SlideShare a Scribd company logo

56 JULY 2017 WWW.COM.docx

Download as DOCX, PDF
A
alinainglis

The WannaCry ransomware attack infected hundreds of thousands of computers worldwide using vulnerabilities in outdated Microsoft operating systems. It highlighted issues with patching systems and the risks of governments stockpiling software exploits. Cybersecurity experts recommend organizations implement regular system patching, strong access controls, user training, asset management, and monitoring to help prevent future attacks.

Education
1 of 26
56 JULY 2017 WWW.COMPLIANCEWEEK.COM The crisis of the moment in cyber-space is WannaCry, a nasty piece of ransomware attacking organizations around the globe. Those unfortunate enough to be in- held hostage, only to be returned and unlocked once a speci- The spotlight on this cyber-threat du jour has sparked management and the need to break down corporate silos. Ransomware, an increasing problem for anyone with - tacks include e-mails that look legitimate and seem to be from a known sender, but are engineered to trick the recip- ient into opening a malignant bit of code. Once loose, it cre- ates an illicit data pipeline. Malware can also be embedded onto Websites, waiting for an unsuspecting right click to open the door. WannaCry ransomware (also known as WCry and Wan- na Decryptor) used e-mail to exploit unpatched hazards in outdated, unpatched Microsoft Windows operating systems, - rosoft (which released a patch for the exploit, for newer op- erating systems, in March) is blaming the National Security A global hack attack that held organizations’ data hostage for Bitcoin ransoms
raises serious regulatory issues, disclosure debates, and risk management concerns. Joe Mont has more on the worldwide cyber-security event. {CYBER-SECURITY} Risk management lessons of the WannaCry ransomware WWW.COMPLIANCEWEEK.COM // JULY 2017 // 57 Agency for letting one of its experiments in software subter- fuge into the wild. The regulatory perspective On May 17, amid ongoing waves of the cyber-attacks, the Se- - spections and Examinations issued a ransomware alert. - amined 75 SEC registered broker-dealers, investment advis- ers, and investment companies to assess practices associated » Five percent of broker-dealers and 26 percent of advisers and funds examined did not conduct periodic risk assess- ments of critical systems to identify cyber-security threats, vulnerabilities, and the potential business consequences.
» Five percent of broker-dealers and 57 percent of the invest- - etration tests and vulnerability scans on systems that the » While all broker-dealers and 96 percent of investment regular system maintenance, including the installation of software patches to address security vulnerabilities, some that were missing important updates. Although not related to the latest ransomware attack, the - Smith Barney agreed to pay a $1 million penalty to settle charges related to its failures to protect customer informa- requires registered broker-dealers, investment companies, and investment advisers to “adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information.” Is it a breach? must a ransomware attack be disclosed in accordance with For healthcare organizations and their business associ- - ity Act’s privacy rule there may not be much debate or wiggle - ply, according to the Department of Health and Human Ser-
and encouraged it to focus on guidance for healthcare provid- ers to respond to ransomware attacks under the disclosure and medical record or medical services, the patient needs to know as quickly as possible,” the congressmen wrote. - conducting a risk analysis to identify threats and vulnera- those persons or software programs requiring access. need people, a process, and technology.” Monitoring is the weak link in most organizations, she measures are useless unless there is a process to make sure they are being enforced.” - “Breaches rarely occur because of insufficient technology; this is a governance problem. Many organizations react by conducting employee training. Training increases awareness but has proven ineffective at changing behavior.” Steven Minsky, CEO, LogicManager
58 JULY 2017 WWW.COMPLIANCEWEEK.COM to be assessed to gain transparency into vulnerabilities, but it is also important to identify, assess, and manage the pro- fusion of devices that connect to the organization’s network,” she explains. “Any party or device represents risk, and so ev- ery one of them must be included in a monitoring program.” A checklist of advice for IT departments—as suggested by Austin Berglas, senior managing director at the investiga- - gence—includes: » Patch all Windows systems as soon as possible. » Filter e-mails with zipped or otherwise obfuscated attachments. » Regularly back up systems and keep them separate from the primary network to provide a reliable back-up option in case of an infection. » Closely monitor logs and activate anomaly detection pro- cesses for user and network behavior. Review and manage logs and alerts through a central system. » Develop a software update procedure that calculates the risk and critical levels, and prioritize critical system updates. Firms should also raise employee awareness to the danger of phishing e-mails. “Human error is often more dangerous than technical
failures. Most of the breaches and attacks you hear about are successful because they are exploiting some kind of hu- man error,” says Berglas, a former assistant special agent in charge of the FBI’s Cyber-Branch in New York. From a technical aspect, the attacks are due to a lack of patching, he explained. So why, if a patch was released in “It highlighted the fact that lots of organizations interna- tionally are using outdated operating systems,” Berglas says. - ing, executives and directors should try to understand why the work was so delayed. “It seems like that would be a rea- sonable thing to ask,” he suggests. “What people don’t always understand is how complex and disruptive patching can be.” If you run a large environment, you are getting lots of up- - erating systems. Patching may disrupt existing programs, not MICROSOFT BLOG POST The following are excerpts from a blog post, appearing on Microsoft’s webpage, by President and Chief Legal Officer Brad Smith. This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on
WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weap- ons would be the U.S. military having some of its Tom- ahawk missiles stolen. And this most recent attack rep- resents a completely unintended but disconcerting link between the two most serious forms of cyber-security threats in the world today – nation-state action and orga- nized criminal action. The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoard- ing these vulnerabilities and the use of these exploits. This is one reason we called in February for a new “Digi-
tal Geneva Convention” to govern these issues, including a new requirement for governments to report vulnera- bilities to vendors, rather than stockpile, sell, or exploit them. And it’s why we’ve pledged our support for de- fending every customer everywhere in the face of cy- berattacks, regardless of their nationality. This weekend, whether it’s in London, New York, Moscow, Delhi, Sao Paulo, or Beijing, we’re putting this principle into action and working with customers around the world. We should take from this recent attack a renewed de- termination for more urgent collective action. We need the tech sector, customers, and governments to work together to protect against cyber-security attacks. More action is needed, and it’s needed now. In this sense, the WannaCrypt attack is a wake-up call for all of us. Source: Microsoft WWW.COMPLIANCEWEEK.COM // JULY 2017 // 59
