This document summarizes a presentation on the future of information security. It discusses trends that will impact security such as increased network speeds, wireless devices, cloud computing and the internet of things. It also covers issues like the decline of traditional computers, increased cyber attacks, the importance of online identity, hacktivism, and the need for improved security training and qualifications. The document concludes that the complexity of security will continue growing and attacks will have greater potential impacts, making security an even more important issue going forward.
Extending CyberSecurity Beyond The Office PerimeterVeriato
The traditional office has now morphed into a hybrid model where most employees work remotely. The shift to remote work isn't entirely new. Between 2005 and 2018, there was a 173% increase in the US remote workforce.
This trend spiked significantly in 2020 when roughly 88% of organizations worldwide encouraged remote work to flatten the COVID-19 spread.
Join Dr. Christine Izuakor and Veriato's Head of Marketing, Pete Nourse In this free webinar as they discuss:
How corporate office perimeters continue to evolve in real-time as the world changes
Latest threats to organizations in and out of the office in the new year
Keeping your data and systems safe while they sit in your employees' house
A user-centric approach to extending security beyond the traditional office perimeter
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
Over 10,000 new cybersecurity technologies are developed each year yet we do not see a correlating decrease in cybersecurity threats. This is because cybersecurity isn’t a mere computer science problem. The most vulnerable part in the security chain is humans. But humans are also a valuable asset in countering cybersecurity threats. A kaleidoscope is constantly changing pattern or sequence of elements. In cyber we need to shake the kaleidoscope to create new ways of both identifying and solving problems.
This presentation will be somewhat unorthodox. Maurushat will weave a story through the thread of human behaviour and cybersecurity with the primary objective of making sense out of chaos. What do Mars Bars, Perestroika, Carrots, Transylvania, Robin Hood, Talin, Majong, Anti-Vaccination, the Mayor of Montreal, Tails and Pineapples have to do with cybersecurity?
In her presentation, Professor Maurushat encapsulates key human behaviour issues in cybersecurity based on 17 years of experience and research in ethical hacking, vulnerability markets, cybercrime investigations and cybersecurity policy consultation with governments and intelligence agencies.
There are no easy answers to cybersecurity challenges. However, this presentation will stimulate thinking about how to use the power of human behaviour to improve cybersecurity through emerging fields of behaviour data engineering, artificial intelligence, behavioural economics and neuro-diversity as evolution.
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
My take on the main themes and topic of National Cyber Security Awareness Month, including shared responsibility, the Internet of Things, STEM education and the cyber workforce.
talks about the present status of the cyber security in India. The policy of cyber security is also discussed. the general principles of the cyber security is highlighted.
Legal position of cyber security and instances of breach of information technology code is also discussed.
This session will discuss the main cyber threats for 2019 by including security public and private sector experts. After an overview of the top cybersecurity industry predictions for the coming year, the panel will discuss effective solutions and roadmaps needed as we head into the 2020s.
Main points covered:
• What are the top cyber threats facing enterprises in 2019?
• What do the major cybersecurity vendors believe will happen in the next few years?
• What is being done to prepare for daily cyber-attacks facing enterprises?
• What projects are leading Chief Information Security Officers (CISOs) and Chief Risk Officers (CROs) implementing now?
Presenters:
Our first presenter for this session is Maria S. Thompson, State Chief Risk and Security Officer for the State of North Carolina. Maria brings to the State over 20 years of experience in Information Technology and cybersecurity. Maria’s personal honors include receiving the 2007 National Security Agency’s prestigious Rowlett Award for individual achievement in Information Assurance. Additionally, she received the 2008 Office of Secretary of Defense Certificate of Excellence for the implementation of an IA strategy for the Information Assurance Workforce. Most recently, Maria was selected as a winner of one of the 2018 Triangle Business Journal Women in Business award and State Scoop’s 50th Award State Cybersecurity Leader
The second presenter is Dan Lohrmann is an internationally recognized cybersecurity leader, technologist and author. Starting his career at NSA, Lohrmann has served global organizations in the public and private sectors in many leadership capacities. As a top Michigan Government technology executive for seventeen years, Dan was national CSO of the Year, Public Official of the Year and a Computerworld Premier 100 IT Leader. He is currently CSO & Chief Strategist at Security Mentor, where he advises global and local corporations and governments on cybersecurity and technology infrastructure strategies and security culture change. He has been a keynote speaker at security conferences from South Africa to Europe and Washington D.C. to Moscow.
