Alex Hutton & Allison Miller review their research and application of threat modeling. This version was presented at SOURCE Barcelona (2010), a previous version was presented at Black Hat.
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
Present your risk assessments to your board of directors in the language they understand - financial loss. "FAIR" or "Factor Analysis of Information Risk" is the quantitative risk analysis methodology that works with common frameworks while adding context for truly effective risk management.
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
Slides from Tony Martin-Vegue's presentation at the ISACA Fall Conference: October 15th, 2014
"How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling"
Abstract:
CISO’s and risk analysts alike often get caught up in checking boxes on a list of control objectives in order to satisfy compliance and regulatory requirements. However, companies that only view risk through a narrow, regulatory or compliance-focused lens have the potential to overlook a myriad of threats that could impact business continuity, customer privacy and security and financial solvency. The last several high-profile data breaches prove that compliance does not equal security.
There are many ways to assess risk in a meaningful, efficient way that drives business value. Many top companies are moving away from control-based and vulnerability-based risk assessments and are instead putting themselves in the shoes of an attacker. In order to keep up with the rapidly evolving world of cyber criminals and crime rings, organizations are learning to utilize threat intelligence to ascertain the methods, goals, and objectives of threat agents that are targeting their firm or similar firms in their sector. This helps an organization produce focused risk assessments that take a business-centric approach.
This is a beginner to intermediate-level presentation designed to provide an introduction to threat modeling, a primer on threat modeling techniques, ways to integrate threat modeling into risk management frameworks (such as FAIR and NIST), and how to build a library of threat agents specific to one’s firm. Attendees will learn hands-on techniques to perform threat modeling that they will be able to immediately integrate into their risk assessment processes.
2012.12 Games We Play: Defenses & DisincentivesAllison Miller
This document provides an overview of game theory concepts and how they can be applied to information security issues. It discusses how security situations can be framed as games with defensive and offensive players making strategic decisions based on potential costs and benefits. Examples of typical game theory models are explained like the Prisoner's Dilemma. The document also notes that real-world behavior may not always match rational models, and that understanding human biases is important for developing effective defense strategies. Overall, it argues that risk management involves managing decisions in a game-like framework where outcomes depend on the choices of multiple players.
2013.05 Games We Play: Payoffs & Chaos MonkeysAllison Miller
Expansion on application of game theory & behavioral analytics to information security and risk management. New concepts include some ideas from coalitional game theory, i.e. not just individual actors but teams.
Boomtime: Risk as Economics (Allison Miller, SiRAcon15)Allison Miller
When we talk about Risk, and Information Risk as it applies to InfoSec specifically, we often focus on issues of statistics: data, measurement, and our favorite friend: uncertainty. In this talk we’ll look at models and concepts from economics that can augment our thinking, as we move from positive (i.e. primarily descriptive, “how things are”) to normative (i.e. driving policy , “how things should be”) research within the world of risk.
Volatile Memory: Behavioral Game Theory in Defensive SecurityKelly Shortridge
This presentation will explore some of the teachings from the young field of behavioral game theory, which empirically measures how humans behave in games, as an improvement upon prior discussions involving traditional Game Theory models in which humans are considered perfectly rational. I will use behavioral game theory to examine how people’s natural cognitive biases lead to sub-optimal behavior in their decision-making processes in adversarial games – and specifically processes related to playing defense in the information security “game.”
I will detail various sorts of games in which this sub-optimal performance manifests, how humans cognitively approach these games and touch on some of the algorithms, such as self-tuning EWAs, that help predict how people will behave in certain defender-attacker-defender (DAD) games. Finally, I will explore what sort of strategies and counter-measures can be implemented to improve defense’s performance in DAD games, incorporating techniques such as belief prompting, improved incorporation of information and decision trees.
The document discusses threat modeling and risk management. It introduces VERIS, an open framework developed by Verizon for categorizing cyber security incidents. VERIS breaks incidents down into metrics including demographics, a classification of the incident using an "A3" model of agents, actions and assets, details on discovery and mitigation, and impact classification including estimated losses. VERIS aims to enable pattern matching across incidents to better understand behaviors and risks. The presentation argues that a data-driven, behavioral approach is needed for effective risk management of complex adaptive systems.