at all desirable if all programs are expected to run seamlessly. updates and restart, especially with 24/7 expectations of e-commerce, Websites, and data availability. “If you take losing all that business,” Berglas says. When you are getting bombarded with updates, how do - sets and how they are connected. “Then it boils down to what the industry calls a layered approach,” Berglas says. “There is no one silver bullet that is going to save you from any of these attacks. The CEO, CRO, general counsel, and board of directors all need to work to- gether to mandate internal employee training on phishing and social engineering, and how to protect both the business and your personal life from these types of attacks.” “You start with [front-line employees] because it is the weakest link,” he adds. “They are operating on the end point, and that is what is going to give the bad guys access into the corporate environment. Using the layered approach, you want to make sure individuals inside the company are only granted the access privileges they need to do their job and no more.” - ing at the senior executive and middle management level. “There should be tabletop exercises about what would happen within the organization if this occurs tomorrow,” - ness continuity plan to make sure they are integrated across
all business lines.” “It is a board-level decision on how long the business can operate at 10 or 20 percent capacity after an attack,” he adds. “Those decisions can only be made with a good continuity plan in place so you know who is in charge and understand the current environment and the risks you may undertake.” Steven Minsky, CEO of LogicManager, an enterprise risk management provider, has a unique viewpoint on ransom- ware attacks: they illustrate a governance problem, not a technology problem. - gy; this is a governance problem,” he recently wrote for his company’s blog. “Many organizations react by conducting employee training. Training increases awareness but has - “Two other important parts of the equation are access rights and asset management,” he says. “Do all employees have access to only the applications they need to perform information documented and included in your company’s password policy?” an attack. “IT is centralized silo,” he says. “Let’s not beat them up because … they don’t actually understand the assets. They just see servers. They don’t actually see the data on those are important and which are not.” “This,” he says, “is the gap that enterprise risk manage- ment and good governance solves.”
- agement. “Risk management is not only about identifying prob- about saying, ‘Oh gosh, I already have 10 top risks I’m work- ing on. I don’t have time to add an 11th.’ ” Take the existing risks, he says. Prioritize Break them down and prioritize them in an objective fashion. Cut the work down to the most important pieces to do and let risk management reduce both the workload and and cyber-secu- rity IT expenses. Expensive bells whistles, in the form of specialized cy- ber-technology, are often used by companies as a knee-jerk response, Minsky suggests. to poor governance,” Minsky says. “What they need to be business continuity plan, on the existing procedures, and actually putting some risk weighting into them, so they - ■ “Any party or device represents risk, and so every one of them must be included in a monitoring program.” Pamela Passman, CEO, Center for Responsible Enterprise and Trade
Copyright of Compliance Week is the property of Wilmington Group plc and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. 56 JULY 2017 WWW.COMPLIANCEWEEK.COM The crisis of the moment in cyber-space is WannaCry, a nasty piece of ransomware attacking organizations around the globe. Those unfortunate enough to be in- held hostage, only to be returned and unlocked once a speci- The spotlight on this cyber-threat du jour has sparked management and the need to break down corporate silos. Ransomware, an increasing problem for anyone with - tacks include e-mails that look legitimate and seem to be from a known sender, but are engineered to trick the recip- ient into opening a malignant bit of code. Once loose, it cre- ates an illicit data pipeline. Malware can also be embedded onto Websites, waiting for an unsuspecting right click to open the door. WannaCry ransomware (also known as WCry and Wan- na Decryptor) used e-mail to exploit unpatched hazards in outdated, unpatched Microsoft Windows operating systems,
- rosoft (which released a patch for the exploit, for newer op- erating systems, in March) is blaming the National Security A global hack attack that held organizations’ data hostage for Bitcoin ransoms raises serious regulatory issues, disclosure debates, and risk management concerns. Joe Mont has more on the worldwide cyber-security event. {CYBER-SECURITY} Risk management lessons of the WannaCry ransomware WWW.COMPLIANCEWEEK.COM // JULY 2017 // 57 Agency for letting one of its experiments in software subter- fuge into the wild. The regulatory perspective On May 17, amid ongoing waves of the cyber-attacks, the Se- - spections and Examinations issued a ransomware alert. - amined 75 SEC registered broker-dealers, investment advis-
ers, and investment companies to assess practices associated » Five percent of broker-dealers and 26 percent of advisers and funds examined did not conduct periodic risk assess- ments of critical systems to identify cyber-security threats, vulnerabilities, and the potential business consequences. » Five percent of broker-dealers and 57 percent of the invest- - etration tests and vulnerability scans on systems that the » While all broker-dealers and 96 percent of investment regular system maintenance, including the installation of software patches to address security vulnerabilities, some that were missing important updates. Although not related to the latest ransomware attack, the - Smith Barney agreed to pay a $1 million penalty to settle charges related to its failures to protect customer informa- requires registered broker-dealers, investment companies, and investment advisers to “adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information.” Is it a breach? must a ransomware attack be disclosed in accordance with For healthcare organizations and their business associ- -
ity Act’s privacy rule there may not be much debate or wiggle - ply, according to the Department of Health and Human Ser- and encouraged it to focus on guidance for healthcare provid- ers to respond to ransomware attacks under the disclosure and medical record or medical services, the patient needs to know as quickly as possible,” the congressmen wrote. - conducting a risk analysis to identify threats and vulnera- those persons or software programs requiring access. need people, a process, and technology.” Monitoring is the weak link in most organizations, she measures are useless unless there is a process to make sure they are being enforced.” - “Breaches rarely occur because of insufficient technology; this is a governance problem. Many organizations react by conducting employee training. Training increases
awareness but has proven ineffective at changing behavior.” Steven Minsky, CEO, LogicManager 58 JULY 2017 WWW.COMPLIANCEWEEK.COM to be assessed to gain transparency into vulnerabilities, but it is also important to identify, assess, and manage the pro- fusion of devices that connect to the organization’s network,” she explains. “Any party or device represents risk, and so ev- ery one of them must be included in a monitoring program.” A checklist of advice for IT departments—as suggested by Austin Berglas, senior managing director at the investiga- - gence—includes: » Patch all Windows systems as soon as possible. » Filter e-mails with zipped or otherwise obfuscated attachments. » Regularly back up systems and keep them separate from the primary network to provide a reliable back-up option in case of an infection. » Closely monitor logs and activate anomaly detection pro- cesses for user and network behavior. Review and manage logs and alerts through a central system.
» Develop a software update procedure that calculates the risk and critical levels, and prioritize critical system updates. Firms should also raise employee awareness to the danger of phishing e-mails. “Human error is often more dangerous than technical failures. Most of the breaches and attacks you hear about are successful because they are exploiting some kind of hu- man error,” says Berglas, a former assistant special agent in charge of the FBI’s Cyber-Branch in New York. From a technical aspect, the attacks are due to a lack of patching, he explained. So why, if a patch was released in “It highlighted the fact that lots of organizations interna- tionally are using outdated operating systems,” Berglas says. - ing, executives and directors should try to understand why the work was so delayed. “It seems like that would be a rea- sonable thing to ask,” he suggests. “What people don’t always understand is how complex and disruptive patching can be.” If you run a large environment, you are getting lots of up- - erating systems. Patching may disrupt existing programs, not MICROSOFT BLOG POST The following are excerpts from a blog post, appearing on Microsoft’s webpage, by President and Chief Legal Officer Brad Smith. This attack provides yet another example of why the
stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weap- ons would be the U.S. military having some of its Tom- ahawk missiles stolen. And this most recent attack rep- resents a completely unintended but disconcerting link between the two most serious forms of cyber-security threats in the world today – nation-state action and orga- nized criminal action. The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to
consider the damage to civilians that comes from hoard- ing these vulnerabilities and the use of these exploits. This is one reason we called in February for a new “Digi- tal Geneva Convention” to govern these issues, including a new requirement for governments to report vulnera- bilities to vendors, rather than stockpile, sell, or exploit them. And it’s why we’ve pledged our support for de- fending every customer everywhere in the face of cy- berattacks, regardless of their nationality. This weekend, whether it’s in London, New York, Moscow, Delhi, Sao Paulo, or Beijing, we’re putting this principle into action and working with customers around the world. We should take from this recent attack a renewed de- termination for more urgent collective action. We need the tech sector, customers, and governments to work together to protect against cyber-security attacks. More action is needed, and it’s needed now. In this sense, the WannaCrypt attack is a wake-up call for all of us.
Source: Microsoft WWW.COMPLIANCEWEEK.COM // JULY 2017 // 59 at all desirable if all programs are expected to run seamlessly. updates and restart, especially with 24/7 expectations of e-commerce, Websites, and data availability. “If you take losing all that business,” Berglas says. When you are getting bombarded with updates, how do - sets and how they are connected. “Then it boils down to what the industry calls a layered approach,” Berglas says. “There is no one silver bullet that is going to save you from any of these attacks. The CEO, CRO, general counsel, and board of directors all need to work to- gether to mandate internal employee training on phishing and social engineering, and how to protect both the business and your personal life from these types of attacks.” “You start with [front-line employees] because it is the weakest link,” he adds. “They are operating on the end point, and that is what is going to give the bad guys access into the corporate environment. Using the layered approach, you want to make sure individuals inside the company are only granted the access privileges they need to do their job and no more.” -
ing at the senior executive and middle management level. “There should be tabletop exercises about what would happen within the organization if this occurs tomorrow,” - ness continuity plan to make sure they are integrated across all business lines.” “It is a board-level decision on how long the business can operate at 10 or 20 percent capacity after an attack,” he adds. “Those decisions can only be made with a good continuity plan in place so you know who is in charge and understand the current environment and the risks you may undertake.” Steven Minsky, CEO of LogicManager, an enterprise risk management provider, has a unique viewpoint on ransom- ware attacks: they illustrate a governance problem, not a technology problem. - gy; this is a governance problem,” he recently wrote for his company’s blog. “Many organizations react by conducting employee training. Training increases awareness but has - “Two other important parts of the equation are access rights and asset management,” he says. “Do all employees have access to only the applications they need to perform information documented and included in your company’s password policy?” an attack. “IT is centralized silo,” he says. “Let’s not beat them
up because … they don’t actually understand the assets. They just see servers. They don’t actually see the data on those are important and which are not.” “This,” he says, “is the gap that enterprise risk manage- ment and good governance solves.” - agement. “Risk management is not only about identifying prob- about saying, ‘Oh gosh, I already have 10 top risks I’m work- ing on. I don’t have time to add an 11th.’ ” Take the existing risks, he says. Prioritize Break them down and prioritize them in an objective fashion. Cut the work down to the most important pieces to do and let risk management reduce both the workload and and cyber-secu- rity IT expenses. Expensive bells whistles, in the form of specialized cy- ber-technology, are often used by companies as a knee-jerk response, Minsky suggests. to poor governance,” Minsky says. “What they need to be business continuity plan, on the existing procedures, and actually putting some risk weighting into them, so they - ■ “Any party or device represents risk, and so every one of them must be included in
a monitoring program.” Pamela Passman, CEO, Center for Responsible Enterprise and Trade Copyright of Compliance Week is the property of Wilmington Group plc and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. 66 Industrial Engineer the day We strive for Work Perfect I support the development of evaluations for the performance man- agement and improvement of academic faculty and staff at Javeriana University. This involves factors such as information systems, best practices analysis and case studies. One thing that allows me to do my job is the ability to work in an interdisciplinary professional environment, which recognizes that ev- eryone has something to contribute. I work for a university that
has a mission to guide students in all the stages in undergraduate and grad- uate programs, as well as research and extension programs. My job has internal customers that are the key element of the system: professors and academic directors. At Javeriana University, the educational process is based on a rela- tionship between professor and student. Professors have an important role in that relationship, which helps generate the development of con- sulting and extension projects. Javeriana University prepares people who can serve the country and the world at large, and I put my 2 cents in the organization to achieve the strategic objectives. That’s what gives me the most satisfaction. My perfect day begins with the preparation of reports related to performance management. I use MicroStrategy BI and data analysis software such as Minitab. Then, I have meetings with professors to design and implement new improvements on projects to speed up processes. After lunch, I prepare to submit some policies and changes aligned with the last meeting I had with my boss. At the end of the workday, I meet with other people from my team to speak on the prog-
ress achieved for the day and prepare ourselves for an increasingly chal- lenging day tomorrow. I want to continue gaining experience in project management and process improvement. I’d also plan to prepare myself for applying to an MBA program in the U.S. or U.K. — Interview by David Brandt Alexander Cardenas Ramos Project management coordinator - professorial affairs Javeriana University Bogotá, Colombia resumé 2014 Project management coordinator - professorial affairs, Javeriana University, Bogotá, Colombia 2013 Entrepreneurship and leadership certificate, University of Texas-Arlington 2013 Business intelligence consultant, LOGYCA-GS1 Colombia 2013 Joined IIE 2012 M.S., industrial engineering, Javeriana University, Bogotá, Colombia 2011 Management analyst, Colsubsidio 2011 B.S., industrial engineering, Javeriana University, Bogotá, Colombia Copyright of Industrial Engineer: IE is the property of Institute of Industrial Engineers and its content may not be copied or emailed to multiple sites or posted
to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.

