HCLT Whitepaper: The overwhelming challenges of IT infrastructure managementHCL Technologies
CIOs and IT leaders are the intended audience of this white paper. Business and IT share a symbiotic relationship where one cannot exist without the other. This white paper is a comprehensive attempt to highlight the challenges faced by CIOs and articulate the key business problems faced when building IT as a business enabler, particularly during uncertain economic times. It also seeks to accentuate the expertise that the HCL-BMC partnership has built in the IT infrastructure management service space through MTaaSTM Shared, its business-centric platform that leverages on the potential of SaaS-based service offerings and cloud computing.
Protecting Your Business from Cybercrime - Cybersecurity 101David J Rosenthal
Cybercrime impacts a lot of users every year.
Indirectly (compromised merchant – credit card)
Directly (compromised login credentials)
Cybercrime’s impact can be financial and reputation to your company
Impacts 1 in 5 small businesses every year
Cybercrime is a global business
The Internet allows attackers to be anywhere in the world and attacking victims anywhere in the world
Today more organized and motivated than any time in history
HCLT Whitepaper: The overwhelming challenges of IT infrastructure managementHCL Technologies
CIOs and IT leaders are the intended audience of this white paper. Business and IT share a symbiotic relationship where one cannot exist without the other. This white paper is a comprehensive attempt to highlight the challenges faced by CIOs and articulate the key business problems faced when building IT as a business enabler, particularly during uncertain economic times. It also seeks to accentuate the expertise that the HCL-BMC partnership has built in the IT infrastructure management service space through MTaaSTM Shared, its business-centric platform that leverages on the potential of SaaS-based service offerings and cloud computing.
Protecting Your Business from Cybercrime - Cybersecurity 101David J Rosenthal
Cybercrime impacts a lot of users every year.
Indirectly (compromised merchant – credit card)
Directly (compromised login credentials)
Cybercrime’s impact can be financial and reputation to your company
Impacts 1 in 5 small businesses every year
Cybercrime is a global business
The Internet allows attackers to be anywhere in the world and attacking victims anywhere in the world
Today more organized and motivated than any time in history
Bu çalışmada Ransomware yazılımlarının anlaşılması kapsamında genel olarak; zararlı yazılımlar, bilgisayar virüsleri gibi konular ele alınmıştır. Ransomware ve Trojanlar arasındaki ilişkinin nasıl bir yapıya sahip olduğu, bu etkileşimin bulaşma yollarındaki etkileri gibi hususlara değinilmiştir.
Fidye yazılım saldırıları sonucunda pazarlıkların kaçınılmaz olması ve bu pazarlıkların safhaları, genel saldırgan tavırları, pazarlıklar sırasında uygulanabilecek bazı ip uçları gibi konulardan da bahsedilmiştir.
Bu çalışma, Ransomware kavramı için giriş seviyesinde bir farkındalık oluşturabilir ve konu hakkında genel bir bilgi edinme konusunda başarılı olabilir.
Multi-factor authentication (or MFA) Learn all you need to know about what multi-factor authentication is, and why you need MFA to protect customer data.
https://bit.ly/3jowx1a
Ethical hacking also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s
viewpoint so systems can be better secured. It’s part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate.
Bu çalışmada Ransomware yazılımlarının anlaşılması kapsamında genel olarak; zararlı yazılımlar, bilgisayar virüsleri gibi konular ele alınmıştır. Ransomware ve Trojanlar arasındaki ilişkinin nasıl bir yapıya sahip olduğu, bu etkileşimin bulaşma yollarındaki etkileri gibi hususlara değinilmiştir.
Fidye yazılım saldırıları sonucunda pazarlıkların kaçınılmaz olması ve bu pazarlıkların safhaları, genel saldırgan tavırları, pazarlıklar sırasında uygulanabilecek bazı ip uçları gibi konulardan da bahsedilmiştir.
Bu çalışma, Ransomware kavramı için giriş seviyesinde bir farkındalık oluşturabilir ve konu hakkında genel bir bilgi edinme konusunda başarılı olabilir.
Multi-factor authentication (or MFA) Learn all you need to know about what multi-factor authentication is, and why you need MFA to protect customer data.
https://bit.ly/3jowx1a
Ethical hacking also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s
viewpoint so systems can be better secured. It’s part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate.
線上講座網址:https://youtu.be/zEbNNvmEZ8U
不論是企業或 NPO,大家對數據的重視度都更甚以往,希望根據組織內外都信任的資料,讓決策達到真正的Data-driven(資料驅動)。但組織內外的資料五花八門、四散各地,要如何從中抽絲剝繭,找出有意義的數據呢?