Recorded Webinar: https://youtu.be/IHAAXQ30zBk
Extending CyberSecurity Beyond The Office PerimeterVeriato
The traditional office has now morphed into a hybrid model where most employees work remotely. The shift to remote work isn't entirely new. Between 2005 and 2018, there was a 173% increase in the US remote workforce.
This trend spiked significantly in 2020 when roughly 88% of organizations worldwide encouraged remote work to flatten the COVID-19 spread.
Join Dr. Christine Izuakor and Veriato's Head of Marketing, Pete Nourse In this free webinar as they discuss:
How corporate office perimeters continue to evolve in real-time as the world changes
Latest threats to organizations in and out of the office in the new year
Keeping your data and systems safe while they sit in your employees' house
A user-centric approach to extending security beyond the traditional office perimeter
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
Over 10,000 new cybersecurity technologies are developed each year yet we do not see a correlating decrease in cybersecurity threats. This is because cybersecurity isn’t a mere computer science problem. The most vulnerable part in the security chain is humans. But humans are also a valuable asset in countering cybersecurity threats. A kaleidoscope is constantly changing pattern or sequence of elements. In cyber we need to shake the kaleidoscope to create new ways of both identifying and solving problems.
This presentation will be somewhat unorthodox. Maurushat will weave a story through the thread of human behaviour and cybersecurity with the primary objective of making sense out of chaos. What do Mars Bars, Perestroika, Carrots, Transylvania, Robin Hood, Talin, Majong, Anti-Vaccination, the Mayor of Montreal, Tails and Pineapples have to do with cybersecurity?
In her presentation, Professor Maurushat encapsulates key human behaviour issues in cybersecurity based on 17 years of experience and research in ethical hacking, vulnerability markets, cybercrime investigations and cybersecurity policy consultation with governments and intelligence agencies.
There are no easy answers to cybersecurity challenges. However, this presentation will stimulate thinking about how to use the power of human behaviour to improve cybersecurity through emerging fields of behaviour data engineering, artificial intelligence, behavioural economics and neuro-diversity as evolution.
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
My take on the main themes and topic of National Cyber Security Awareness Month, including shared responsibility, the Internet of Things, STEM education and the cyber workforce.
talks about the present status of the cyber security in India. The policy of cyber security is also discussed. the general principles of the cyber security is highlighted.
Legal position of cyber security and instances of breach of information technology code is also discussed.
This session will discuss the main cyber threats for 2019 by including security public and private sector experts. After an overview of the top cybersecurity industry predictions for the coming year, the panel will discuss effective solutions and roadmaps needed as we head into the 2020s.
Main points covered:
• What are the top cyber threats facing enterprises in 2019?
• What do the major cybersecurity vendors believe will happen in the next few years?
• What is being done to prepare for daily cyber-attacks facing enterprises?
• What projects are leading Chief Information Security Officers (CISOs) and Chief Risk Officers (CROs) implementing now?
Presenters:
Our first presenter for this session is Maria S. Thompson, State Chief Risk and Security Officer for the State of North Carolina. Maria brings to the State over 20 years of experience in Information Technology and cybersecurity. Maria’s personal honors include receiving the 2007 National Security Agency’s prestigious Rowlett Award for individual achievement in Information Assurance. Additionally, she received the 2008 Office of Secretary of Defense Certificate of Excellence for the implementation of an IA strategy for the Information Assurance Workforce. Most recently, Maria was selected as a winner of one of the 2018 Triangle Business Journal Women in Business award and State Scoop’s 50th Award State Cybersecurity Leader
The second presenter is Dan Lohrmann is an internationally recognized cybersecurity leader, technologist and author. Starting his career at NSA, Lohrmann has served global organizations in the public and private sectors in many leadership capacities. As a top Michigan Government technology executive for seventeen years, Dan was national CSO of the Year, Public Official of the Year and a Computerworld Premier 100 IT Leader. He is currently CSO & Chief Strategist at Security Mentor, where he advises global and local corporations and governments on cybersecurity and technology infrastructure strategies and security culture change. He has been a keynote speaker at security conferences from South Africa to Europe and Washington D.C. to Moscow.
Recorded Webinar: https://youtu.be/IHAAXQ30zBk
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Netpluz Asia Pte Ltd
Netpluz Cyber Intelligence Managed Security Pack for Small to Mid Business
A Cyber Protection Service That provides reactive mitigation and alerting before an event becomes an incident
Cyber Security is: “Protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.”
