Dave
Coxe,
Criterion
Systems
• Pilot
Report
#3:
Scalable
Privacy
and
MFA
–
Ken
Klingenstein,
Internet2
3pm
Part
3
• Iden%ty
Ecosystem
Steering
Group
(IDESG)
–
Bob
Blakely,
Ci%group
• Federal
Cloud
Creden%al
Exchange
(FCCX)
–
Jeremy
Grant
(NIST)
and
Doug
Glair
(USPS)
• NSTIC
and
the
Na%onal
Cybersecurity
Center
of
Excellence
(NCCoE)
–
Nate
Lesser
(NIST)
• Discussion
and
Perspec%ves
39. 39
Na%onal
Strategy
for
Trusted
Iden%%es
in
Cyberspace
Created
to
administer
the
development
of
policies,
standards,
and
accreditaHon
processes
for
the
Iden&ty
Ecosystem
Framework.
www.idecosystem.org
The
Iden+ty
Ecosystem
Steering
Group