This presentation delivered on March 10, 2011 described how to develop a social media policy, the elements and policy statements to include in a comprehensive policy, and other considerations for managing social media.
This workshop delivered July 20, 2011 at FOSE 2011 described the elements of a social media governance framework, identified structural and policy statements to include in the social media policy, and describes strategies for capturing and managing social media-generated content as records.
Intralinks Ponemon Research Report | Breaking Bad: The Risk of Unsecure File...Melissa Luongo
Data leakage and loss from negligent file sharing and information collaboration practices is becoming just as significant a risk as data theft.
Just like malicious threats from hackers and others, data leakage through the routine and insecure sharing of information is a major threat to many organizations. Being able to securely share valuable corporate data is a critical requirement for all organizations, but especially regulated companies like financial services and life sciences firms.
Many companies have few provisions in place – process, governance, and technology – to adequately protect data. Yet, more and more sensitive information is being shared outside the organization, often without the knowledge or approval of CIOs or GRC professionals who are arguably losing control. Employees are ‘behaving badly’ – they acknowledge risky behavior and in turn experience the consequences of risky behavior regularly.
For the first time, the study Breaking Bad: The Risk of Unsecure File Sharing explores the link between organizational and individual behavior when using increasingly popular file sync-and- share solutions. As shown in this research, organizations are not responding to the risk of ungoverned files-sharing practices among employees as well as with external parties, such as business partners, contractors, vendors and other stakeholders.
Consumer grade file-sharing cloud applications are popular with both employees and organizations because they make it possible for busy professionals to work efficiently together. However, the findings in this report identify the holes in document and file level security in part caused by their expanded use. The goal is to provide solutions to reduce the risk of created by employees’ document and file sharing practices.
More than 1,000 IT and IT security practitioners were surveyed in the United States, United Kingdom and Germany. The majority of respondents are at the supervisor level or above with expertise and understanding of their organization’s use of file-sharing solutions and overall information security and data privacy policies and strategies.
Email policies tools to govern usage, access and etiquette it-toolkitsIT-Toolkits.org
Email is a fast, easy and readily accessible means of business communication. It has changed the way we communicate. These are the obvious rewards – but they are also the basis of every risk. Whenever email content is ill-advised, inappropriate, or even gets into the wrong hands, negative consequences can follow, including legal liability, regulatory penalties, confidentiality breaches, damage to corporate reputation, public embarrassment, internal conflicts, and all the related losses in productivity and performance that these circumstances can cause. Further, data loss and damage to technology assets can be realized through the transmission of malicious code, spam and computer viruses.
Web and Social Media Archiving: A Growing Necessity For the Financial IndustryPageFreezer
Financial firms, investment advisors, and others in the financial industry must employ good retention practices to remain compliant with rules from FINRA, SEC, and other regulators. The emerging solution to retaining perfect copies of online activity is web archiving. Social media should be archived too! This paper examines the necessity and benefits of archiving, and presents effective solutions.
ORX Head of Risk Information, Steve Bishop was pleased to present at a Cyber Risk Workshop in Charlotte, North Carolina in March 2019, hosted by the Federal Reserve Bank of Richmond. Steve presented on our current initiative to bring together financial institutions to improve the identification and classification of cyber risk, and this is his presentation. This event, attended by representatives from the financial services industry, regulators, industry bodies and academics, is the first of a series of industry events supporting efforts to harmonise approaches to cyber risk identification and assessment. For more information about this event, visit: http://bit.ly/2U7DCd9
This workshop delivered July 20, 2011 at FOSE 2011 described the elements of a social media governance framework, identified structural and policy statements to include in the social media policy, and describes strategies for capturing and managing social media-generated content as records.
Intralinks Ponemon Research Report | Breaking Bad: The Risk of Unsecure File...Melissa Luongo
Data leakage and loss from negligent file sharing and information collaboration practices is becoming just as significant a risk as data theft.
Just like malicious threats from hackers and others, data leakage through the routine and insecure sharing of information is a major threat to many organizations. Being able to securely share valuable corporate data is a critical requirement for all organizations, but especially regulated companies like financial services and life sciences firms.
Many companies have few provisions in place – process, governance, and technology – to adequately protect data. Yet, more and more sensitive information is being shared outside the organization, often without the knowledge or approval of CIOs or GRC professionals who are arguably losing control. Employees are ‘behaving badly’ – they acknowledge risky behavior and in turn experience the consequences of risky behavior regularly.
For the first time, the study Breaking Bad: The Risk of Unsecure File Sharing explores the link between organizational and individual behavior when using increasingly popular file sync-and- share solutions. As shown in this research, organizations are not responding to the risk of ungoverned files-sharing practices among employees as well as with external parties, such as business partners, contractors, vendors and other stakeholders.