Recommended

Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attackskevinmass30
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksStrategy&, a member of the PwC network
 
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...Steve Fantauzzo
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
 
The State of Data Security
The State of Data SecurityThe State of Data Security
The State of Data SecurityRazor Technology
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 

Recommended

Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attackskevinmass30
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksStrategy&, a member of the PwC network
 
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...Steve Fantauzzo
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
 
The State of Data Security
The State of Data SecurityThe State of Data Security
The State of Data SecurityRazor Technology
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationMaaz Ahmed Shaikh
 
Incident Response
Incident ResponseIncident Response
Incident ResponseMichaelRodriguesdosS1
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfgalagirishp
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...Invincea, Inc.
 
University-of-Miami_MEDINA
University-of-Miami_MEDINAUniversity-of-Miami_MEDINA
University-of-Miami_MEDINAKelvin Medina, CISSP, PA-QSA, QSA, GCIH, CISA, ITIL
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And SecurityConstantine Karbaliotis
 
Enterprise Immune System
Enterprise Immune SystemEnterprise Immune System
Enterprise Immune SystemAustin Eppstein
 
Project.pptx
Project.pptxProject.pptx
Project.pptxDhruv896840
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Digital Resilience flipbook
Digital Resilience flipbookDigital Resilience flipbook
Digital Resilience flipbookJames Fintain Lawler
 
Digital Resilience flipbook
Digital Resilience flipbookDigital Resilience flipbook
Digital Resilience flipbookJames Fintain Lawler
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfgokuforhelp
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinDavid X Martin
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlJose Lopez
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting InformationLaura Martin
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firmsJake Weaver
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Security
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalShallu Behar-Sheehan FCIM
 
· Present a discussion of what team is. What type(s) of team do .docx
· Present a discussion of what team is. What type(s) of team do .docx· Present a discussion of what team is. What type(s) of team do .docx
· Present a discussion of what team is. What type(s) of team do .docxalinainglis
 
· Presentation of your project. Prepare a PowerPoint with 8 slid.docx
· Presentation of your project. Prepare a PowerPoint with 8 slid.docx· Presentation of your project. Prepare a PowerPoint with 8 slid.docx
· Presentation of your project. Prepare a PowerPoint with 8 slid.docxalinainglis
 

More Related Content

Similar to 56 JULY 2017 WWW.COM.docx

Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationMaaz Ahmed Shaikh
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfgalagirishp
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...Invincea, Inc.
 
Enterprise Immune System
Enterprise Immune SystemEnterprise Immune System
Enterprise Immune SystemAustin Eppstein
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfgokuforhelp
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinDavid X Martin
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlJose Lopez
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting InformationLaura Martin
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firmsJake Weaver
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Security
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalShallu Behar-Sheehan FCIM
 

Similar to 56 JULY 2017 WWW.COM.docx (20)

Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and Mitigation
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
 
University-of-Miami_MEDINA
University-of-Miami_MEDINAUniversity-of-Miami_MEDINA
University-of-Miami_MEDINA
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
Enterprise Immune System
Enterprise Immune SystemEnterprise Immune System
Enterprise Immune System
 
Project.pptx
Project.pptxProject.pptx
Project.pptx
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Digital Resilience flipbook
Digital Resilience flipbookDigital Resilience flipbook
Digital Resilience flipbook
 
Digital Resilience flipbook
Digital Resilience flipbookDigital Resilience flipbook
Digital Resilience flipbook
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdf
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martin
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat Control
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firms
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack Continuum
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker Final
 

More from alinainglis

· Present a discussion of what team is. What type(s) of team do .docx
· Present a discussion of what team is. What type(s) of team do .docx· Present a discussion of what team is. What type(s) of team do .docx
· Present a discussion of what team is. What type(s) of team do .docxalinainglis
 
· Presentation of your project. Prepare a PowerPoint with 8 slid.docx
· Presentation of your project. Prepare a PowerPoint with 8 slid.docx· Presentation of your project. Prepare a PowerPoint with 8 slid.docx
· Presentation of your project. Prepare a PowerPoint with 8 slid.docxalinainglis
 
· Prepare a research proposal, mentioning a specific researchabl.docx
· Prepare a research proposal, mentioning a specific researchabl.docx· Prepare a research proposal, mentioning a specific researchabl.docx
· Prepare a research proposal, mentioning a specific researchabl.docxalinainglis
 
· Previous professional experiences that have had a profound.docx
· Previous professional experiences that have had a profound.docx· Previous professional experiences that have had a profound.docx
· Previous professional experiences that have had a profound.docxalinainglis
 
· Please select ONE of the following questions and write a 200-wor.docx
· Please select ONE of the following questions and write a 200-wor.docx· Please select ONE of the following questions and write a 200-wor.docx
· Please select ONE of the following questions and write a 200-wor.docxalinainglis
 
· Please use Firefox for access to cronometer.com16 ye.docx
· Please use Firefox for access to cronometer.com16 ye.docx· Please use Firefox for access to cronometer.com16 ye.docx
· Please use Firefox for access to cronometer.com16 ye.docxalinainglis
 
· Please share theoretical explanations based on social, cultural an.docx
· Please share theoretical explanations based on social, cultural an.docx· Please share theoretical explanations based on social, cultural an.docx
· Please share theoretical explanations based on social, cultural an.docxalinainglis
 
· If we accept the fact that we may need to focus more on teaching.docx
· If we accept the fact that we may need to focus more on teaching.docx· If we accept the fact that we may need to focus more on teaching.docx
· If we accept the fact that we may need to focus more on teaching.docxalinainglis
 
· How many employees are working for youtotal of 5 employees .docx
· How many employees are working for youtotal of 5 employees .docx· How many employees are working for youtotal of 5 employees .docx
· How many employees are working for youtotal of 5 employees .docxalinainglis
 
· How should the risks be prioritized· Who should do the priori.docx
· How should the risks be prioritized· Who should do the priori.docx· How should the risks be prioritized· Who should do the priori.docx
· How should the risks be prioritized· Who should do the priori.docxalinainglis
 
· How does the distribution mechanism control the issues address.docx
· How does the distribution mechanism control the issues address.docx· How does the distribution mechanism control the issues address.docx
· How does the distribution mechanism control the issues address.docxalinainglis
 
· Helen Petrakis Identifying Data Helen Petrakis is a 5.docx
· Helen Petrakis Identifying Data Helen Petrakis is a 5.docx· Helen Petrakis Identifying Data Helen Petrakis is a 5.docx
· Helen Petrakis Identifying Data Helen Petrakis is a 5.docxalinainglis
 
· Global O365 Tenant Settings relevant to SPO, and recommended.docx
· Global O365 Tenant Settings relevant to SPO, and recommended.docx· Global O365 Tenant Settings relevant to SPO, and recommended.docx
· Global O365 Tenant Settings relevant to SPO, and recommended.docxalinainglis
 