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
Present your risk assessments to your board of directors in the language they understand - financial loss. "FAIR" or "Factor Analysis of Information Risk" is the quantitative risk analysis methodology that works with common frameworks while adding context for truly effective risk management.
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
Slides from Tony Martin-Vegue's presentation at the ISACA Fall Conference: October 15th, 2014
"How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling"
Abstract:
CISO’s and risk analysts alike often get caught up in checking boxes on a list of control objectives in order to satisfy compliance and regulatory requirements. However, companies that only view risk through a narrow, regulatory or compliance-focused lens have the potential to overlook a myriad of threats that could impact business continuity, customer privacy and security and financial solvency. The last several high-profile data breaches prove that compliance does not equal security.
There are many ways to assess risk in a meaningful, efficient way that drives business value. Many top companies are moving away from control-based and vulnerability-based risk assessments and are instead putting themselves in the shoes of an attacker. In order to keep up with the rapidly evolving world of cyber criminals and crime rings, organizations are learning to utilize threat intelligence to ascertain the methods, goals, and objectives of threat agents that are targeting their firm or similar firms in their sector. This helps an organization produce focused risk assessments that take a business-centric approach.
This is a beginner to intermediate-level presentation designed to provide an introduction to threat modeling, a primer on threat modeling techniques, ways to integrate threat modeling into risk management frameworks (such as FAIR and NIST), and how to build a library of threat agents specific to one’s firm. Attendees will learn hands-on techniques to perform threat modeling that they will be able to immediately integrate into their risk assessment processes.
2012.12 Games We Play: Defenses & DisincentivesAllison Miller
This document provides an overview of game theory concepts and how they can be applied to information security issues. It discusses how security situations can be framed as games with defensive and offensive players making strategic decisions based on potential costs and benefits. Examples of typical game theory models are explained like the Prisoner's Dilemma. The document also notes that real-world behavior may not always match rational models, and that understanding human biases is important for developing effective defense strategies. Overall, it argues that risk management involves managing decisions in a game-like framework where outcomes depend on the choices of multiple players.
2013.05 Games We Play: Payoffs & Chaos MonkeysAllison Miller
Expansion on application of game theory & behavioral analytics to information security and risk management. New concepts include some ideas from coalitional game theory, i.e. not just individual actors but teams.
Boomtime: Risk as Economics (Allison Miller, SiRAcon15)Allison Miller
When we talk about Risk, and Information Risk as it applies to InfoSec specifically, we often focus on issues of statistics: data, measurement, and our favorite friend: uncertainty. In this talk we’ll look at models and concepts from economics that can augment our thinking, as we move from positive (i.e. primarily descriptive, “how things are”) to normative (i.e. driving policy , “how things should be”) research within the world of risk.
Volatile Memory: Behavioral Game Theory in Defensive SecurityKelly Shortridge
This presentation will explore some of the teachings from the young field of behavioral game theory, which empirically measures how humans behave in games, as an improvement upon prior discussions involving traditional Game Theory models in which humans are considered perfectly rational. I will use behavioral game theory to examine how people’s natural cognitive biases lead to sub-optimal behavior in their decision-making processes in adversarial games – and specifically processes related to playing defense in the information security “game.”
I will detail various sorts of games in which this sub-optimal performance manifests, how humans cognitively approach these games and touch on some of the algorithms, such as self-tuning EWAs, that help predict how people will behave in certain defender-attacker-defender (DAD) games. Finally, I will explore what sort of strategies and counter-measures can be implemented to improve defense’s performance in DAD games, incorporating techniques such as belief prompting, improved incorporation of information and decision trees.
The document discusses threat modeling and risk management. It introduces VERIS, an open framework developed by Verizon for categorizing cyber security incidents. VERIS breaks incidents down into metrics including demographics, a classification of the incident using an "A3" model of agents, actions and assets, details on discovery and mitigation, and impact classification including estimated losses. VERIS aims to enable pattern matching across incidents to better understand behaviors and risks. The presentation argues that a data-driven, behavioral approach is needed for effective risk management of complex adaptive systems.
In this presentation, Joe and Brian contrast traditional risk assessment with some emerging techniques that use internal and market risk event (incident) data to drive a more accurate risk model.
Presentation by:
Joe Crampton, VP – Applications, Resolver Inc.
Brian Link, CIA, VP – GRC Strategy & Partnerships, Resolver Inc.