Consumer grade file-sharing cloud applications are popular with both employees and organizations because they make it possible for busy professionals to work efficiently together. However, the findings in this report identify the holes in document and file level security in part caused by their expanded use. The goal is to provide solutions to reduce the risk of created by employees’ document and file sharing practices.
More than 1,000 IT and IT security practitioners were surveyed in the United States, United Kingdom and Germany. The majority of respondents are at the supervisor level or above with expertise and understanding of their organization’s use of file-sharing solutions and overall information security and data privacy policies and strategies.
Email policies tools to govern usage, access and etiquette it-toolkitsIT-Toolkits.org
Email is a fast, easy and readily accessible means of business communication. It has changed the way we communicate. These are the obvious rewards – but they are also the basis of every risk. Whenever email content is ill-advised, inappropriate, or even gets into the wrong hands, negative consequences can follow, including legal liability, regulatory penalties, confidentiality breaches, damage to corporate reputation, public embarrassment, internal conflicts, and all the related losses in productivity and performance that these circumstances can cause. Further, data loss and damage to technology assets can be realized through the transmission of malicious code, spam and computer viruses.
Web and Social Media Archiving: A Growing Necessity For the Financial IndustryPageFreezer
Financial firms, investment advisors, and others in the financial industry must employ good retention practices to remain compliant with rules from FINRA, SEC, and other regulators. The emerging solution to retaining perfect copies of online activity is web archiving. Social media should be archived too! This paper examines the necessity and benefits of archiving, and presents effective solutions.
ORX Head of Risk Information, Steve Bishop was pleased to present at a Cyber Risk Workshop in Charlotte, North Carolina in March 2019, hosted by the Federal Reserve Bank of Richmond. Steve presented on our current initiative to bring together financial institutions to improve the identification and classification of cyber risk, and this is his presentation. This event, attended by representatives from the financial services industry, regulators, industry bodies and academics, is the first of a series of industry events supporting efforts to harmonise approaches to cyber risk identification and assessment. For more information about this event, visit: http://bit.ly/2U7DCd9
Presentation at the ALA National Conference in Chicago, July 2009. Covers strategies for advancing your career in academic librarianship. Final slide includes links to speakers notes posted elsewhere.
Insignia Communications has recently hosted a webinar discussing the new threats of social media and the potential impact they can have on crisis management planning, crisis communication training and crisis handling. View the presentation to learn the latest insights or visit our website to listen to the webinar recording "How to prepare for a social media crisis" http://insigniacomms.com/resource/videos/
http://inarocket.com
Learn BEM fundamentals as fast as possible. What is BEM (Block, element, modifier), BEM syntax, how it works with a real example, etc.
Content personalisation is becoming more prevalent. A site, it's content and/or it's products, change dynamically according to the specific needs of the user. SEO needs to ensure we do not fall behind of this trend.
20110110 ARMA Dallas Managing Web 2.0 Records: Facebook, Twitter and Everythi...Jesse Wilkins
This presentation introduced enterprise use cases for social media, described the difference between commercial and enterprise social technologies, and provided specific steps to take to manage social content as records.
The presentation delivered to the ARMA Dallas Chapter by Jesse Wilkins, AIIM Director, Systems of Engagement. The presentation looks at methods of managing web 2.0 records, such as Facebook, Twitter and everything in between.
This presentation from the 2011 NARA E-Records Forum in Austin provided guidance on how to manage social business content as part of a records program.
A Research Project PresentationOnline Policies for Enabling Fi.docxmakdul
A Research Project Presentation
Online Policies for Enabling Financial Companies to Manage Privacy Issues
NAME:
Course:
1
Introduction
Companies in the financial sector handle data that are priority for hackers.
Organizations invest in vast technologies for protecting the data from unauthorized access.
However, they do not adequately invest in behavioral measures for safeguarding the data.
Companies in the financial sector face numerous attempts by the cybercriminals who target stealing data stored in the systems. The corporations handle confidential data that could be used for committing crimes, such as impersonation and illegal transfer of money (Noor & Hassan, 2019). It is a major concern whether financial institutions have effective policies that ensure the data are properly secured from both internal and external threats. Financial companies, especially those that spread across the country have always focused on investing in technologies that promote the privacy of the data and the systems. They are deploying technologies, such as cloud computing, which promote the privacy of the data. Also, they use Bcrypt technologies to encrypt data via algorithms that will take hackers decades to decrypt a single password. Though they invest in such technologies that cost millions of dollars, there are questions whether they invest in behavioral measures to protect the data systems (Noor & Hassan, 2019). Such measures require the use of online policies that will ensure that internal and the external users can adhere to best practices that make them less vulnerable to attacks, especially the social engineering attacks that target unsuspecting users.
2
Literature Review
Financial companies have implemented policies for promoting desirable user behaviors.
They provide guidelines on how to use the networks.
They do not require the users to follow strict rules, which indicates the inefficiency of the policies.
