BSidesSF talk: Silver lining for security teams in data protection clouds

•

0 likes•286 views

The path to navigating data protection risks is often filled with uncertainty. Overestimating the risks stifles growth, and underestimating them can derail the business. To be able to measure data protection risks, security teams need to view them from both a technical and legal lens. This talk is about enabling security teams to right-size their risk profile, and to identify controls correlated with reducing data protection risks and the liability exposure of the organization.

Rafae Bhatti
Director of Security and Compliance, Mode
LinkedIn: rafaebhatti
Twitter: @privacyphd
When GDPR and CCPA strike:
Silver lining for security teams in data protection clouds

Who
Am I?
I build security programs at startups
I am also a recently licensed CA attorney

Traditional
Risk
Landscape
Backdoor
Breach

Shifting
Risk
Landscape
Breaches at your
Front door

Parallax
So an engineer and a lawyer walked into a bar…

● Data subject expectations
○ Collection
○ Processing/Sharing
○ Retention
● Data protection safeguards
○ Security controls
○ Contractual obligations
● Adequate/reasonable
○ Risk acceptance
Security From
Data Protection
Lens

Solution
When engineers and lawyers talk

Lets Run
With It
Front door breaches ahead!

Scenario 1
A company’s vendor launches an email campaign
using the personal data of the company’s users.
The data belongs to consumers in CA.
Can a CA consumer sue the company for a CCPA
violation?

Vendor
Data Use
Takeaway
● Audit data use for vendor with PII,
including cookie scan
● In addition to legal commitments, use
tools (such as plug-ins) to protect
personal data
● Tie vendor security to business
consequences

Scenario 2
A company accidentally shares a report belonging
to organization A with organization B.
The data belongs to consumers in the EU.
Is the company required to notify the consumers of
a data breach?

Data Breaches:
Crash vs.
Water Landing
Video: Sully Movie CLIP - Brace for Impact (2016) - Tom Hanks Movie

Data
Processing
Risk
Takeaway
● Degree of risk is a matter of data
subject expectation
● Mandatory code review when high level
of risk in processing data
● Tie risk of disclosure to business
consequences
Different analysis for CA and EU

Scenario 3
A company’s vendor leaks personal data about its customers.
The data belongs to consumers in CA.
Can a CA consumer sue the company for a data breach?

Reasonable
Means
Operational
Takeaway
● An operational cybersecurity program.
● An independent attestation of design
and operational effectiveness can go a
long way
● Investment in compliance pays off

Takeaways
● Audit vendor use of PII when doing vendor
security reviews
● Focus on data processing risk to guide breach
mitigation and response
● Invest in operational effectiveness of
cybersecurity program

Understanding
Risks Has its
Rewards
Security Roadmap
● Communicate security risks
● Translate risks into needs
● Create security culture
Tooling and Scaling
● Privacy Engineering

Conclusion When it’s our time to land:
Hope we are on the Hudson, not in it.

Thankyou!
LinkedIn: rafaebhatti
Twitter: @privacyphd

GDPR governance & DPO dashboard: Corporater offers an all-in-one actionable dashboard solution that gives your Data Protection Officer complete oversight into your compliance activities related to GDPR. Corporater GDPR integrates with your existing systems to provide a complete overview of all your data protection activities: 1. Implement GDPR projects and activities 2. Monitor GDPR metrics 3. Audit GDPR articles To know more, visit: https://corporater.com/en/business-solutions/governance-risk-and-compliance/gdpr-software/

Employee Training is Key to GDPR Compliance: GDPR

GDPR Course

Build the Right Secure Your Network Devices

connectiscyber

According to the Cyber Security Awareness 71% of the cyber attacks target small businesses & almost half of the small enterprises have been attacked. The NCSA has reported three of the major reasons that small businesses often get targeted. They are not available with the resources so as to respond to an attack. The details like the credit card numbers hold less heavily guarded. Small enterprises may get partnered with the larger corporations & provide the hacker's accessibility to those companies. Your network must obtain a firewall so as to protect the network altogether.

General data protection regulation gdpr audit 2018

Fraser Hay

General Data Protection Regulation GDPR Audit 2018 helps you prepare for gdpr, gdpr action plan, gdpr awareness, gdpr awareness for hotel marketing, gdpr compliance 2018, gdpr readiness, gdpr strategy, gdpr strategy 2018, general data protection regulations, general data protection regulations strategy, general data protection regulations strategy 2018, marketing strategy 2018, social media marketing plan, social media marketing plan 2018, social media marketing strategy 2018, gdpr audit, gdpr audit 2018

GDPR Readiness for Software Usage Analytics

Revulytics Inc.