· Focus on the identified client within your chosen case.· Analy.docx
· Focus on the identified client within your chosen case.· Analy.docx· Focus on the identified client within your chosen case.· Analy.docx
· Focus on the identified client within your chosen case.· Analy.docxalinainglis
 
· Find current events regarding any issues in public health .docx
· Find current events regarding any issues in public health .docx· Find current events regarding any issues in public health .docx
· Find current events regarding any issues in public health .docxalinainglis
 
· Explore and assess different remote access solutions.Assig.docx
· Explore and assess different remote access solutions.Assig.docx· Explore and assess different remote access solutions.Assig.docx
· Explore and assess different remote access solutions.Assig.docxalinainglis
 
· FASB ASC & GARS Login credentials LinkUser ID AAA51628Pas.docx
· FASB ASC & GARS Login credentials LinkUser ID AAA51628Pas.docx· FASB ASC & GARS Login credentials LinkUser ID AAA51628Pas.docx
· FASB ASC & GARS Login credentials LinkUser ID AAA51628Pas.docxalinainglis
 
· Due Sat. Sep. · Format Typed, double-spaced, sub.docx
· Due Sat. Sep. · Format Typed, double-spaced, sub.docx· Due Sat. Sep. · Format Typed, double-spaced, sub.docx
· Due Sat. Sep. · Format Typed, double-spaced, sub.docxalinainglis
 
· Expectations for Power Point Presentations in Units IV and V I.docx
· Expectations for Power Point Presentations in Units IV and V I.docx· Expectations for Power Point Presentations in Units IV and V I.docx
· Expectations for Power Point Presentations in Units IV and V I.docxalinainglis
 
· Due Friday by 1159pmResearch Paper--IssueTopic Ce.docx
· Due Friday by 1159pmResearch Paper--IssueTopic Ce.docx· Due Friday by 1159pmResearch Paper--IssueTopic Ce.docx
· Due Friday by 1159pmResearch Paper--IssueTopic Ce.docxalinainglis
 

More from alinainglis (20)

· Present a discussion of what team is. What type(s) of team do .docx
· Present a discussion of what team is. What type(s) of team do .docx· Present a discussion of what team is. What type(s) of team do .docx
· Present a discussion of what team is. What type(s) of team do .docx
 
· Presentation of your project. Prepare a PowerPoint with 8 slid.docx
· Presentation of your project. Prepare a PowerPoint with 8 slid.docx· Presentation of your project. Prepare a PowerPoint with 8 slid.docx
· Presentation of your project. Prepare a PowerPoint with 8 slid.docx
 
· Prepare a research proposal, mentioning a specific researchabl.docx
· Prepare a research proposal, mentioning a specific researchabl.docx· Prepare a research proposal, mentioning a specific researchabl.docx
· Prepare a research proposal, mentioning a specific researchabl.docx
 
· Previous professional experiences that have had a profound.docx
· Previous professional experiences that have had a profound.docx· Previous professional experiences that have had a profound.docx
· Previous professional experiences that have had a profound.docx
 
· Please select ONE of the following questions and write a 200-wor.docx
· Please select ONE of the following questions and write a 200-wor.docx· Please select ONE of the following questions and write a 200-wor.docx
· Please select ONE of the following questions and write a 200-wor.docx
 
· Please use Firefox for access to cronometer.com16 ye.docx
· Please use Firefox for access to cronometer.com16 ye.docx· Please use Firefox for access to cronometer.com16 ye.docx
· Please use Firefox for access to cronometer.com16 ye.docx
 
· Please share theoretical explanations based on social, cultural an.docx
· Please share theoretical explanations based on social, cultural an.docx· Please share theoretical explanations based on social, cultural an.docx
· Please share theoretical explanations based on social, cultural an.docx
 
· If we accept the fact that we may need to focus more on teaching.docx
· If we accept the fact that we may need to focus more on teaching.docx· If we accept the fact that we may need to focus more on teaching.docx
· If we accept the fact that we may need to focus more on teaching.docx
 
· How many employees are working for youtotal of 5 employees .docx
· How many employees are working for youtotal of 5 employees .docx· How many employees are working for youtotal of 5 employees .docx
· How many employees are working for youtotal of 5 employees .docx
 
· How should the risks be prioritized· Who should do the priori.docx
· How should the risks be prioritized· Who should do the priori.docx· How should the risks be prioritized· Who should do the priori.docx
· How should the risks be prioritized· Who should do the priori.docx
 
· How does the distribution mechanism control the issues address.docx
· How does the distribution mechanism control the issues address.docx· How does the distribution mechanism control the issues address.docx
· How does the distribution mechanism control the issues address.docx
 
· Helen Petrakis Identifying Data Helen Petrakis is a 5.docx
· Helen Petrakis Identifying Data Helen Petrakis is a 5.docx· Helen Petrakis Identifying Data Helen Petrakis is a 5.docx
· Helen Petrakis Identifying Data Helen Petrakis is a 5.docx
 
· Global O365 Tenant Settings relevant to SPO, and recommended.docx
· Global O365 Tenant Settings relevant to SPO, and recommended.docx· Global O365 Tenant Settings relevant to SPO, and recommended.docx
· Global O365 Tenant Settings relevant to SPO, and recommended.docx
 
· Focus on the identified client within your chosen case.· Analy.docx
· Focus on the identified client within your chosen case.· Analy.docx· Focus on the identified client within your chosen case.· Analy.docx
· Focus on the identified client within your chosen case.· Analy.docx
 
· Find current events regarding any issues in public health .docx
· Find current events regarding any issues in public health .docx· Find current events regarding any issues in public health .docx
· Find current events regarding any issues in public health .docx
 
· Explore and assess different remote access solutions.Assig.docx
· Explore and assess different remote access solutions.Assig.docx· Explore and assess different remote access solutions.Assig.docx
· Explore and assess different remote access solutions.Assig.docx
 
· FASB ASC & GARS Login credentials LinkUser ID AAA51628Pas.docx
· FASB ASC & GARS Login credentials LinkUser ID AAA51628Pas.docx· FASB ASC & GARS Login credentials LinkUser ID AAA51628Pas.docx
· FASB ASC & GARS Login credentials LinkUser ID AAA51628Pas.docx
 
· Due Sat. Sep. · Format Typed, double-spaced, sub.docx
· Due Sat. Sep. · Format Typed, double-spaced, sub.docx· Due Sat. Sep. · Format Typed, double-spaced, sub.docx
· Due Sat. Sep. · Format Typed, double-spaced, sub.docx
 
· Expectations for Power Point Presentations in Units IV and V I.docx
· Expectations for Power Point Presentations in Units IV and V I.docx· Expectations for Power Point Presentations in Units IV and V I.docx
· Expectations for Power Point Presentations in Units IV and V I.docx
 