本次無國界醫生台灣分部的 IT Jennifer 將用實際案例引領大家設定問題、規劃資料格式、挖掘數據。還會講解怎麼用 Power BI 作為分析工具找到答案!(Power BI 是微軟的資料視覺化工具,可以快速做出互動式視覺圖表,讓大家更容易從大量數據中理出頭緒,還有免費版哦)
想推進政策、解決公共問題,光靠政府或公民社會單方面的努力都難以促成最佳結果,因而有效率的「公私協力」模式便成為大家嚮往的理想狀態。但執行專案時,必然會遇到實際狀況和現行制度產生衝突,導致進展緩慢,甚至就此卡關。
在這場「跨部門協作辛酸史」座談中,我們邀請了各方公部門和私部門代表,請六位講者分享過往在跨部門協力時遭遇的困境和磨合過程,並提出執行面、制度面的反省與建議。
陳昭文|公私協力的十年磨劍: 從KAMERA到救急救難一站通
我們過去長年致力於促進緊急醫療資訊透明分享行動,著手建置台灣最大型急診動能監測系統(Project KAMERA);希冀改良外傷照護系統,則推廣外傷登錄作業並進行「全國外傷品質改善計畫」。認為學術應加速入世濟眾而推動開放科學,籌劃首次醫療救護跨界黑客松(Code for healthcare)及急診資料挑戰賽(KAMERA Data Challenge)。輔佐高市衛生局進行「到院前心肺休止風險地圖」及「緊急轉診宅急便」等資料科學專案;並串連跨領域單位組成「救急救難一站通」團隊,構築區域內急重症的自我學習系統。在此分享過去在區域建立急重症自我學習系統之耕耘經驗,如何讓公私單位逐步整合至問題導向協力專案,並運用策略埋下資料治理與資料民主化的種子。
* 疫情中,客服最常被問到的問題
** 視訊會議
** 多人共用免費的公用信箱,被鎖住了!
** 「驗證網域」是什麼?
* 你想要的是單一功能,卻需要導入一個雲端系統才可以?!
** Google Meet vs Google 非營利版
** 當我們的工作中,加入越來越多數位工具和流程:投入的成本 vs 效率的回饋
** 導入 Google 非營利版或 M365 非營利版,組織準備好了嗎?
* 微觀的需求 vs 組織整體的數位政策和想像
7. There are two kinds of big companies in the United States.
There are those who've been hacked by the Chinese,
and those who don't know they've been hacked by the Chinese.
- James Comey (美國聯邦調查局局長)
https://www.businessinsider.com/fbi-director-china-has-hacked-every-big-us-company-2014-10
68. Cyber Security Incident Scenarios
• Determining what the threat is to your organisation
• Assessing your risk profile (to key assets)
• Considering threat intelligence providers
• Evaluating situational awareness and applicability to your organisation
• Simulating a real attack as closely as possible
• Ensuring the right person is doing the right thing at the right time.
Prepare
69. Step 3. Consider the implications of people, process, technology and information
• 安排⼈員、流程、技術、資訊 (people, process, technology, information)
• ⼈員編組、執掌,事件相關的流程、⼯具、系統,資訊流的整理等等
Prepare
70. Step 4. Create an appropriate control framework
• 選定合適的控制框架及措施
• 傳統防禦措施雖然無法防禦攻擊,但可以減緩攻擊成功率及速度
• 良好的控制框架中會明確表⽰該進⾏哪些措施,可以成功防堵攻擊⾏為
Prepare
71. Step 5. Review your state of readiness in cyber security incident response
• 檢討組織在資安事件應變中的準備狀態
• 組織必須擁有資安事件應變能⼒,由完善的流程、技術⼈員、相關技術組成。
擁有事件應變能⼒可以幫助組織徹底的調查事件,並成功消除潛藏在環境中的
敵⼈
• 評估準備完成度:
• People, process, technology, information
• Preparedness, response and follow up activities.
Prepare
89. 範例通知信
[Name of Institution/Logo] ____ ____ Date: [insert date]
NOTICE OF DATA BREACH
Dear [Insert Name]:
We are contacting you about a data breach that has
occurred at [insert Company Name].
What Happened? …..
What Information Was
Involved?
…..
What We Are Doing …..
What You Can Do …..
Other Important Information …..
For More Information …..
90. Reference
• Computer Security Incident Handling Guide (NIST SP 800-61)
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
• Guide for Cybersecurity Event Recovery (NIST SP 800-184)
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf
• Data Breach Response: A Guide for Business
https://www.ftc.gov/tips-advice/business-center/guidance/data-breach-
response-guide-business