This document provides an overview of key concepts related to risk management, including definitions of risk, vulnerability, probability, and impact. It discusses approaches to assessing risk such as quantifying probability and impact, analyzing threats and vulnerabilities, and measuring the effectiveness of security controls. The document is authored by Phillip Banks and copyrighted by The Banks Group Inc., which provides risk consulting and security services. It references numerous standards and guidelines for risk and security management.
This presentation template enables incident responders to easily report on the status, nature, and scope of a security incident to management. It includes modules for identification, containment, eradication, recovery, and lessons learned. Each module provides high-level descriptions and overviews to keep management informed during and after the incident response process. The template is modular so it can be tailored to specific incidents and broken into multiple sessions if needed.
The document discusses evidence-based risk management and the VERIS framework. It explains that VERIS provides a common language for describing security incidents in a structured way. Incidents are broken down into a series of events involving an agent, action, asset, and attribute. This data can then be used to better understand risk, make data-driven decisions, and identify optimal controls. The goal is to move from random observations to formal modeling and evidence-based management.
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
The document provides an overview of cybersecurity frameworks, fundamentals, and foundations. It discusses common cybersecurity terms like frameworks, controls, and standards. It also examines drivers for cybersecurity like laws, compliance, audits and data privacy. Key areas covered include asset inventory, risk assessment, threat modeling, security controls, frameworks like NIST CSF, and the importance of people/human factors. The document aims to help organizations strengthen their cybersecurity posture and navigation the complex landscape of improving security.
This report is built upon analysis of 41,686 security incidents, of which 2,013 were confirmed data breaches. We will take a look at how results are changing (or not) over the years as well as digging into the overall threat landscape and the actors, actions, and assets that are present in breaches. Windows into the most common pairs of threat actions and affected assets also are provided.
Nick Leghorn presents on risk analysis for IT professionals. He discusses key concepts like defining risk, scoping a risk assessment, calculating probabilities, and using frameworks like CARVER to evaluate targets and risks. The presentation emphasizes imagining what could happen, quantifying likelihoods and impacts, and using the results to inform cost-effective recommendations to manage risks.
Nick Leghorn presents on risk analysis for IT professionals. He discusses key concepts like defining risk, scope, probability calculations, and the risk equation. Methods for analyzing risk include simple and probabilistic charts, and annualized loss expectancy. Factor-based models can provide quick assessments using scales to evaluate factors like criticality, accessibility, and effects. Cost-benefit analysis should be used to evaluate options and their impacts on future risk. The goal is to understand potential threats and losses in order to cost-effectively mitigate risks.
The document discusses quantifying the risks of an e-commerce website for an insurance company. It describes modeling different risk scenarios like hardware failures, software issues, hacking or denial of service attacks. The modeling was done using stochastic testing and Monte Carlo simulations to estimate potential losses. This allowed the company to better understand the risks and pricing of insuring an e-commerce site.
Chinatu Uzuegbu is a managing cyber security consultant with over 20 years of experience in IT and 10 years in cyber security. She holds numerous cyber security certifications and has advised organizations on proactively combating cyber crimes. She recommends identifying information assets, classifying them by value through impact analysis, understanding multi-layered security concepts like the CIA triad and security controls, performing risk analysis to determine ideal controls, and maintaining security baselines in line with standards to remain resilient against threats.
Wade Baker from the Verizon RISK Team gave this presentation at the NESCO Town Hall in May 30-31 in New Orleans, LA. Wade discussed various aspects related to sharing incident information, threat agents along with a great explanation as to what evidence-based Risk management is and looks like.
Deep Learning based Threat / Intrusion detection systemAffine Analytics
The document describes a proposed intrusion/threat detection system with the following key components:
1. A feature engineering module to extract relevant features from organizational data like employee information and online activities.
2. A text processing and topic modeling module to analyze communications data and identify confidential information.
3. An internal threat detection system using deep learning to detect threats in real-time with a risk score and predefined response policies.
4. An external threat detection system using signatures and anomaly detection to enforce actions against external threats.
The document provides an introduction to the VERIS framework for gathering risk management information from security incidents. It describes VERIS as an open and free set of metrics that provides a common language for describing security incidents in a structured and repeatable manner. It explains that VERIS can be used to collect and share anonymous case data for analysis. It also provides an overview of how VERIS works, including translating a narrative incident description into the VERIS taxonomy of attributes.