Financial companies have implemented policies on how customers access their data remotely. Such policies outline the standards that customers must follow such as the multi-factor authentication, which aims at ensuring that no unauthorized users access the data (Suchitra &Vandana, 2016). The policies are communicated to the customers when they provide their data. It is an effective approach that mainly ensures that customer must follow certain guidelines that promote the overall security of the data. However, Timothy Toohey (2014) questions whether the policies apply to the side of the users who are very likely to exhibit behaviors that expose data to threats. For instance, the customers may use devices that have weak antimalware tools. Such devices create an avenue that a hacker can use and access the system.
3
Research Method
The researcher will employ a case-study design.
It means that the researcher will focus on individual cases and analyze them.
Interviews and observation will be the primary tools of data.
The da.
20110427 ARMA Houston Keynote Records Management 2.0Jesse Wilkins
This luncheon keynote at the ARMA Houston Spring Seminar introduced Web 2.0 concepts and issues and provided attendees with specific steps for managing social content as part of the records program.
Use of the COBIT Security Baseline as a framework for an information
security program at a large state agency. Presented at the 2005 MN Govt IT
Symposium.
This presentation explains Information Governance. Learn what it takes to improve the value of information, manage information risks, and reduce information costs.
Harrisburg UniversityISEM 547 IT PolicyOb.docxshericehewat
Harrisburg University
ISEM 547
IT Policy
Objectives
Why Policy?
Policy, Procedures, Guidelines
Writing IT Policy (Best Practices)
IT Policy Management
2
IT Policy
3
What is Policy, Procedures, Guidelines & Standards ?
Policy: are principles, rules, and protocols formulated or adopted by an organization to govern its actions.
The requirements outlined in policies, are used to control and guide important organizational decisions (e.g., managerial, financial, administrative, acquisitions, contractual, programmatic, operational, technical, etc.); within the boundaries set by them
Procedures are specific instructions to be used to implement policy requirements in a specific way; they are enforceable through the policy
Guidelines are general rules, practices, and/or instructions that can be referenced to comply with policy; they are not enforceable but recommended as best practices that should be followed
Standards: refer to something that is considered by an authority or by general consent as a basis of comparison (e.g., industry, protocols, academic, etc.)
The purpose of standards is to outline agreed principles or criteria, so that their users can make reliable assumptions about a particular product, service or practice
Standards are often referenced in policies or can be used to frame a policy
Policies should have a formal lifecycle and change management process
4
Why IT Policy is Important
Primary reasons for IT Policy:
Protecting corporate assets (keeping systems and corporate information safe)
The policy aligns stakeholders and drives desired behaviors, actions, and provides guidance on how to do things
Only written and published policy can be used to prove the company has exercised “Due Diligence” in a court of law
There may be legal or regulatory reasons a policy must be created and published (e.g., HIPAA, FTI1075, Federal Green-Book Standard, etc.)
Enable an organization to manage business risk through defined controls that provide a benchmark for audit and corrective action
Without documented policies and procedures each and every employee and contractor will act in accordance with their own perception of acceptable use and system management will be ad-hoc and inconsistent
5
Features of good policy
Features of good policy usually include the following
Specific- Policy should be specific/definite. If it is uncertain, then the implementation will become difficult.
Clear & Understandable - Policy must be unambiguous. It should avoid use of jargons and connotations. There should be no misunderstandings in following the policy. Unclear policies can lead to indecisiveness and uncertainty in minds of those who look into it for guidance
Uniform- Policy must be uniform enough so that it can be efficiently followed by the subordinates.
Appropriate- Policy should be appropriate to the present organizational strategies and goals and address the intended policy objectives.
Simple- A policy shou ...
The benefits of technology standards it-toolkitsIT-Toolkits.org
Experience has shown that good things happen when the right set of end-user technology standards are appropriately planned and applied. Tangible benefits can be realized across a broad spectrum, ranging from improved IT service quality, to lowered technology management costs, and more (as the list below demonstrates):
Presentation at the ALA National Conference in Chicago, July 2009. Covers strategies for advancing your career in academic librarianship. Final slide includes links to speakers notes posted elsewhere.
Insignia Communications has recently hosted a webinar discussing the new threats of social media and the potential impact they can have on crisis management planning, crisis communication training and crisis handling. View the presentation to learn the latest insights or visit our website to listen to the webinar recording "How to prepare for a social media crisis" http://insigniacomms.com/resource/videos/
http://inarocket.com
Learn BEM fundamentals as fast as possible. What is BEM (Block, element, modifier), BEM syntax, how it works with a real example, etc.
Content personalisation is becoming more prevalent. A site, it's content and/or it's products, change dynamically according to the specific needs of the user. SEO needs to ensure we do not fall behind of this trend.