WATCH THE FULL WEBINAR HERE: https://www.revulytics.com/gdpr-readiness-for-software-usage-analytics Learn what you need to know to prepare for May 2018. There have always been conflicts between a person’s right to privacy and an organization’s right to collect personal information for the protection and improvement of their intellectual property. But an organization can achieve balance by considering the laws and regulations in place within the jurisdictions where the organization’s products may be used. With increased interest and concerns around the impact of the General Data Protection Regulation (GDPR), Revulytics invites you to join a presentation from Privacy Ref that will provide an overview of the latest changes to the European privacy environment to educate you on the applicability of GDPR to the use of software usage and compliance analytics. The webinar provides insight into the EU privacy environment and shows how the Revulytics platform can be implemented in a manner that is GDPR compliant. In this webinar you will learn: * Concepts, principles, and definitions underlying GDPR * How GDPR applies to software producers deploying software analytics solutions * How the roles of Data Controllers and Data Processors apply * What approaches may be used to lawfully process personal information under GDPR

Build the right secure corporate networks

connectiscyber

When computer networks got isolated within the walls of offices, an Internet connection was countable as a luxury & not as a critical component of the business functions. This has in totality got changed for businesses that rely upon the computers to acquire & deliver services. Customers, business partners, remote office locations, & mobile workers expect the connectivity to your office network. Mobile networks basically expect the interconnected nature of the networks that open doors to new levels of productivity.

GDPR and Privacy AI Miner enables any organization to detect privacy data (for example data under EU GDPR) and then take action on it. Includes unique capability to train AI using own data so that AI able to detect privacy data unique for each customers’ way of doing business. The solution has been recognized and proven by IBM – We were selected as a wildcard Champion of the global IBM Watson Build challenge, and were one of eight companies at the challenge finals.

CWIN17 New-York / earning the currency of trust

Capgemini

Understanding gdpr compliance gdpr analytics tools

RominaMariaBaltariu

Vendor Landscape: Email Security Gateway

Info-Tech Research Group

The emails that you want are only the tip of the iceberg that you get. Your Challenge Within the email security gateway (ESG) marketplace, there are numerous vendors with varying options who all claim to be the perfect fit for your organization. It becomes challenging to sift through all the offerings and find the right one. An ESG must serve a multitude of functions for the organization, as well as meet an array of requirements, all of which can be hard to accurately assess and include confidently. IT security always struggles with costs. An email gateway can become expensive, but it is vital and thus needs to have a strong case made for implementation, improvement, or replacement scenarios. Our Advice Critical Insight Cloud adoption among business functions is already high. Moving email to the cloud is just another step. Take this into consideration when selecting an ESG. Advanced Persistent Threats (APTs) and Zero-Day attacks are changing the way organizations deal with threats. Recognize the need for greater visibility and tools that stay current with these developments. Impact and Result Understand developments within the ESG market to properly evaluate all capabilities and functions of an ESG. Evaluate ESG vendors and products based on your enterprise requirements. Determine which products are most appropriate for particular use cases and scenarios.

Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...

FinTech Belgium

Cross border - off-shoring and outsourcing privacy sensitive data

Ulf Mattsson

Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...

TrustArc

Watch the webinar on-demand: https://info.trustarc.com/mastering-article-30-compliance-webinar.html 78% of companies need help with conducting a data inventory. As businesses grapple with the requirements of the GDPR one of the most challenging is the need to create a comprehensive record of all of your data processing activities as required under Article 30 of the GDPR. Recent research from Dimensional Research/TrustArc found that 78% of companies said they needed help with conducting a data inventory. With a project of this scale why re-invent the wheel when you can learn from other privacy professionals who have gone through the process of scoping, communicating, managing and delivering a comprehensive data inventory and mapping project. Watch this webinar on-demand to hear from in-house privacy professionals and consultants how to: - build a business case for the data inventory - involve other departments across the business - understand benefits of different methodologies – such as a systems or process-based approach - review the tools and technologies available to help for you - maintain the inventory over time To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/