Cyber Security.
Watch my videos on snack here: --> --> http://sck.io/x-B1f0Iy
@ Kindly Follow my Instagram Page to discuss about your mental health problems-
-----> https://instagram.com/mentality_streak?utm_medium=copy_link
@ Appreciate my work:
-----> behance.net/burhanahmed1
Thank-you !
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
Cybersecurity risk assessments help organizations identify, manage and mitigate all forms of cyber risk. It is a critical component of any comprehensive data protection strategy.
OSB50: Operational Security: State of the UnionIvanti
The document discusses operational security and the state of cyber threats. It provides an overview of key trends including less control over data and devices, more complex networks, the rise of insecure internet of things devices, and the need for security to balance risk mitigation and enable business opportunities. Survey results show that security tasks are often split between IT and security teams. The document argues that organizations need to take a risk-based approach to security centered around understanding inherent risks, how assets could be compromised, and ensuring effective controls are in place. It also discusses challenges to achieving effective security.
[Hungary] I play Jack of Information DisclosureOWASP EEE
The document describes how to conduct threat modeling using playing cards. It defines a threat as any circumstance or event with the potential to adversely impact an asset. It discusses guidelines for threat modeling, including considering the target audience, purpose and scope. It then provides an example of using playing cards to gamify the threat modeling process for a vulnerable web application. The steps involve identifying security objectives, surveying the application, decomposing it, identifying threats, documenting threats and rating threats. Various suits and ranks in a deck of cards represent different threats and risk levels.
Something Wicked: Defensible Social Architecture in the context of Big Data, Behavioral Econ, Bot Hives, and Bad Actors. BSides Las Vegas 2017 keynote presentation from Allison Miller (@selenakyle)
Effective risk management in large, user-facing systems (like platforms) requires strategic and effective use of data. Typically we discuss data in the context of behavioral analysis within the systems, where it is used to better profile threats and vulnerabilities. In this talk we will discuss how data-driven controls are incorporated into the systems themselves, and typical areas where risk managers will need to focus their attention and algorithms in the future: defenses, dev/ops, & devices. We will explore what this means for risk control designers working on closed systems versus open systems, and also review proper care and feeding of algorithms.
More Related Content
Similar to 2010.08 Applied Threat Modeling: Live (Hutton/Miller)
In this presentation, Joe and Brian contrast traditional risk assessment with some emerging techniques that use internal and market risk event (incident) data to drive a more accurate risk model.
Presentation by:
Joe Crampton, VP – Applications, Resolver Inc.
Brian Link, CIA, VP – GRC Strategy & Partnerships, Resolver Inc.
This document provides an overview of key concepts related to risk management, including definitions of risk, vulnerability, probability, and impact. It discusses approaches to assessing risk such as quantifying probability and impact, analyzing threats and vulnerabilities, and measuring the effectiveness of security controls. The document is authored by Phillip Banks and copyrighted by The Banks Group Inc., which provides risk consulting and security services. It references numerous standards and guidelines for risk and security management.
This presentation template enables incident responders to easily report on the status, nature, and scope of a security incident to management. It includes modules for identification, containment, eradication, recovery, and lessons learned. Each module provides high-level descriptions and overviews to keep management informed during and after the incident response process. The template is modular so it can be tailored to specific incidents and broken into multiple sessions if needed.
The document discusses evidence-based risk management and the VERIS framework. It explains that VERIS provides a common language for describing security incidents in a structured way. Incidents are broken down into a series of events involving an agent, action, asset, and attribute. This data can then be used to better understand risk, make data-driven decisions, and identify optimal controls. The goal is to move from random observations to formal modeling and evidence-based management.
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
The document provides an overview of cybersecurity frameworks, fundamentals, and foundations. It discusses common cybersecurity terms like frameworks, controls, and standards. It also examines drivers for cybersecurity like laws, compliance, audits and data privacy. Key areas covered include asset inventory, risk assessment, threat modeling, security controls, frameworks like NIST CSF, and the importance of people/human factors. The document aims to help organizations strengthen their cybersecurity posture and navigation the complex landscape of improving security.
This report is built upon analysis of 41,686 security incidents, of which 2,013 were confirmed data breaches. We will take a look at how results are changing (or not) over the years as well as digging into the overall threat landscape and the actors, actions, and assets that are present in breaches. Windows into the most common pairs of threat actions and affected assets also are provided.