20110110 ARMA Dallas Managing Web 2.0 Records: Facebook, Twitter and Everythi...Jesse Wilkins
This presentation introduced enterprise use cases for social media, described the difference between commercial and enterprise social technologies, and provided specific steps to take to manage social content as records.
The presentation delivered to the ARMA Dallas Chapter by Jesse Wilkins, AIIM Director, Systems of Engagement. The presentation looks at methods of managing web 2.0 records, such as Facebook, Twitter and everything in between.
This presentation from the 2011 NARA E-Records Forum in Austin provided guidance on how to manage social business content as part of a records program.
A Research Project PresentationOnline Policies for Enabling Fi.docxmakdul
A Research Project Presentation
Online Policies for Enabling Financial Companies to Manage Privacy Issues
NAME:
Course:
1
Introduction
Companies in the financial sector handle data that are priority for hackers.
Organizations invest in vast technologies for protecting the data from unauthorized access.
However, they do not adequately invest in behavioral measures for safeguarding the data.
Companies in the financial sector face numerous attempts by the cybercriminals who target stealing data stored in the systems. The corporations handle confidential data that could be used for committing crimes, such as impersonation and illegal transfer of money (Noor & Hassan, 2019). It is a major concern whether financial institutions have effective policies that ensure the data are properly secured from both internal and external threats. Financial companies, especially those that spread across the country have always focused on investing in technologies that promote the privacy of the data and the systems. They are deploying technologies, such as cloud computing, which promote the privacy of the data. Also, they use Bcrypt technologies to encrypt data via algorithms that will take hackers decades to decrypt a single password. Though they invest in such technologies that cost millions of dollars, there are questions whether they invest in behavioral measures to protect the data systems (Noor & Hassan, 2019). Such measures require the use of online policies that will ensure that internal and the external users can adhere to best practices that make them less vulnerable to attacks, especially the social engineering attacks that target unsuspecting users.
2
Literature Review
Financial companies have implemented policies for promoting desirable user behaviors.
They provide guidelines on how to use the networks.
They do not require the users to follow strict rules, which indicates the inefficiency of the policies.
Financial companies have implemented policies on how customers access their data remotely. Such policies outline the standards that customers must follow such as the multi-factor authentication, which aims at ensuring that no unauthorized users access the data (Suchitra &Vandana, 2016). The policies are communicated to the customers when they provide their data. It is an effective approach that mainly ensures that customer must follow certain guidelines that promote the overall security of the data. However, Timothy Toohey (2014) questions whether the policies apply to the side of the users who are very likely to exhibit behaviors that expose data to threats. For instance, the customers may use devices that have weak antimalware tools. Such devices create an avenue that a hacker can use and access the system.
3
Research Method
The researcher will employ a case-study design.
It means that the researcher will focus on individual cases and analyze them.
Interviews and observation will be the primary tools of data.
The da.
20110427 ARMA Houston Keynote Records Management 2.0Jesse Wilkins
This luncheon keynote at the ARMA Houston Spring Seminar introduced Web 2.0 concepts and issues and provided attendees with specific steps for managing social content as part of the records program.
Use of the COBIT Security Baseline as a framework for an information
security program at a large state agency. Presented at the 2005 MN Govt IT
Symposium.
This presentation explains Information Governance. Learn what it takes to improve the value of information, manage information risks, and reduce information costs.
Harrisburg UniversityISEM 547 IT PolicyOb.docxshericehewat
Harrisburg University
ISEM 547
IT Policy
Objectives
Why Policy?
Policy, Procedures, Guidelines
Writing IT Policy (Best Practices)
IT Policy Management
2
IT Policy
3
What is Policy, Procedures, Guidelines & Standards ?
Policy: are principles, rules, and protocols formulated or adopted by an organization to govern its actions.
The requirements outlined in policies, are used to control and guide important organizational decisions (e.g., managerial, financial, administrative, acquisitions, contractual, programmatic, operational, technical, etc.); within the boundaries set by them
Procedures are specific instructions to be used to implement policy requirements in a specific way; they are enforceable through the policy
Guidelines are general rules, practices, and/or instructions that can be referenced to comply with policy; they are not enforceable but recommended as best practices that should be followed
Standards: refer to something that is considered by an authority or by general consent as a basis of comparison (e.g., industry, protocols, academic, etc.)
The purpose of standards is to outline agreed principles or criteria, so that their users can make reliable assumptions about a particular product, service or practice
Standards are often referenced in policies or can be used to frame a policy
Policies should have a formal lifecycle and change management process
4
Why IT Policy is Important
Primary reasons for IT Policy:
Protecting corporate assets (keeping systems and corporate information safe)
The policy aligns stakeholders and drives desired behaviors, actions, and provides guidance on how to do things
Only written and published policy can be used to prove the company has exercised “Due Diligence” in a court of law
There may be legal or regulatory reasons a policy must be created and published (e.g., HIPAA, FTI1075, Federal Green-Book Standard, etc.)