· Due Friday by 1159pmResearch Paper--IssueTopic Ce.docx
· Due Friday by 1159pmResearch Paper--IssueTopic Ce.docx· Due Friday by 1159pmResearch Paper--IssueTopic Ce.docx
· Due Friday by 1159pmResearch Paper--IssueTopic Ce.docx
 

Recently uploaded

Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfSanaAli374401
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 

Recently uploaded (20)

Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 

56 JULY 2017 WWW.COM.docx

  • 1. 56 JULY 2017 WWW.COMPLIANCEWEEK.COM The crisis of the moment in cyber-space is WannaCry, a nasty piece of ransomware attacking organizations around the globe. Those unfortunate enough to be in- held hostage, only to be returned and unlocked once a speci- The spotlight on this cyber-threat du jour has sparked management and the need to break down corporate silos. Ransomware, an increasing problem for anyone with - tacks include e-mails that look legitimate and seem to be from a known sender, but are engineered to trick the recip- ient into opening a malignant bit of code. Once loose, it cre- ates an illicit data pipeline. Malware can also be embedded onto Websites, waiting for an unsuspecting right click to open the door. WannaCry ransomware (also known as WCry and Wan- na Decryptor) used e-mail to exploit unpatched hazards in outdated, unpatched Microsoft Windows operating systems, - rosoft (which released a patch for the exploit, for newer op- erating systems, in March) is blaming the National Security A global hack attack that held organizations’ data hostage for Bitcoin ransoms
  • 2. raises serious regulatory issues, disclosure debates, and risk management concerns. Joe Mont has more on the worldwide cyber-security event. {CYBER-SECURITY} Risk management lessons of the WannaCry ransomware WWW.COMPLIANCEWEEK.COM // JULY 2017 // 57 Agency for letting one of its experiments in software subter- fuge into the wild. The regulatory perspective On May 17, amid ongoing waves of the cyber-attacks, the Se- - spections and Examinations issued a ransomware alert. - amined 75 SEC registered broker-dealers, investment advis- ers, and investment companies to assess practices associated » Five percent of broker-dealers and 26 percent of advisers and funds examined did not conduct periodic risk assess- ments of critical systems to identify cyber-security threats, vulnerabilities, and the potential business consequences.
  • 3. » Five percent of broker-dealers and 57 percent of the invest- - etration tests and vulnerability scans on systems that the » While all broker-dealers and 96 percent of investment regular system maintenance, including the installation of software patches to address security vulnerabilities, some that were missing important updates. Although not related to the latest ransomware attack, the - Smith Barney agreed to pay a $1 million penalty to settle charges related to its failures to protect customer informa- requires registered broker-dealers, investment companies, and investment advisers to “adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information.” Is it a breach? must a ransomware attack be disclosed in accordance with For healthcare organizations and their business associ- - ity Act’s privacy rule there may not be much debate or wiggle - ply, according to the Department of Health and Human Ser-
  • 4. and encouraged it to focus on guidance for healthcare provid- ers to respond to ransomware attacks under the disclosure and medical record or medical services, the patient needs to know as quickly as possible,” the congressmen wrote. - conducting a risk analysis to identify threats and vulnera- those persons or software programs requiring access. need people, a process, and technology.” Monitoring is the weak link in most organizations, she measures are useless unless there is a process to make sure they are being enforced.” - “Breaches rarely occur because of insufficient technology; this is a governance problem. Many organizations react by conducting employee training. Training increases awareness but has proven ineffective at changing behavior.” Steven Minsky, CEO, LogicManager
  • 5. 58 JULY 2017 WWW.COMPLIANCEWEEK.COM to be assessed to gain transparency into vulnerabilities, but it is also important to identify, assess, and manage the pro- fusion of devices that connect to the organization’s network,” she explains. “Any party or device represents risk, and so ev- ery one of them must be included in a monitoring program.” A checklist of advice for IT departments—as suggested by Austin Berglas, senior managing director at the investiga- - gence—includes: » Patch all Windows systems as soon as possible. » Filter e-mails with zipped or otherwise obfuscated attachments. » Regularly back up systems and keep them separate from the primary network to provide a reliable back-up option in case of an infection. » Closely monitor logs and activate anomaly detection pro- cesses for user and network behavior. Review and manage logs and alerts through a central system. » Develop a software update procedure that calculates the risk and critical levels, and prioritize critical system updates. Firms should also raise employee awareness to the danger of phishing e-mails. “Human error is often more dangerous than technical
  • 6. failures. Most of the breaches and attacks you hear about are successful because they are exploiting some kind of hu- man error,” says Berglas, a former assistant special agent in charge of the FBI’s Cyber-Branch in New York. From a technical aspect, the attacks are due to a lack of patching, he explained. So why, if a patch was released in “It highlighted the fact that lots of organizations interna- tionally are using outdated operating systems,” Berglas says. - ing, executives and directors should try to understand why the work was so delayed. “It seems like that would be a rea- sonable thing to ask,” he suggests. “What people don’t always understand is how complex and disruptive patching can be.” If you run a large environment, you are getting lots of up- - erating systems. Patching may disrupt existing programs, not MICROSOFT BLOG POST The following are excerpts from a blog post, appearing on Microsoft’s webpage, by President and Chief Legal Officer Brad Smith. This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on
  • 7. WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weap- ons would be the U.S. military having some of its Tom- ahawk missiles stolen. And this most recent attack rep- resents a completely unintended but disconcerting link between the two most serious forms of cyber-security threats in the world today – nation-state action and orga- nized criminal action. The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoard- ing these vulnerabilities and the use of these exploits. This is one reason we called in February for a new “Digi-
  • 8. tal Geneva Convention” to govern these issues, including a new requirement for governments to report vulnera- bilities to vendors, rather than stockpile, sell, or exploit them. And it’s why we’ve pledged our support for de- fending every customer everywhere in the face of cy- berattacks, regardless of their nationality. This weekend, whether it’s in London, New York, Moscow, Delhi, Sao Paulo, or Beijing, we’re putting this principle into action and working with customers around the world. We should take from this recent attack a renewed de- termination for more urgent collective action. We need the tech sector, customers, and governments to work together to protect against cyber-security attacks. More action is needed, and it’s needed now. In this sense, the WannaCrypt attack is a wake-up call for all of us. Source: Microsoft WWW.COMPLIANCEWEEK.COM // JULY 2017 // 59