Nick Leghorn presents on risk analysis for IT professionals. He discusses key concepts like defining risk, scoping a risk assessment, calculating probabilities, and using frameworks like CARVER to evaluate targets and risks. The presentation emphasizes imagining what could happen, quantifying likelihoods and impacts, and using the results to inform cost-effective recommendations to manage risks.
Nick Leghorn presents on risk analysis for IT professionals. He discusses key concepts like defining risk, scope, probability calculations, and the risk equation. Methods for analyzing risk include simple and probabilistic charts, and annualized loss expectancy. Factor-based models can provide quick assessments using scales to evaluate factors like criticality, accessibility, and effects. Cost-benefit analysis should be used to evaluate options and their impacts on future risk. The goal is to understand potential threats and losses in order to cost-effectively mitigate risks.
The document discusses quantifying the risks of an e-commerce website for an insurance company. It describes modeling different risk scenarios like hardware failures, software issues, hacking or denial of service attacks. The modeling was done using stochastic testing and Monte Carlo simulations to estimate potential losses. This allowed the company to better understand the risks and pricing of insuring an e-commerce site.
Chinatu Uzuegbu is a managing cyber security consultant with over 20 years of experience in IT and 10 years in cyber security. She holds numerous cyber security certifications and has advised organizations on proactively combating cyber crimes. She recommends identifying information assets, classifying them by value through impact analysis, understanding multi-layered security concepts like the CIA triad and security controls, performing risk analysis to determine ideal controls, and maintaining security baselines in line with standards to remain resilient against threats.
Wade Baker from the Verizon RISK Team gave this presentation at the NESCO Town Hall in May 30-31 in New Orleans, LA. Wade discussed various aspects related to sharing incident information, threat agents along with a great explanation as to what evidence-based Risk management is and looks like.
Deep Learning based Threat / Intrusion detection systemAffine Analytics
The document describes a proposed intrusion/threat detection system with the following key components:
1. A feature engineering module to extract relevant features from organizational data like employee information and online activities.
2. A text processing and topic modeling module to analyze communications data and identify confidential information.
3. An internal threat detection system using deep learning to detect threats in real-time with a risk score and predefined response policies.
4. An external threat detection system using signatures and anomaly detection to enforce actions against external threats.
The document provides an introduction to the VERIS framework for gathering risk management information from security incidents. It describes VERIS as an open and free set of metrics that provides a common language for describing security incidents in a structured and repeatable manner. It explains that VERIS can be used to collect and share anonymous case data for analysis. It also provides an overview of how VERIS works, including translating a narrative incident description into the VERIS taxonomy of attributes.
Cyber Security.
Watch my videos on snack here: --> --> http://sck.io/x-B1f0Iy
@ Kindly Follow my Instagram Page to discuss about your mental health problems-
-----> https://instagram.com/mentality_streak?utm_medium=copy_link
@ Appreciate my work:
-----> behance.net/burhanahmed1
Thank-you !
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
Cybersecurity risk assessments help organizations identify, manage and mitigate all forms of cyber risk. It is a critical component of any comprehensive data protection strategy.
OSB50: Operational Security: State of the UnionIvanti
The document discusses operational security and the state of cyber threats. It provides an overview of key trends including less control over data and devices, more complex networks, the rise of insecure internet of things devices, and the need for security to balance risk mitigation and enable business opportunities. Survey results show that security tasks are often split between IT and security teams. The document argues that organizations need to take a risk-based approach to security centered around understanding inherent risks, how assets could be compromised, and ensuring effective controls are in place. It also discusses challenges to achieving effective security.
[Hungary] I play Jack of Information DisclosureOWASP EEE
The document describes how to conduct threat modeling using playing cards. It defines a threat as any circumstance or event with the potential to adversely impact an asset. It discusses guidelines for threat modeling, including considering the target audience, purpose and scope. It then provides an example of using playing cards to gamify the threat modeling process for a vulnerable web application. The steps involve identifying security objectives, surveying the application, decomposing it, identifying threats, documenting threats and rating threats. Various suits and ranks in a deck of cards represent different threats and risk levels.