Data protection and privacy in the world of database DevOps

Red Gate Software

We dispel the myth that database DevOps and compliance can't go hand in hand. We begin with a brief look at how extending DevOps to the database lays solid foundations for data governance and compliance. Our guest speaker is James Boother, Sales and Marketing Director at Coeo. Coeo are Europe's most trusted analytics and data management experts, with over 10 years’ experience delivering technology strategy and support for businesses who need to get the most from their data. In a climate where data breaches are all too frequent, and more and more data lives in the cloud, the challenge of protecting your data can seem daunting. James addresses the implications of the forthcoming GDPR on database management, highlighting requirements you may need to address. As well as offering guidance for assessing your data estate for GDPR readiness, James shares some great tools and tips for building data protection and privacy into your DevOps processes. With the right preparation, you can be fully compliant, with your data safe, whilst maintaining fast delivery of value to your end users.

Securing Real Estate Transactions through Threat Intelligence

Inman News

Gdpr presentation

Sudarsan Reddy

GDPR infographic

Marketing Team at Crown Worldwide Group

GDPR Jennifer Rose

Jennifer Rose

What Every Physician Needs to Know About Cloud Storage

Texas Medical Liability Trust

[Srijan Wednesday Webinars] Is Your Business Ready for GDPR

Srijan Technologies

Speaker: Matt Skinner, Head of Digital Strategy and Data, Proctor + Stevenson The General Data Protection Regulation represents the biggest change to European data laws in decades. It comes into effect on May 25th, 2018, and if you haven’t already chalked out a compliance roadmap, it’s high time you did. The regulation has far-reaching effects and will have a significant impact on any firm that does business in the EU. This session is designed to give you a complete overview of GDPR and what it entails. Get an understanding of the regulations introduced, and what it means for your business: data security as well as marketing communications. Join the webinar to plan out your seamless transition into GDPR compliance. Who's This For - Technology professionals - Senior marketing professionals - Anyone working with agencies and clients in the EU, looking to understand the complete impact of GDPR What's In It for You - General overview of GDPR, what it means - Know how enterprises should prepare for it - Understand its impacts on data collection, websites, and comms - Review data security and GDPR’s potential long-term impact on the marketing industry View our complete series of webinars at: www.srijan.net/webinar/past webinars

California's New Privacy Policy Guidelines

Brian Heidelberger

EU General Data Protection Regulation

Dr. Mira Suleimenova, CIPPe

Benefits of erpproshenjitsaha

GDPR solutions (JS Event 28/2/18) | Greenlight Computers

Gary Dodson

BigID GDPR Compliance Automation Webinar Slides

Dimitri Sirota

What's hot

Cmgt 441 complete course

Laynevine

Managing security risks in today's digital era

Singtel

GDPR for WordPress - Impacts & Solutions

ServerGuy

GDPR and Privacy Data AI Miner - Solve your complex privacy data challenges!

Elinar

CWIN17 New-York / earning the currency of trust

Capgemini

Understanding gdpr compliance gdpr analytics tools

RominaMariaBaltariu

Vendor Landscape: Email Security Gateway

Info-Tech Research Group

Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...

FinTech Belgium

Cross border - off-shoring and outsourcing privacy sensitive data

Ulf Mattsson

Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...

TrustArc

Data protection and privacy in the world of database DevOps

Red Gate Software

Securing Real Estate Transactions through Threat Intelligence

Inman News

Gdpr presentation

Sudarsan Reddy

GDPR infographic

Marketing Team at Crown Worldwide Group

GDPR Jennifer Rose

Jennifer Rose

What Every Physician Needs to Know About Cloud Storage

Texas Medical Liability Trust

[Srijan Wednesday Webinars] Is Your Business Ready for GDPR

Srijan Technologies

California's New Privacy Policy Guidelines

Brian Heidelberger

EU General Data Protection Regulation

Dr. Mira Suleimenova, CIPPe

Benefits of erpproshenjitsaha

What's hot (20)

Cmgt 441 complete course

Managing security risks in today's digital era

GDPR for WordPress - Impacts & Solutions

GDPR and Privacy Data AI Miner - Solve your complex privacy data challenges!

CWIN17 New-York / earning the currency of trust

Understanding gdpr compliance gdpr analytics tools

Vendor Landscape: Email Security Gateway

Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...

Cross border - off-shoring and outsourcing privacy sensitive data

Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...