Enable an organization to manage business risk through defined controls that provide a benchmark for audit and corrective action
Without documented policies and procedures each and every employee and contractor will act in accordance with their own perception of acceptable use and system management will be ad-hoc and inconsistent
5
Features of good policy
Features of good policy usually include the following
Specific- Policy should be specific/definite. If it is uncertain, then the implementation will become difficult.
Clear & Understandable - Policy must be unambiguous. It should avoid use of jargons and connotations. There should be no misunderstandings in following the policy. Unclear policies can lead to indecisiveness and uncertainty in minds of those who look into it for guidance
Uniform- Policy must be uniform enough so that it can be efficiently followed by the subordinates.
Appropriate- Policy should be appropriate to the present organizational strategies and goals and address the intended policy objectives.
Simple- A policy shou ...
The benefits of technology standards it-toolkitsIT-Toolkits.org
Experience has shown that good things happen when the right set of end-user technology standards are appropriately planned and applied. Tangible benefits can be realized across a broad spectrum, ranging from improved IT service quality, to lowered technology management costs, and more (as the list below demonstrates):
20240409 ARMA NE Ohio Building a RIM Program with a RIM Playbook.pptxJesse Wilkins
This presentation, delivered virtually to the ARMA Northeast Ohio Chapter on April 9, 2024, outlined the purpose and benefits of building a RIM Playbook, described the elements of a playbook, described the elements of a ply, and outlined the steps to take to build a playbook.
20240425 ARMA Milwaukee Records Mgmt in the Age of Privacy.pptxJesse Wilkins
This presentation, delivered virtually to the ARMA Milwaukee chapter on April 25, 2024, reviewed the 6 eras of records management, defined the characteristics of the age of privacy, outlined the concepts of defensible disposition and data minimization, and presented a recommendation to move in the direction of purpose-based retention and a personal information retention schedule.
20240215 ARMA OK Building a RIM Program with a RIM Playbook Final.pptxJesse Wilkins
This presentation, delivered virtually to the ARMA Oklahoma chapter on February 15, 2024, introduced attendees to the idea of a business and RIM playbook. Attendees learned about the benefits of a playbook, the elements of a playbook, and the elements of a play. The session concluded with a review of the process for building a playbook from scratch.
20240213 ARMA GCAC Business and Technical Assessment for an Info Mgmt Initiat...Jesse Wilkins
This presentation, delivered virtually to the ARMA Chattanooga chapter on February 13, 2024, described the elements of a business assessment, a technical assessment, and a maturity assessment in support of an information management initiative.
20240202 Austin ARMA Bringing Your RIM Program Under the Big Top with a RIM P...Jesse Wilkins
This presentation, delivered virtually on February 2, 2024 as part of the Austin ARMA Annual Conference, introduced the idea of a records management playbook. I described the purpose and benefits of a playbook, then outlined the elements of a playbook and the individual plays.
20240118 ARMA St Louis Building a RIM Program with a RIM Playbook.pptxJesse Wilkins
This presentation, delivered virtually to the ARMA Greater St. Louis Chapter on January 18, 2024, outlined how to build a records management playbook. The presentation described the benefits of building a playbook, the elements of a playbook, the elements of a play, and how to actually build and maintain one.
20240110 ARMA GKC Build and Sustain Your RIM Program with a RIM Playbook.pptxJesse Wilkins
This presentation, delivered virtually to the ARMA Greater Kansas City Chapter on January 10, 2024, outlined how to build a records management playbook. The presentation described the benefits of building a playbook, the elements of a playbook, the elements of a play, and how to actually build and maintain one.
20231207 ARMA Madison Build and Sustain Your RIM Program with a RIM Playbook....Jesse Wilkins
This presentation, delivered virtually to the ARMA Madison Chapter on December 7, 2023, outlined the value of a business playbook and, specifically, a records and information management (RIM) playbook. Attendees learned about the elements of a playbook and of individual plays and how to construct their own playbooks using a provided template.
20231219 ARMA Florida Gulf Coast How to Select the Right Certifications for Y...Jesse Wilkins
This presentation, delivered virtually to the ARMA Florida Gulf Chapter on December 19, 2023, outlined the value of certifications and described three class of certifications including RIM, "RIM-adjacent", and "Other". Attendees received an overview of the 6 RIM certifications and a table comparing their exams and programs. The session concluded with a framework for determining how to select the most appropriate certification based on costs, context, and program visibility and market awareness.
20231005 ARMA San Diego RIM-IG Certifications and the Path to Professional De...Jesse Wilkins
This presentation was delivered virtually to ARMA San Diego on October 5, 2023. It compared and contrasted the various information governance / information management-related certifications and presented a framework for deciding which one(s) to pursue based on an individual's career goals.