Similar to 2010.08 Applied Threat Modeling: Live (Hutton/Miller) (20)
Something Wicked: Defensible Social Architecture in the context of Big Data, Behavioral Econ, Bot Hives, and Bad Actors. BSides Las Vegas 2017 keynote presentation from Allison Miller (@selenakyle)
Effective risk management in large, user-facing systems (like platforms) requires strategic and effective use of data. Typically we discuss data in the context of behavioral analysis within the systems, where it is used to better profile threats and vulnerabilities. In this talk we will discuss how data-driven controls are incorporated into the systems themselves, and typical areas where risk managers will need to focus their attention and algorithms in the future: defenses, dev/ops, & devices. We will explore what this means for risk control designers working on closed systems versus open systems, and also review proper care and feeding of algorithms.
Defending Debit: A Historical Study of the Indirect Effects of the Durbin Amendment on Investment in Debit Card Security. More specifically, the bserved effects of interchange (revenue) price caps on (branded) Debit card issuer risk/fraud/loss tolerances and cost sensitivity. Brief slides in support of the paper as presented to WEIS (Workshop on the Economics of Information Security), held at Penn State in June 2014. (http://weis2014.econinfosec.org/papers/Miller-WEIS2014.pdf)
Discusses how new approaches to managing business risk and software services (like Dev Ops and Platform Engineering/Management) can draw from their forefather concepts: Operations Management and Decision Science.
This document discusses various methods for measuring criminal and illicit activities that cannot be directly observed, such as fraud, cash movement, and cybercrimes. It provides examples of direct measurement techniques including surveys and samples, as well as indirect methods like accounting gaps and system statistics. Specific measurement approaches are examined for crimes like fraud, cash usage, and cybercrimes including spam, botnets, and malware. The document advocates testing simple metrics and aggregating existing data to better estimate underground and illicit activities.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Trusted Execution Environment for Decentralized Process MiningLucaBarbaro3
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
1. Threat Modeling
Alex Hutton
Principal, Risk & Intelligence - Verizon
Business
http://securityblog.verizonbusiness.com
http://www.newschoolsecurity.com
Society of Information Risk Analysts
http://societyinforisk.org/
@alexhutton on the twitter
LIVE
Allison Miller
Group Manager, Account Risk & Security -
PayPal
2. what is this presentation about?
- new way to look at risk management via
data and threat modeling
5. Managing risk means aligning
the capabilities of the
organization, and the exposure
of the organization with the
tolerance of the data owners
- Jack Jones
6. Managing risk means aligning
the capabilities of the
organization, control, influence
over outcome
and the exposure
of the organization with the
tolerance of the data owners
threats manifest
as loss of assets
how much
can you
afford to
lose?
12. Evolution strongly favors
strategies that minimize the
risk of loss, rather than which
maximize the chance of gain.
Len Fisher
Rock, Paper, Scissors: Game Theory in Everyday Life
13. system models are
different from maps,
they include dynamics
and boundaries
35. Complex Adaptive
Systems:
You can’t make
point probabilities
(sorry ALE) you can
only work with
patterns of
information
36. How Complex Systems Fail
(Being a Short Treatise on the Nature of Failure; How Failure
is Evaluated; How Failure is Attributed to Proximate Cause;
and the Resulting New Understanding of Patient Safety)
Richard I. Cook, MD
Cognitive technologies Laboratory
University of Chicago
http://www.ctlab.org/documents/How
%20Complex%20Systems
%20Fail.pdf
37. Because we’re dealing with
Complex Adaptive Systems
engineering risk statements = bankrupt
(sorry GRC)
39. Complex Systems Create a business process
Process is a collection of system interaction
(system behavior)
Process has human interaction
(human behavior)
47. What is the Verizon Incident Sharing (VERIS)
Framework?
-A means to create metrics
from the incident narrative
- how Verizon creates measurements for the
DBIR
- how *anyone* can create measurements from
an incident
- https://verisframework.wiki.zoho.com
48. What makes up the VERIS framework?
+ $ $ $
demographics incident classification (a4)
discovery
& mitigation impact classification
1 > 2 > 3 > 4
information about
the
organization;
including
their size, location,
industry, & security
budget (implied)
information about
the
attack (traditional
threat model);
including (meta)
data
about agent, action,
asset, & security
attribute (C/I/A)
information about
incident
discovery,
probable
mitigating
controls, and
rough state of
security
management.
information about
impact
categorization (a
la’ FAIR & ISO
27005), aggregate
estimate of loss
(in $), & qualitative
description of
damage.