Data protection and privacy in the world of database DevOps

Securing Real Estate Transactions through Threat Intelligence

Gdpr presentation

GDPR infographic

GDPR Jennifer Rose

What Every Physician Needs to Know About Cloud Storage

[Srijan Wednesday Webinars] Is Your Business Ready for GDPR

California's New Privacy Policy Guidelines

EU General Data Protection Regulation

Benefits of erp

Similar to BSidesSF talk: Silver lining for security teams in data protection clouds

GDPR solutions (JS Event 28/2/18) | Greenlight Computers

Gary Dodson

BigID GDPR Compliance Automation Webinar Slides

Dimitri Sirota

GDPR & the Travel Industry: Practical recommendations for holiday rental owners

Spain-Holiday.com

What is GDPR? As a holiday rental property owner, Airbnb host or holiday rental agent, why does it matter to you? You don't need to work at a large internet company like Facebook, Google or Amazon to be affected, or responsible for data protection. As part of the travel & tourism industry, you probably have personal data on your guests such as name and email address at the very least. You may also have highly sensitive data such as financial details, date of birth and passport details. The introduction of the new privacy regulation called the GENERAL DATA PROTECTION REGULATION, or GDPR, comes into effect from 25th May 2018. This webinar aims to help you understand what your obligation in how you deal with the data from the customers, the penalties and risks for non-compliance and, most importantly, a step by step roadmap to becoming GDPR compliant as a small business owner in the holiday rental industry. Alongside tips and practical advice, the webinar will explore the opportunities that the introduction of the new data protection law can have for you in the travel & tourism industry. The presentation agenda will cover: Introduction and overview to GDPR GDPR and the Holiday Rental Industry GDPR and You - Responsibilities, risks and benefits Roadmap to GDPR compliance GDPR applies to all businesses and organisations, big or small, offering products or services to citizens in the EU. Show your customers that you are committed to treating their personal data with respect and consideration by understanding how to become GDPR-ready for 25th May 2018.

The Guide to Managing the Security of Your SaaS and Cloud Providers

DevOps.com

The security management of SaaS and Cloud providers is an essential element of a company’s cyber security strategy. The problem is that many companies don't even know how to start assessing these providers. Even if they do, it’s hard to scale an actionable program. However, a well-planned program will easily and quickly provide transparency into vendors’ security while facilitating significant improvements in your company’s own cyber security posture. By attending this webinar, attendees will learn how to: Tier provider evaluation based on the inherent risk/criticality of each relationship; Achieve transparency into your providers’ security practices; Implement compensating internal controls when the providers don't have or won't reveal their own; Collaborate with your providers to ensure success in the remediation process; Create KPI's to help manage, improve the process and demonstrate achievements.

Feb20 Webinar - Managing Risk and Pain of Vendor Management

TrustArc

To view the full webinar recording, visit: https://info.trustarc.com/managing-ccpa-gdpr-individual-rights-dsar-compliance.html?utm_source=slideshare One of the most visible and complex requirements to achieve CCPA (California Consumer Privacy Act) and GDPR (General Data Protection Regulation) compliance is managing data subject access requests (DSAR), also known as individual rights or consumer rights. Recent IAPP / TrustArc benchmarking research indicates over 75% of companies have received a DSAR request, but only 33% have started to automate the management process. This webinar will cover the following: -Review the similarities and differences in the subject rights request requirements for CCPA and GDPR compliance -Provide best practices to build an end to end management process and tools to help automate the CCPA and GDPR compliance process. -Offer guidance from privacy experts who understand the regulatory requirements and have hands-on experience building and implementing successful CCPA and GDPR compliance programs To view the full webinar recording, visit: https://info.trustarc.com/managing-ccpa-gdpr-individual-rights-dsar-compliance.html?utm_source=slideshare

(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...

Andrew O. Leeth

What is a data protection impact assessment?

Infinity Legal Solutions

Data Privacy: The Hidden Beast within Mergers & Acquisitions

TrustArc

Today, growing an organization through Mergers & Acquisitions (M&A) has become a popular business practice. This can lead to great success but it can also cause a potential liability to the acquirer if global data privacy laws and regulations are not considered during the acquisition. Businesses that adopt this strategy need to be aware of how to handle the data involved in the acquisitions. Between new and evolving data privacy laws, an increased focus on regulators, and increased liability on the acquirer, incorporating data privacy practices is necessary for the M&A transaction process.