20230719 ARMA Canada Professional Development.pptxJesse Wilkins
This presentation, delivered at the ARMA Canada Information Conference on July 19, 2023 in Toronto, outlined a framework for professional development in the IM industry. Attendees learned about the 4 types of learning and the 5 domains IM professionals need to understand. Attendees also received a professional development plan template.
20230717 ARMA Canada How to Select the Right IM Certifications for You.pptxJesse Wilkins
This presentation, delivered on July 17, 2023, at the ARMA Canada Information Conference, compared and contrasted the various IM and IM-adjacent certifications. Attendees also learned how to determine the right certification for them based on their career goals.
20230919 ARMA New England Keynote on IG Industry Trends.pptxJesse Wilkins
This keynote, delivered at the ARMA New England Win with IG seminar on September 19, 2023, outlined the state of the IG industry from three perspectives: what industry analysts are talking about, what the key conference sessions are about, and what individual chapters and vendors are talking about. The session concluded with ways for individuals to keep abreast of developments in IG.
20230117 ARMA MHD Building Your RM Playbook.pptxJesse Wilkins
This presentation, delivered to the ARMA Mile High Denver Chapter on January 17, 2023, outlined the value and benefits of building a records management playbook. Attendees learned about the elements of a playbook and the individual plays within the playbook. The session concluded with a discussion of how to actually build a RM playbook.
20160602 ARMA Boston - You Shared WHAT? Applying Governance to Social MediaJesse Wilkins
This presentation, delivered to the ARMA Boston Chapter on June 2, 2016, outlined how to apply information governance practices to social media posts. It described specific social media security threats and gave attendees an opportunity to participate in roundtable discussions.
20230523 MER 2023 How to Build and Sustain Your IG Program with an IG Playboo...Jesse Wilkins
This presentation, delivered at the MER conference in Chicago on May 23, 2023, introduced attendees to the concept of an information governance playbook. Attendees learned the purpose and value of a playbook, as well as the structure of a playbook and of individual plays. The session concluded with a discussion of how to build and maintain a playbook.
20230912 AIIM True North Generative IA Tools The Good The Bad The Ugly no car...Jesse Wilkins
This presentation, delivered to the AIIM True North chapter virtually on September 12th, introduced ChatGPT and other generative AI tools. I briefly introduced and demonstrated ChatGPT and some other generative AI tools. We reviewed some of the more popular use cases and benefits of using generative AI. We also reviewed some of the challenges these tools present for the organization. Finally, we discussed some practices to use these tools safely and effectively in support of real business outcomes.
20230419-4 Building Your RIM-IG Program with a RIM Playbook.pptxJesse Wilkins
This session provided the conclusion to the ARMA Nebraska 2023 Spring Seminar in Omaha, Nebraska. Attendees learned what a playbook is, what plays are, and how to develop a RIM/IG playbook tailored to their organization.
20230419-3 ARMA Nebraska Prof Dev for Info Pro.pptxJesse Wilkins
This session, delivered at the ARMA Nebraska Spring Seminar 2023 on April 19, 2023, introduced the professional development matrix and walked attendees through how to leverage the matrix to develop their own personal professional development plans.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
2. About AIIM International - Members in 146 countries Independent - Unbiased and vendor neutral Implementation Focused - Processes, not just technology Industry Intermediary - users, suppliers, consultants, analysts, and the channel http://www.aiim.org
3. Jesse Wilkins, CRM Director, Systems of Engagement, AIIM Background in electronic records management, email management, ECM, and social technologies Director, ARMA International Board of Directors (2007-2010) Frequent industry speaker and author AIIM ERM and E2.0 Expert Blogger Instructor for AIIM Certificate Programs 3
4. It’s just a fad…. By the end of 2013, half of all companies will have been asked to produce material from social media websites for e-discovery. Source: “Social Media Governance: An Ounce of Prevention”, Gartner
5. Agenda Introduction Policy development framework Structural elements of a comprehensive social media policy Social media policy statements Strategies for managing social media
7. Why a policy? Ensures that employees know what is expected of them Provides guidelines for being more effective Reduces risk of someone posting inappropriate content Addresses legal and operational concerns
8. About the social media policy Social content is just another form of content Policy should provide a framework applicable to most or all social media tools – and to other content/communication-related technologies as well DON’T write e.g. a Facebook policy, a Twitter policy, etc.
9. Best Buy Social Media Policy Be smart. Be respectful. Be human. http://www.bby.com/2010/01/20/best-buy-social-media-guidelines/
11. Policy 2.0 – in 140 characters Our Twitter policy: Be professional, kind, discreet, authentic. Represent us well. Remember that you can’t control it once you hit “update.”