49. 49
The Incident Classification section employs Verizon’s
A4 event model
A security incident (or threat
scenario) is modeled as a series of
events. Every event is comprised of
the following 4 A’s:
Agent: Whose actions affected
the asset
Action: What actions affected the
asset
Asset: Which assets were
affected
Attribute: How the asset was
affected
chain of events>
Incident as a 1 > 2 > 3 > 4 > 5
56. in VERIS we see THREE events.
1 > 2 > 3
phishing
malware infection
credential theft
57. in VERIS we see THREE events.
1 > 2 > 3
phishing
malware infection
credential exfiltration
in addition we can describe
FOUR fraud events
58. from the initial narrative, we now have a threat
event model with SEVEN objects
1 > 2 > 3 > 4 > 5 > 6 > 7
59. from the initial narrative, we now have a threat
event model with SEVEN objects
1 > 2 > 3 > 4 > 5 > 6 > 7
1
> AGENT: external, organized crime,
eastern europe
ACTION: social, type: phishing,
channel: email, target: end-user
ASSET: human, type: end-user
ATTRIBUTE: integrity
60. from the initial narrative, we now have a threat
event model with SEVEN objects
1 > 2 > 3 > 4 > 5 > 6 > 7
2
> AGENT: external, organized crime,
eastern europe
ACTION: malware, type: install additional malware
or software
ASSET: end-user device; type: desktop
(more meta-data possible)
ATTRIBUTE: integrity
61. from the initial narrative, we now have a threat
event model with SEVEN objects
1 > 2 > 3 > 4 > 5 > 6 > 7
3
> AGENT: external, organized crime,
eastern europe
ACTION: malware, type: harvest
system information
ASSET: end-user device, type:
desktop (more meta-data
possible)
ATTRIBUTE: integrity,
confidentiality
62. from the initial narrative, we now have a threat
event model with SEVEN objects
1 > 2 > 3 > 4 > 5 > 6 > 7
4
> AGENT: external, organized crime,
eastern europe
ACTION: impersonation
63. from the initial narrative, we now have a threat
event model with SEVEN objects
1 > 2 > 3 > 4 > 5 > 6 > 7
5
> AGENT: external, organized crime,
eastern europe
ACTION: impersonated
transaction
64. from the initial narrative, we now have a threat
event model with SEVEN objects
1 > 2 > 3 > 4 > 5 > 6 > 7
6
> AGENT: external, organized crime,
eastern europe
ACTION: Buy goods or transfer
funds
65. from the initial narrative, we now have a threat
event model with SEVEN objects
1 > 2 > 3 > 4 > 5 > 6 > 7
7
> AGENT: external, organized crime,
eastern europe
ACTION: Goods/Funds extraction
66. we can study the event model to understand
control opportunities
1 > 2 > 3 > 4 > 5 > 6 > 7
end user could have made better choices
67. we can study the event model to understand
control opportunities
1 > 2 > 3 > 4 > 5 > 6 > 7
Wouldn’t it be nice if
end users had desktop
DLP?
68. we can study the event model to understand
control opportunities
1 > 2 > 3 > 4 > 5 > 6 > 7
Why is Mrs. Francis Neely, 68 years
of age from Lexington, KY suddenly
purchasing items from European
websites to be shipped to Asia???
70. if patterns can be defined, they
can be stored for later use.
demograp incident discover impact
1> 2> 3> 4> 5 + $ $ $
1 2 + $ $ $
> > > 4> 5
1> 2> 3> 3
4> 5 + $ $ $
1> 2> 3> 4> 5 + $ $ $
1> 2> 3> 4> 5 + $ $ $
1> 2> 3> 4> 5 + $ $ $
a
b
c
d
e
f
3
71. if they can be stored for later use,
they can be used to Detect,
Respond, and Prevent.
demographic incident classification (a4) discovery impact
1> 2> 3> 4> 5 + $ $ $
1 2 + $ $ $
> > > 4> 5
1> 2> 3> 3
4> 5 + $ $ $
1> 2> 3> 4> 5 + $ $ $
1> 2> 3> 4> 5 + $ $ $
1> 2> 3> 4> 5 + $ $ $
a
b
c
d
e
f
3