The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance

ObservePoint

What is a data protection impact assessment? what are the essential stages to...

Infinity Legal Solutions

The General Data Protection Regulation (GDPR) explicitly states that any data processing activity that poses a high risk to the data subject’s rights and freedoms must undergo a Data Protection Impact Assessment in Netherland. It is one of the most important and particular processes prescribed by the Regulation for determining the risk of sensitive data exposure. The Assessment determines the level of risk associated with data processing operations that may have an impact on data subjects. Visit the blog for further details: https://infinitylegalsolutions.com/blog/

EU GDPR: What You Really Need to Know

Sarah Crabb

Can your organization afford to be fined €20 million for improperly removing customer data, as required by EU’s new General Data Protection Regulation (GDPR)? Seasoned legal and security experts from Blancco Technology Group and DLA Piper distil the legal terminology from the recently approved EU General Data Protection Regulation (GDPR) into 'how' and 'what' your organization needs to know to prepare for compliance by 2018.

Journey2018: Surviving and thriving under GDPR

Yieldify

#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers

One North

One North’s Managing Director of Technology Ryan Horner and legal process and technology consultant Bob Beach share details on how the EU’s General Data Protection Regulation (GDPR) could impact digital assets. This webinar is designed to educate digital marketers, share actionable examples, and provide an overview of how One North can help clients ensure their digital properties are in compliance with the regulation and execute on those efforts. Beyond GDPR compliance, the session will also highlight important information for marketers as data privacy continues to become a critical and strategic component of digital. Access the recording: https://youtu.be/ruQpN70LGt0

MRS Operations Network: GDPR - Organisational Measures

MRS

Common Practice in Data Privacy Program Management

Eryk Budi Pratama

Cloud data security and GDPR compliance

Salim Benadel

Securing The Reality of Multiple Cloud Apps: Pandora's Story

CloudLock

Impact of GDPR on Third Party and M&A Security

EQS Group

Cybersecurity: How To Protect Your Law Firm Data

Rocket Matter, LLC

Data security, privacy protection, and information governance are inextricably linked to the attorney-client relationship. Lawyers must overcome their aversion to technology and understand that protecting data is not just the IT department’s responsibility, but theirs as well, as lawyers are stewards of their own, their clients’, and their firms’ data. Learn insights and tips on how to better understand the data security environment from a lawyers’ perspective and how you can best communicate to clients the need for secure information governance. You’ll be prepared to answer the following questions that are being asked by corporate counsel and other prospective clients: Is your firm positioned to handle my data securely? What are your firm’s protocols?

Data Protection Forum Brussels 230517 - Implementing GDPR

John M Walsh

Similar to BSidesSF talk: Silver lining for security teams in data protection clouds (20)

GDPR solutions (JS Event 28/2/18) | Greenlight Computers

BigID GDPR Compliance Automation Webinar Slides

GDPR & the Travel Industry: Practical recommendations for holiday rental owners

The Guide to Managing the Security of Your SaaS and Cloud Providers

Feb20 Webinar - Managing Risk and Pain of Vendor Management

(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...

What is a data protection impact assessment?

Data Privacy: The Hidden Beast within Mergers & Acquisitions

The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance

What is a data protection impact assessment? what are the essential stages to...

EU GDPR: What You Really Need to Know

Journey2018: Surviving and thriving under GDPR

#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers

MRS Operations Network: GDPR - Organisational Measures

Common Practice in Data Privacy Program Management

Cloud data security and GDPR compliance

Securing The Reality of Multiple Cloud Apps: Pandora's Story

Impact of GDPR on Third Party and M&A Security

Cybersecurity: How To Protect Your Law Firm Data

Data Protection Forum Brussels 230517 - Implementing GDPR

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

PHP Frameworks: I want to break free (IPC Berlin 2024)

Ralf Eggert

In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development. This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

ODC, Data Fabric and Architecture User Group

CatarinaPereira64715

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Knowledge engineering: from people to machines and back

Elena Simperl

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

The Future of Platform Engineering

Jemma Hussein Allen

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 3

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

JMeter webinar - integration with InfluxDB and Grafana

Epistemic Interaction - tuning interfaces to provide information for AI support

Accelerate your Kubernetes clusters with Varnish Caching

PHP Frameworks: I want to break free (IPC Berlin 2024)

GraphRAG is All You need? LLM & Knowledge Graph

ODC, Data Fabric and Architecture User Group

Leading Change strategies and insights for effective change management pdf 1.pdf

FIDO Alliance Osaka Seminar: Overview.pdf

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

Knowledge engineering: from people to machines and back

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Key Trends Shaping the Future of Infrastructure.pdf

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

How world-class product teams are winning in the AI era by CEO and Founder, P...