13. The policy framework Approach to developing and implementing a policy Ensures that policy development is consistent with organizational goals Ensures that policy meets legal, regulatory, and operational requirements
14. 1. Get management support Policy development requires time and energy from users and stakeholders So does policy implementation Ongoing compliance will require auditing and communication
15. 2. Identify stakeholders Policy should address the entire enterprise Stakeholders should include: Business unit managers Legal External customers and partners
16. 3. Put a team together Internal social media experts Internal champions and evangelists Expert users from key areas of the organization Records/legal/compliance IT
17. 4. Identify the goals of the policy What changes are being introduced? Social business technologies Related processes What are the desired outcomes? What behavioral changes should result?
18. 5. Conduct the research Legal research Organizational research Public research Standards and guidelines Benchmarking Consult with similarorganizations Analyze the results
19. 6. Draft the policy Collaborative and iterative process There are a number of public examples of social media policies These are starting points and need to be customized for your requirements Keep it as simple as possible
20. 7. Review the policy Review by legal, HR, users Ensures it is valid Ensures it will work within existing organizational culture Change management
21. 8. Approve the policy Policy is reviewed by business managers, senior management Complete revisions as necessary Approve the policy
22. 9. Implement the policy Communication Training Auditing Enforcement!
23. 10. Once the policy is live Monitor for compliance with policy Solicit feedback about policy Provide refresher training as required Plan for periodic review and maintenance Changes to regulatory or operational requirements Changes to social technologies New social technologies
26. Purpose and scope This policy has three purposes: Establish definitions relevant to social business technologies Describe usage policies relating to social business technologies Describe security and technology policies relating to social business technologies Scope: This policy is applicable to the entire enterprise.
27. Responsibilities Responsibilities for policy development and maintenance Responsibilities for policy administration Responsibilities for compliance with policy
30. References List any references used to develop the policy Internal strategic documents Records program governance instruments Statutes and regulations Publications Examples and templates
34. Look & feel guidelines Account details Handle Picture – including corporate logo usage Bio Contact information Friends/buddies/contacts Groups/fans/likes
35. Content guidelines Whether posts will require approval Pictures and video By the organization By third parties, e.g. the public Links (i.e. “sharing”) Applications and widgets Likes, retweets, etc.
36. Whether the account is monitored for actionable content (screenshot) Public records
37. Personal access and usage Access to personal accounts using organizational resources (time, computers, network, etc.) Access to sites using personal devices (iPhone, tablet, etc.)
38. Inappropriate usage Offensive content Disparagement of the organization – or of competitors or others Slander or libel Sexual content Solicitations of commerce Threats Illegal activity Violation of copyright
39. Sensitive materials Personnel-related information Financial information Confidential information Health information If you wouldn’t post it to your website or send via email, don’t post to FB or send via Twitter.
42. Governmental considerations Links to primary site (“content of record”) Whether comments are allowed And monitored Public records act Public safety and monitoring issues
46. Is it a record? Is the information unique and not available anywhere else? Does it contain evidence of an agency’s policies, business, mission, etc.? Is the tool being used in relation to an agency’s work? Is there a business need for the information? Does it document a transaction or decision?
47. What is the record? Individual social network status updates or Tweets? Comments and responses to comments? The entire stream over a given period? Embedded URLs? Policy and consistency are key
50. Records management in brief Archive selected items locally Use search queries and monitoring Store selected items locally using search queries or RSS
51. Use the native backup to store locally Store locally using built-in tools
52. Use a third-party service to store locally Store locally using third-party service
57. For more information Jesse Wilkins, CRM, CDIA+ Director, Systems of Engagement AIIM International +1 (303) 574-0749 direct jwilkins@aiim.org http://www.twitter.com/jessewilkins http://www.linkedin.com/in/jessewilkins http://www.facebook.com/jessewilkins http://www.slideshare.net/jessewilkins
58. Additional Resources “How Federal Agencies Can Effectively Manage Records Created Using New Social Media Tools”, Patricia Franks, Ph.D., IBM Center for The Business of Government, 2010 Guideline for Outsourcing Records Storage to the Cloud, ARMA International, 2010 “Electronic Records Management: Blogs, Wikis, Facebook, Twitter, & Managing Public Records”, Washington State Archives, September 2009
59. Additional Resources “Managing Social Media Records”, U.S. Department of Energy, September 2010 http://cio.energy.gov/documents/Social_Media_Records_and_You_v2_JD.pdf “Guidance on Social Networking”, Arizona State Library, Archives, and Public Records, June 2010 http://www.lib.az.us/records/documents/pdf/Social_Networking.pdf
60. Additional Resources NARA Bulletin 2011-02, “Guidance on Managing Records in Web 2.0/Social Media Platforms”, October 2010 http://www.archives.gov/records-mgmt/bulletins/2011/2011-02.html “A Report on Federal Web 2.0 Use and Value”, National Archives and Records Administration, 2010 http://www.archives.gov/records-mgmt/resources/web2.0-use.pdf