Breaking down the cyber security framework closing critical it security gapsIBM Security
Cyber crime is pervasive and here to stay. Whether you work in the Public Sector, Private Sector, are the CEO for a Fortune 500 Company or trying to sustain a SMB everyone is under attack. This February, President Obama, issued an executive order aimed at protecting critical business and government infrastructure due to the scale and sophistication of IT security threats that have grown at an explosive rate. Organizations and Government agencies have to contend with industrialized attacks, which, in some cases, rival the size and sophistication of the largest legitimate computing efforts. In addition, they also have to guard against a more focused adversary with the resources and capabilities to target highly sensitive information, often through long-term attack campaigns. Many security executives are struggling to answer questions about the most effective approach.
The body of technologies, processes and practices designed to protect networks, devices, programs and data from attack, damage, or unauthorized access is referred to as cyber security. It is also known as information technology security. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems.
Cyber Security is the most important constituent of Information Technology
that protects all kinds of information systems, (personal or professional) against
all the vulnerabilities and potential attacks via the internet.
This presentation was discussed in a Webinar with MetricStream in September 2016. It is applicable for small, medium and large businesses when considering information and cyber security risk.
FellowBuddy.com is an innovative platform that brings students together to share notes, exam papers, study guides, project reports and presentation for upcoming exams.
We connect Students who have an understanding of course material with Students who need help.
Benefits:-
# Students can catch up on notes they missed because of an absence.
# Underachievers can find peer developed notes that break down lecture and study material in a way that they can understand
# Students can earn better grades, save time and study effectively
Our Vision & Mission – Simplifying Students Life
Our Belief – “The great breakthrough in your life comes when you realize it, that you can learn anything you need to learn; to accomplish any goal that you have set for yourself. This means there are no limits on what you can be, have or do.”
Like Us - https://www.facebook.com/FellowBuddycom
Cybersecurity experts predict that cyber attacks will be twice as what happened in 2019. In 2021 it is predicted that a cyber attack will be reported every 11 seconds which is twice what it was in 2019 (every 19 seconds).
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Netpluz Asia Pte Ltd
Netpluz Cyber Intelligence Managed Security Pack for Small to Mid Business
A Cyber Protection Service That provides reactive mitigation and alerting before an event becomes an incident
Cyber Security is: “Protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.”
Breaking down the cyber security framework closing critical it security gapsIBM Security
Cyber crime is pervasive and here to stay. Whether you work in the Public Sector, Private Sector, are the CEO for a Fortune 500 Company or trying to sustain a SMB everyone is under attack. This February, President Obama, issued an executive order aimed at protecting critical business and government infrastructure due to the scale and sophistication of IT security threats that have grown at an explosive rate. Organizations and Government agencies have to contend with industrialized attacks, which, in some cases, rival the size and sophistication of the largest legitimate computing efforts. In addition, they also have to guard against a more focused adversary with the resources and capabilities to target highly sensitive information, often through long-term attack campaigns. Many security executives are struggling to answer questions about the most effective approach.
The body of technologies, processes and practices designed to protect networks, devices, programs and data from attack, damage, or unauthorized access is referred to as cyber security. It is also known as information technology security. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems.
Cyber Security is the most important constituent of Information Technology
that protects all kinds of information systems, (personal or professional) against
all the vulnerabilities and potential attacks via the internet.
This presentation was discussed in a Webinar with MetricStream in September 2016. It is applicable for small, medium and large businesses when considering information and cyber security risk.
FellowBuddy.com is an innovative platform that brings students together to share notes, exam papers, study guides, project reports and presentation for upcoming exams.
We connect Students who have an understanding of course material with Students who need help.
Benefits:-
# Students can catch up on notes they missed because of an absence.
# Underachievers can find peer developed notes that break down lecture and study material in a way that they can understand
# Students can earn better grades, save time and study effectively
Our Vision & Mission – Simplifying Students Life
Our Belief – “The great breakthrough in your life comes when you realize it, that you can learn anything you need to learn; to accomplish any goal that you have set for yourself. This means there are no limits on what you can be, have or do.”
Like Us - https://www.facebook.com/FellowBuddycom
Cybersecurity experts predict that cyber attacks will be twice as what happened in 2019. In 2021 it is predicted that a cyber attack will be reported every 11 seconds which is twice what it was in 2019 (every 19 seconds).