  • 9. at all desirable if all programs are expected to run seamlessly. updates and restart, especially with 24/7 expectations of e-commerce, Websites, and data availability. “If you take losing all that business,” Berglas says. When you are getting bombarded with updates, how do - sets and how they are connected. “Then it boils down to what the industry calls a layered approach,” Berglas says. “There is no one silver bullet that is going to save you from any of these attacks. The CEO, CRO, general counsel, and board of directors all need to work to- gether to mandate internal employee training on phishing and social engineering, and how to protect both the business and your personal life from these types of attacks.” “You start with [front-line employees] because it is the weakest link,” he adds. “They are operating on the end point, and that is what is going to give the bad guys access into the corporate environment. Using the layered approach, you want to make sure individuals inside the company are only granted the access privileges they need to do their job and no more.” - ing at the senior executive and middle management level. “There should be tabletop exercises about what would happen within the organization if this occurs tomorrow,” - ness continuity plan to make sure they are integrated across
  • 10. all business lines.” “It is a board-level decision on how long the business can operate at 10 or 20 percent capacity after an attack,” he adds. “Those decisions can only be made with a good continuity plan in place so you know who is in charge and understand the current environment and the risks you may undertake.” Steven Minsky, CEO of LogicManager, an enterprise risk management provider, has a unique viewpoint on ransom- ware attacks: they illustrate a governance problem, not a technology problem. - gy; this is a governance problem,” he recently wrote for his company’s blog. “Many organizations react by conducting employee training. Training increases awareness but has - “Two other important parts of the equation are access rights and asset management,” he says. “Do all employees have access to only the applications they need to perform information documented and included in your company’s password policy?” an attack. “IT is centralized silo,” he says. “Let’s not beat them up because … they don’t actually understand the assets. They just see servers. They don’t actually see the data on those are important and which are not.” “This,” he says, “is the gap that enterprise risk manage- ment and good governance solves.”
  • 11. - agement. “Risk management is not only about identifying prob- about saying, ‘Oh gosh, I already have 10 top risks I’m work- ing on. I don’t have time to add an 11th.’ ” Take the existing risks, he says. Prioritize Break them down and prioritize them in an objective fashion. Cut the work down to the most important pieces to do and let risk management reduce both the workload and and cyber-secu- rity IT expenses. Expensive bells whistles, in the form of specialized cy- ber-technology, are often used by companies as a knee-jerk response, Minsky suggests. to poor governance,” Minsky says. “What they need to be business continuity plan, on the existing procedures, and actually putting some risk weighting into them, so they - ■ “Any party or device represents risk, and so every one of them must be included in a monitoring program.” Pamela Passman, CEO, Center for Responsible Enterprise and Trade
  • 12. Copyright of Compliance Week is the property of Wilmington Group plc and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. 56 JULY 2017 WWW.COMPLIANCEWEEK.COM The crisis of the moment in cyber-space is WannaCry, a nasty piece of ransomware attacking organizations around the globe. Those unfortunate enough to be in- held hostage, only to be returned and unlocked once a speci- The spotlight on this cyber-threat du jour has sparked management and the need to break down corporate silos. Ransomware, an increasing problem for anyone with - tacks include e-mails that look legitimate and seem to be from a known sender, but are engineered to trick the recip- ient into opening a malignant bit of code. Once loose, it cre- ates an illicit data pipeline. Malware can also be embedded onto Websites, waiting for an unsuspecting right click to open the door. WannaCry ransomware (also known as WCry and Wan- na Decryptor) used e-mail to exploit unpatched hazards in outdated, unpatched Microsoft Windows operating systems,
  • 13. - rosoft (which released a patch for the exploit, for newer op- erating systems, in March) is blaming the National Security A global hack attack that held organizations’ data hostage for Bitcoin ransoms raises serious regulatory issues, disclosure debates, and risk management concerns. Joe Mont has more on the worldwide cyber-security event. {CYBER-SECURITY} Risk management lessons of the WannaCry ransomware WWW.COMPLIANCEWEEK.COM // JULY 2017 // 57 Agency for letting one of its experiments in software subter- fuge into the wild. The regulatory perspective On May 17, amid ongoing waves of the cyber-attacks, the Se- - spections and Examinations issued a ransomware alert. - amined 75 SEC registered broker-dealers, investment advis-
  • 14. ers, and investment companies to assess practices associated » Five percent of broker-dealers and 26 percent of advisers and funds examined did not conduct periodic risk assess- ments of critical systems to identify cyber-security threats, vulnerabilities, and the potential business consequences. » Five percent of broker-dealers and 57 percent of the invest- - etration tests and vulnerability scans on systems that the » While all broker-dealers and 96 percent of investment regular system maintenance, including the installation of software patches to address security vulnerabilities, some that were missing important updates. Although not related to the latest ransomware attack, the - Smith Barney agreed to pay a $1 million penalty to settle charges related to its failures to protect customer informa- requires registered broker-dealers, investment companies, and investment advisers to “adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information.” Is it a breach? must a ransomware attack be disclosed in accordance with For healthcare organizations and their business associ- -
  • 15. ity Act’s privacy rule there may not be much debate or wiggle - ply, according to the Department of Health and Human Ser- and encouraged it to focus on guidance for healthcare provid- ers to respond to ransomware attacks under the disclosure and medical record or medical services, the patient needs to know as quickly as possible,” the congressmen wrote. - conducting a risk analysis to identify threats and vulnera- those persons or software programs requiring access. need people, a process, and technology.” Monitoring is the weak link in most organizations, she measures are useless unless there is a process to make sure they are being enforced.” - “Breaches rarely occur because of insufficient technology; this is a governance problem. Many organizations react by conducting employee training. Training increases
  • 16. awareness but has proven ineffective at changing behavior.” Steven Minsky, CEO, LogicManager 58 JULY 2017 WWW.COMPLIANCEWEEK.COM to be assessed to gain transparency into vulnerabilities, but it is also important to identify, assess, and manage the pro- fusion of devices that connect to the organization’s network,” she explains. “Any party or device represents risk, and so ev- ery one of them must be included in a monitoring program.” A checklist of advice for IT departments—as suggested by Austin Berglas, senior managing director at the investiga- - gence—includes: » Patch all Windows systems as soon as possible. » Filter e-mails with zipped or otherwise obfuscated attachments. » Regularly back up systems and keep them separate from the primary network to provide a reliable back-up option in case of an infection. » Closely monitor logs and activate anomaly detection pro- cesses for user and network behavior. Review and manage logs and alerts through a central system.
  • 17. » Develop a software update procedure that calculates the risk and critical levels, and prioritize critical system updates. Firms should also raise employee awareness to the danger of phishing e-mails. “Human error is often more dangerous than technical failures. Most of the breaches and attacks you hear about are successful because they are exploiting some kind of hu- man error,” says Berglas, a former assistant special agent in charge of the FBI’s Cyber-Branch in New York. From a technical aspect, the attacks are due to a lack of patching, he explained. So why, if a patch was released in “It highlighted the fact that lots of organizations interna- tionally are using outdated operating systems,” Berglas says. - ing, executives and directors should try to understand why the work was so delayed. “It seems like that would be a rea- sonable thing to ask,” he suggests. “What people don’t always understand is how complex and disruptive patching can be.” If you run a large environment, you are getting lots of up- - erating systems. Patching may disrupt existing programs, not MICROSOFT BLOG POST The following are excerpts from a blog post, appearing on Microsoft’s webpage, by President and Chief Legal Officer Brad Smith. This attack provides yet another example of why the