61. Colorado State University Social Media Resources http://socialmedia.colostate.edu/ Division of Emergency Management Draft SM Policy http://www.coemergency.com/2010/02/dem-draft-social-media-guide.html UNC Social Media Best Practices http://www.unco.edu/websupport/social/index.html
62. City of Longmont Social Media Guidelines http://www.ci.longmont.co.us/news/social_media/documents/socialmediaguidelines.pdf Eric Schwartzman’s Social media policy template http://ericschwartzman.com/pr/schwartzman/social-media-policy-template.aspx PDF: http://ericschwartzman.com/pr/schwartzman/document/Social-Media-Policy.pdf
63. Additional resources Compliance Building Social Media Policies Database http://www.compliancebuilding.com/about/publications/social-media-policies/ 57 Social Media Policy Examples and Resources http://www.socialmediatoday.com/davefleet/151761/57-social-media-policy-examples-and-resources Web 2.0 Governance Policies and Best Practices http://govsocmed.pbworks.com/w/page/15060450/Web-2-0-Governance-Policies-and-Best-Practices
64. Social Media Governance policy database http://socialmediagovernance.com/policies.php “Analysis of Social Media Policies: Lessons and Best Practices”, Chris Boudreaux, December 2009 http://socialmediagovernance.com
Editor's Notes
Here’s a very succinct Twitter policy from a blog by an HR-focused law firm, GruntledEmployees.com. “Our Twitter policy: Be professional, kind, discreet, authentic. Represent us well. Remember that you can’t control it once you hit “update.””Pretty good, right? Now, you could argue that this policy is missing a lot of the stuff I just mentioned. But I don’t know that I agree – authentic, professional, discreet, represent us well – that’s pretty close. And regardless of what you think might be missing, I’d argue that if your employees follow this policy, you won’t have many issues with them. And note that this policy is itself Tweetable. [twitter] Policy 2.0 – in 140 characters, courtesy of gruntledemployees.com. http://is.gd/8BpjT[/twitter]
Official vs. unofficial includes: Disclaimers (this is or is not official; disclaimer of responsibility if it isn’t)Whether approval is required to create an account (official only)
The first step many organizations take to manage Web 2.0 is to try to block them. This is unrealistic for a number of reasons.
The first step is to determine whether or not something is in fact a record. Just as we know that most email messages are not records, for most organizations their Facebook fan page updates will not be records either. In other words, we have to ask the same questions about these tools that we’d ask about any other type of information:Does it document a transaction or a decision? If it does, it’s probably a record. Is it captured in another form? This is the biggest reason why most social networking sites like Facebook and Twitter wouldn’t need to be captured as records – in most cases they are being used as another transmission mechanism for information stored elsewhere. Now, just because it isn’t a record doesn’t mean it couldn’t be discoverable or a public record and subject to FOIA-type laws. Again, same considerations here as for other types of information. [twitter]Determine whether something is a record or not according to its content and context.[/twitter]
The next step is to determine exactly what is the record and must therefore be retained. Again, this will likely vary not just by content, but also by the nature of the tool. An individual social network status update or Tweet could rise to the level of a record, though I suspect this will be uncommon; in the case of a protracted discussion on someone’s wall or via Twitter, it might be the entire stream of updates on a particular topic or over a given period. This is analogous to determining when an instant message is a record. Many of these tools don’t really have metadata in the traditional sense. Twitter, for example, has the following public metadata: SenderMentions (the @ or DM it is addressed to, and could be more than one)A unique Twitter IDAn in-response-to Twitter ID if it uses the Twitter Reply capabilityA ReTweet ID if it was ReTweetedDate and time sentThe client used to send the update, if knownAny hashtags could be considered metadataBut note what there isn’t: No subject line or topic, no mechanism for filing it, no keywords (except maybe the hashtag). Other systems may offer more or less metadata but it is difficult to access some of that, even if it is retained by the system or commercial provider. The key is to have a records policy that is broad enough to encompass all of these tools and that stresses the content and context of information rather than its format. And as we noted earlier, just because it exists does not make it a record per se.[twitter] The next step is to determine exactly what is the record and must therefore be retained. [/twitter]
Finally, there are enterprise versions of every Web 2.0 application. These enterprise versions are often available to be hosted inside the firewall, meaning that security is much more robust. Access can be secured to them much more effectively. They can be integrated into the organization’s identity infrastructure – whether Active Directory or something else – such that any change, post, comment, edit, update, etc. can all be tracked and, more importantly, tracked to a specific named user. No anonymous postings here. Of course, you have to pay for an enterprise version, but what you’re really paying for is a level of peace of mind. And you still get many of the same benefits – ease of use, familiarity with the type of tool, rapid and agile collaboration across geographical and time boundaries, etc. You’re just getting a more secure and robust version of it. [twitter]Consider implementing enterprise versions. FB is FB, but internal tools might be more appropriate.[/twitter]
At this point I’d be pleased to entertain your questions.