Monitoring security in the externalised organisation (Auscert 2013)Huntsman Security
With an increasing prevalence of cloud services, end user computing and third party delivery - many organisations are having to monitor security controls at arms length where they don't have direct contact or access
Why You'll Care More About Mobile Security in 2020tmbainjr131
This is a presentation I delivered in September 2015 at the Hacker Halted conference in Atlanta. This prezo looks at trends in mobile security, common & emerging exploits and best practices for organizations to think about implementing.
Why You’ll Care More About Mobile Security in 2020 - Tom BainEC-Council
What is “mobile security?” Seriously, what is it? Is it hardening controls, policy enforcement, knowing how to test mobile apps, mobile antivirus? And how do I map mobile security into an enterprise security strategy?
A year later, it’s still as ubiquitous as it has ever been. However with the sophistication of device-based attacks and with the sheer volume of mobile malware exploding, mobile security maintains its status as a major pain point and a critical element you have to consider when building a security program.
Given the research available and the increasing threatscape, mobile security preparedness predicated on managing the strategy is a better option than reactionary measures. What’s new in 2015 is there is more sufficient evidence that mobile attacks will further penetrate enterprise systems based on the increase of mobile device ‘involvement’ in many major hacks (not necessarily root cause traced to devices or compromised mobile apps)
This presentation will discuss the key trends impacting mobile security and will lay out an updated set of building blocks to produce a holistic mobile security model: from BYOD to mobile policy development to MDM; common and emerging exploits and targeted malware; the myriad of possible mitigations; and the notion of trusted software vs device-specific consideration.
Additionally, before we look at policy implementation best practices, we’ll look at a few key use cases and review a few sample enterprise models to learn how some of top organizations are managing mobile security. Finally, the presentation will take a five-year look outward to determine what impact mobile security will have long-term.
Presentation by Larry Clinton, President of the Internet Security Alliance (ISA) to the 66th Annual Fowler Seminar on Oct 12 2012 titled Evolution of the Cyber Threat - A Unified Systems Approach.
Cybersecurity is difficult. It is a serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk continue to mature and expand on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the emerging challenges as it analyzes the cause-and-effect relationships of factors driving the future of cybersecurity.
This presentation discusses the massive increases in cyber threats and the best ways to keep your data safe. Through this presentation, you will learn the best practices for implementing and testing a data security program.
First line of defense for cybersecurity : AIAhmed Banafa
The year 2017 wasn't a great year for cyber-security; we saw a large number of high-profile cyber attacks; including Uber, Deloitte, Equifax and the now infamous WannaCry ransomware attack, and 2018 started with a bang too with the hacking of Winter Olympics.
The frightening truth about increasingly cyber-attacks is that most businesses and the cybersecurity industry itself are not prepared. Despite the constant flow of security updates and patches, the number of attacks continues to rise.
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
Tom Blauvelt from Symantec and Sean Telles and Chris Dullea from ForeScout share how both companies together can deliver a unified cyber security solution.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Presentacion realizada en Argentina y Paraguay Durante Marzo 2014.
En Argentina por Faustino Sanchez. En Paraguay por Santiago Cavanna.
Trata sobre el problema de la presencia de vulnerabilidades en aplicaciones, el impacto que tiene en las organizaciones y la forma que se encuentra disponible para descubrirlas en forma temprana y facilitar su remediacion
Links disponibles en
http://www.santiagocavanna.com/segurinfo-2014-el-costo-oculto-de-las-aplicaciones-vulnerables/
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSPreetiDevidas
Triggered by the corona virus lock down, the abrupt transition to a work from home ( W F H) venue forced organizations to scramble to support a larger remote workforce. Such a quick shift means that certain security measures and requirements inevitably fell by the wayside. At the same time, cybercriminals found a new opportunity for attack with remote workers and improperly secured connections and technologies. Together, these trends have created a more vulnerable environment affecting the cyber security defenses of many organizations.
What should organizations be concerned about when using Machine Learning for Predictive Modeling techniques? Divergence Academy and Divergence.AI are leading efforts to bring Algorithmic Accountability awareness to masses.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Generative AI Deep Dive: Advancing from Proof of Concept to Production
ACS Talk (Melbourne) - The future of security
1. 1/05/2013
1
ACS VICTORIAN SIG – INFORMATION SECUIRY
THE FUTURE OF SECURITY
Professor Matt Warren,
School of Information Systems, Deakin
University
www.mjwarren.com
A view of the future
• Microsoft’s view of the future.
http://www.youtube.com/watch?v=peSYlJlg14E
• What will be the security implications?