  • 18. stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weap- ons would be the U.S. military having some of its Tom- ahawk missiles stolen. And this most recent attack rep- resents a completely unintended but disconcerting link between the two most serious forms of cyber-security threats in the world today – nation-state action and orga- nized criminal action. The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to
  • 19. consider the damage to civilians that comes from hoard- ing these vulnerabilities and the use of these exploits. This is one reason we called in February for a new “Digi- tal Geneva Convention” to govern these issues, including a new requirement for governments to report vulnera- bilities to vendors, rather than stockpile, sell, or exploit them. And it’s why we’ve pledged our support for de- fending every customer everywhere in the face of cy- berattacks, regardless of their nationality. This weekend, whether it’s in London, New York, Moscow, Delhi, Sao Paulo, or Beijing, we’re putting this principle into action and working with customers around the world. We should take from this recent attack a renewed de- termination for more urgent collective action. We need the tech sector, customers, and governments to work together to protect against cyber-security attacks. More action is needed, and it’s needed now. In this sense, the WannaCrypt attack is a wake-up call for all of us.
  • 20. Source: Microsoft WWW.COMPLIANCEWEEK.COM // JULY 2017 // 59 at all desirable if all programs are expected to run seamlessly. updates and restart, especially with 24/7 expectations of e-commerce, Websites, and data availability. “If you take losing all that business,” Berglas says. When you are getting bombarded with updates, how do - sets and how they are connected. “Then it boils down to what the industry calls a layered approach,” Berglas says. “There is no one silver bullet that is going to save you from any of these attacks. The CEO, CRO, general counsel, and board of directors all need to work to- gether to mandate internal employee training on phishing and social engineering, and how to protect both the business and your personal life from these types of attacks.” “You start with [front-line employees] because it is the weakest link,” he adds. “They are operating on the end point, and that is what is going to give the bad guys access into the corporate environment. Using the layered approach, you want to make sure individuals inside the company are only granted the access privileges they need to do their job and no more.” -
  • 21. ing at the senior executive and middle management level. “There should be tabletop exercises about what would happen within the organization if this occurs tomorrow,” - ness continuity plan to make sure they are integrated across all business lines.” “It is a board-level decision on how long the business can operate at 10 or 20 percent capacity after an attack,” he adds. “Those decisions can only be made with a good continuity plan in place so you know who is in charge and understand the current environment and the risks you may undertake.” Steven Minsky, CEO of LogicManager, an enterprise risk management provider, has a unique viewpoint on ransom- ware attacks: they illustrate a governance problem, not a technology problem. - gy; this is a governance problem,” he recently wrote for his company’s blog. “Many organizations react by conducting employee training. Training increases awareness but has - “Two other important parts of the equation are access rights and asset management,” he says. “Do all employees have access to only the applications they need to perform information documented and included in your company’s password policy?” an attack. “IT is centralized silo,” he says. “Let’s not beat them
  • 22. up because … they don’t actually understand the assets. They just see servers. They don’t actually see the data on those are important and which are not.” “This,” he says, “is the gap that enterprise risk manage- ment and good governance solves.” - agement. “Risk management is not only about identifying prob- about saying, ‘Oh gosh, I already have 10 top risks I’m work- ing on. I don’t have time to add an 11th.’ ” Take the existing risks, he says. Prioritize Break them down and prioritize them in an objective fashion. Cut the work down to the most important pieces to do and let risk management reduce both the workload and and cyber-secu- rity IT expenses. Expensive bells whistles, in the form of specialized cy- ber-technology, are often used by companies as a knee-jerk response, Minsky suggests. to poor governance,” Minsky says. “What they need to be business continuity plan, on the existing procedures, and actually putting some risk weighting into them, so they - ■ “Any party or device represents risk, and so every one of them must be included in
  • 23. a monitoring program.” Pamela Passman, CEO, Center for Responsible Enterprise and Trade Copyright of Compliance Week is the property of Wilmington Group plc and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. 66 Industrial Engineer the day We strive for Work Perfect I support the development of evaluations for the performance man- agement and improvement of academic faculty and staff at Javeriana University. This involves factors such as information systems, best practices analysis and case studies. One thing that allows me to do my job is the ability to work in an interdisciplinary professional environment, which recognizes that ev- eryone has something to contribute. I work for a university that
  • 24. has a mission to guide students in all the stages in undergraduate and grad- uate programs, as well as research and extension programs. My job has internal customers that are the key element of the system: professors and academic directors. At Javeriana University, the educational process is based on a rela- tionship between professor and student. Professors have an important role in that relationship, which helps generate the development of con- sulting and extension projects. Javeriana University prepares people who can serve the country and the world at large, and I put my 2 cents in the organization to achieve the strategic objectives. That’s what gives me the most satisfaction. My perfect day begins with the preparation of reports related to performance management. I use MicroStrategy BI and data analysis software such as Minitab. Then, I have meetings with professors to design and implement new improvements on projects to speed up processes. After lunch, I prepare to submit some policies and changes aligned with the last meeting I had with my boss. At the end of the workday, I meet with other people from my team to speak on the prog-
  • 25. ress achieved for the day and prepare ourselves for an increasingly chal- lenging day tomorrow. I want to continue gaining experience in project management and process improvement. I’d also plan to prepare myself for applying to an MBA program in the U.S. or U.K. — Interview by David Brandt Alexander Cardenas Ramos Project management coordinator - professorial affairs Javeriana University Bogotá, Colombia resumé 2014 Project management coordinator - professorial affairs, Javeriana University, Bogotá, Colombia 2013 Entrepreneurship and leadership certificate, University of Texas-Arlington 2013 Business intelligence consultant, LOGYCA-GS1 Colombia 2013 Joined IIE 2012 M.S., industrial engineering, Javeriana University, Bogotá, Colombia 2011 Management analyst, Colsubsidio 2011 B.S., industrial engineering, Javeriana University, Bogotá, Colombia Copyright of Industrial Engineer: IE is the property of Institute of Industrial Engineers and its content may not be copied or emailed to multiple sites or posted
  • 26. to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.