The Future of Platform Engineering

BSidesSF talk: Silver lining for security teams in data protection clouds

1. Rafae Bhatti Director of Security and Compliance, Mode LinkedIn: rafaebhatti Twitter: @privacyphd When GDPR and CCPA strike: Silver lining for security teams in data protection clouds

2. Who Am I? I build security programs at startups I am also a recently licensed CA attorney

3. What This Talk is About? Right-sizing the risk profile

4. Outline Problem Solution Conclusion Q&A

5. Traditional Risk Landscape Backdoor Breach

6. Shifting Risk Landscape Breaches at your Front door

7. Parallax So an engineer and a lawyer walked into a bar…

8. ● Data subject expectations ○ Collection ○ Processing/Sharing ○ Retention ● Data protection safeguards ○ Security controls ○ Contractual obligations ● Adequate/reasonable ○ Risk acceptance Security From Data Protection Lens

9. Challenge

10. Outline Problem Solution Conclusion Q&A

11. Solution When engineers and lawyers talk

12. Right-Sizing: Examples

13. Lets Run With It Front door breaches ahead!

14. Scenario 1 A company’s vendor launches an email campaign using the personal data of the company’s users. The data belongs to consumers in CA. Can a CA consumer sue the company for a CCPA violation?

15. CCPA Sale: Example

16. Vendor Data Use Takeaway ● Audit data use for vendor with PII, including cookie scan ● In addition to legal commitments, use tools (such as plug-ins) to protect personal data ● Tie vendor security to business consequences

17. Scenario 2 A company accidentally shares a report belonging to organization A with organization B. The data belongs to consumers in the EU. Is the company required to notify the consumers of a data breach?

18. Data Breaches: Crash vs. Water Landing Video: Sully Movie CLIP - Brace for Impact (2016) - Tom Hanks Movie

19. Clarity in Uncertainty Flight#1549 had a unique risk profile 1. Speed was too high to avoid hitting the birds 2. Altitude was too low to be able to land on any ground 3. Decision had to be made quickly Find your unique profile to calibrate risks 1. Exposed data included personal data 2. Exposed data was not encrypted 3. The source of breach has not been addressed Under CCPA -> Enough to decide Under GDPR -> Consider high risk

20. High Risk Processing?

21. Data Processing Risk Takeaway ● Degree of risk is a matter of data subject expectation ● Mandatory code review when high level of risk in processing data ● Tie risk of disclosure to business consequences Different analysis for CA and EU

22. Scenario 3 A company’s vendor leaks personal data about its customers. The data belongs to consumers in CA. Can a CA consumer sue the company for a data breach?

23. Clarity in Uncertainty Find your unique profile to calibrate risks 1. Exposed data included personal data 2. Exposed data was not encrypted 3. The breach has not been cured Under CCPA -> If NOT reasonable Under GDPR -> No private right

24. Reasonable Security

25. Reasonable Means Operational Takeaway ● An operational cybersecurity program. ● An independent attestation of design and operational effectiveness can go a long way ● Investment in compliance pays off

26. Takeaways ● Audit vendor use of PII when doing vendor security reviews ● Focus on data processing risk to guide breach mitigation and response ● Invest in operational effectiveness of cybersecurity program

27. Outline Problem Solution Conclusion Q&A

28. Understanding Risks Has its Rewards Security Roadmap ● Communicate security risks ● Translate risks into needs ● Create security culture Tooling and Scaling ● Privacy Engineering

29. Conclusion When it’s our time to land: Hope we are on the Hudson, not in it.

30. Thankyou! LinkedIn: rafaebhatti Twitter: @privacyphd

BSidesSF talk: Silver lining for security teams in data protection clouds

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to BSidesSF talk: Silver lining for security teams in data protection clouds

Similar to BSidesSF talk: Silver lining for security teams in data protection clouds (20)

Recently uploaded

Recently uploaded (20)

BSidesSF talk: Silver lining for security teams in data protection clouds