2. 1/05/2013
2
CIA Triangle
• Initial security concept developed with the introduction of the mainframe.
• C.I.A. triangle was standard based on confidentiality, integrity, and
availability.
3
Comments from History
• Computer abuse – where a victim suffered, or
could have suffered, a loss and a perpetrator
made, or could have made a gain.
• Don Parker 1983 – Fighting Computer Crime
3. 1/05/2013
3
AusCert 2012
• Over 90% of respondents deployed firewalls, anti-
spam filters and anti-virus software.
• Two-thirds of respondents had documented
incident management plans, however only 12%
had a forensic plan.
• Over 20% of organisations know they
experienced a cyber incident in the previous 12
months, with 20% of these organisations
experiencing more than 10 incidents.
5
AusCert 2012
• Of the organisations which know they
experienced cyber incidents:
17% suffered from loss of confidential or proprietary
information, 16% encountered a denial-of-service attack,
and 10% financial fraud.
6
4. 1/05/2013
4
AusCert 2012
• The most common responses as to why incidents
were successful, were that they used powerful
automated attack tools, or exploited unpatched or
unprotected software vulnerabilities or
misconfigured operating systems, applications or
network devices.
Security Link to the Past
• Authentication – we are still using security
features from the 80’s.
• User name and password.
5. 1/05/2013
5
We are dealing with the consequences
Associated Press – Twitter hacking
We are dealing with the consequences
• One tweet.
• For a moment in time - $US136.5 billion lost of
the S&P 500 index's value. A quick recovery once
the hoax was identified.
6. 1/05/2013
6
We are dealing with the consequences
• Syrian Electronic army blamed for the incident.
• Phishing attack on journalists (from a number of
media organisations).
• One username and password for the AP twitter –
shared with many users.
The response
• Twitters response.
• Considering two test verification:
• 1) User name & Password
• 2) SMS code or secret code.
Issue – usability.
7. 1/05/2013
7
Next Generation
• What does the future offer from a security
perspective.
• Lets look into the future.
CIA Triangle – still relevant
14
8. 1/05/2013
8
The following trends
• The following themes and trends are based on a
proposed CRC looking at Cyber Security in an
Australian context.
Ultra Speed Networks and Defence
Faster networks allows for faster access and data
transfer rates. But faster networks allow faster
DDOS attacks, spread of malware, real time
impacts.
New approaches to intrusion detection and
response are needed to address highly increased
transmission speeds and diversity of devices
prevalent in cyberspace today and in the future.
9. 1/05/2013
9
Ultra Speed Networks and Defence
Cyber protection systems will need innovative
techniques and technologies to detect intrusions
as perpetrators operate across an increasingly
complex milieu of threat vectors.
Resilient Systems
With a society increasingly reliant on internet
connectivity recovery from any form of attack.
To protect society, organisational and individual
interests more robust and resilient primary
systems in the cyber infrastructure are needed.
10. 1/05/2013
10
Resilient Systems
Solutions will require systems to be self-aware
and self-repairing, and a composite approach
where systems combine to produce an overall
architecture stronger than its component parts.
Current focus of the Australian government.
Wireless, Mobile, Cloud
Wireless and mobile networks, and cloud
computing all impact how and where we store and
access our data.
Individuals using an array of personal devices for
workplace activity create an incredibly complex
environment for managing and using
commercially sensitive data to meet organisational
outcomes.
11. 1/05/2013
11
Trends – Australian 28th March, 2013
• SALES of tablet computers will surpass sales of both
desktop and portable PC sales by 2014.
• A report by the research firm IDC said worldwide
shipments of these devices -- personal computers,
tablets and smartphones -- grew 29.1 per cent in
2012 to 1.2 billion units with a value of $US576.9
billion.
• The expansion was largely driven by 78.4 per cent
growth in tablet shipments, which hit 128 million in
2012.
Trends - Australian 11th April, 2013
• Decline in PC sales – Windows 8 - First-quarter
shipments of PCs fell 14 per cent from the same
time last year, according to International Data
Corp.
• That's the deepest quarterly drop since the firm
started tracking the industry in 1994.
12. 1/05/2013
12
Trends
• Decline in traditional technologies – alternative
technologies – e.g. Chromebook, Ubuntu, Apple.
Unknown security issues?
• Decline in traditional computers and replacement
of alternative devices, e.g. security issues of
Android - two to nine million total downloads of
affected malware apps (bad news) from Google
Play.
IPV6 and the Internet of Things
IPv6 presents significant opportunities for the expansion
of the Internet and services, truly allowing “things” to be
connected. IPv4 has approximately 4.2 billion unique
addresses, but once IPv6 is fully adopted there will be
approximately 1000 IP addresses for every square
metre of the Earth’s surface.
Forensics issues – since in theory every transaction
could have a allocated IP address.
Many new types of IP connected devices.
13. 1/05/2013
13
Other Considerations
• Complexity – the complexity of technologies,
complexity of systems, complexity of security
risks.
• Cyber espionage / Cyber warfare.
• Harder to implement effective information
Security management.
Other Considerations
• Tools needed – as the complexity of security
develops, so does the need to develop new
software tools to manage the complexity.
• Who has responsibility for security – is it
governments, corporations or individuals?
14. 1/05/2013
14
Increased Attack Vectors
• Malware – increased in sophistication of
malware, e.g. Stuxnet;
• Linked to other attack vectors – social
engineering;
• Malware for all devices.
Massive impacts of attacks
• The impacts of attacks will impact millions and
billions of users. Attacks could cause global
impacts.
• We are already seeing this with the impacts of
social networking attacks. Security failures will
have big impacts.
15. 1/05/2013
15
Online Identity
• The importance of our online identity / online
brand.
• Identity theft will become a greater issues.
• Google is preparing for all aspects of the lifecycle
including the afterlife.
Google Afterlife
• Google - ‘Inactive Account’ settings page, which
allows a Google user to clarify what they want
done with their YouTube, Gmail, and Google+
accounts after they die or are otherwise unable to
use their account.
• Google Users can choose to have their data
deleted after three, six, or twelve months of
inactivity or can share their data with friends or
relatives.
16. 1/05/2013
16
Google Afterlife
Complexity of attacks
• How to deal with complex security attacks?
• Social aspects of attacks – extension of phishing
attacks.
• How to plan for complex attacks – will security
risk analysis have a future?
• The role of government in protecting against
attacks?
17. 1/05/2013
17
Hacktivsm
• In the broadest term it is the use of technology as
a means of protest to promote political ends. The
aims of the protest would depend upon the group;
• Small groups have the power to cause major
impacts (real and media reported) based upon
their activities.
Anonymous
18. 1/05/2013
18
Ethical issues - Data Ownership
• Data Owner: responsible for the security and
use of a particular set of information.
• Data Custodian: responsible for storage,
maintenance, and protection of information .
• Data Users: end users who work with
information to perform their daily jobs
supporting the mission of the organisation.
35
Auscert Survey (2012)
• Responses indicated that 65% of participating
organisations had IT security staff with tertiary
level IT qualifications.
• More than 50% of participating organisations had
IT security staff with some type of vendor based
IT certifications.
• Almost 35% of participating organisations had IT
security staff with no formal training, although
most of these staff had more than five years
working in the IT security industry.
36
19. 1/05/2013
19
Auscert Survey (2012)
• These findings indicate that some organisations
may need to improve the skill set of their IT
security staff.
• This was supported by the additional finding that
55% of respondents thought their organisation
needs to do more to ensure their IT security staff
have an appropriate level of qualification, training,
experience and awareness.
37
Professional Aspects
• Greater focus on quality security qualifications /
academic and professional.
• International aspects of Security Professional
development, accreditation.
• Security qualifications in all aspects of security.
20. 1/05/2013
20
Professional Aspects
• The professional nature / needs an development
of security professionals.
• A greater global demand for security
professionals and a greater demand for all roles
to have a security component.
Human Elements
• Cyber Safety – becomes important for entire
populations.
• The professional nature of security needs the
development of IT and business professionals.
21. 1/05/2013
21
Current Views of Cyber Security
• Official Government Viewpoint.
http://www.youtube.com/watch?v=UIIY9AQSqbY
• Governments are taken Cyber Security seriously
now, what will happen in the future?
Conclusion
• What have we learned from the past?
• What will the future bring from a security
perspective?
• The world will become smaller as technology
transform society. Security will become an even
greater issue.