This document contains a list of 46 podcasts from the CERT organization covering various topics in cybersecurity. The podcasts are grouped into 10 categories: Forensics, Governing for Enterprise Security, Measuring Security, Privacy, Risk Management and Resilience, Security Education and Training, Software Security, Threat, Tips from the Trenches: Areas of Practice, and Trends and Lessons Learned. Each entry includes the podcast title, category, and brief description of topics covered in the podcast. The podcasts address a wide range of issues organizations may face such as malware analysis, security metrics, software development practices, and more.
NIST stands for National Institute of Standards and Technology and this federal agency develops and promotes measurements, standards, and technology to improve system productivity. NIST has a robust Cybersecurity Framework and is one of the most popular topics in the MedTech industry. It is the encapsulation and security of user data and their electronic documents against cyber-attacks. Being in the medical device industry, I wanted to know what cybersecurity framework or tools I should utilize to protect patients and their data. That is when I found the NIST-based Cybersecurity framework...
NISTs Cybersecurity Framework -- Comparison with Best PracticeDavid Ochel
A presentation given to the Central Texas chapter of the ISSA. We introduce the Cybersecurity Framework, compare it to an existing standard defining information security controls and management system requirements (ISO/IEC 27001), and provide some thoughts on what's next and where to find accompanying resources.
NIST stands for National Institute of Standards and Technology and this federal agency develops and promotes measurements, standards, and technology to improve system productivity. NIST has a robust Cybersecurity Framework and is one of the most popular topics in the MedTech industry. It is the encapsulation and security of user data and their electronic documents against cyber-attacks. Being in the medical device industry, I wanted to know what cybersecurity framework or tools I should utilize to protect patients and their data. That is when I found the NIST-based Cybersecurity framework...
NISTs Cybersecurity Framework -- Comparison with Best PracticeDavid Ochel
A presentation given to the Central Texas chapter of the ISSA. We introduce the Cybersecurity Framework, compare it to an existing standard defining information security controls and management system requirements (ISO/IEC 27001), and provide some thoughts on what's next and where to find accompanying resources.
I'm preparing for the CISSP next week and also speaking for ISACA, so created this deck to help my peers with some concepts that appear in CISM/ CISSP and ITIL practitioner exams
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline
Building a Product Security Practice in a DevOps WorldArun Prabhakar
This is a whitepaper on Product Security that largely focusses on building key security capabilities for products that are developed using DevOps methodology. It also consists of an effort to set up and accomplish the governance of Product Security in the DevOps world.
Content Strategy and Developer Engagement for DevPortalsAxway
Slides from Write the Docs Ottawa Meet Up at Shopify HQ in Canada, June 24, 2019
We’ll walk through 5 scenarios and concrete ways of reaching a developer community for frictionless and increased engagement.
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMSGregory McNulty
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMS
Cryptography is a fundamental building block of secure system design that security architects use as part of a layered approach to keep information private, and protect systems against fake communications. Potential attacks against networks and systems can be achieved by subverting communications and introducing havoc using specially constructed false messages. These types of attacks are safeguarded against when using proper modern cryptography to check the authenticity of messages and guard their privacy.
I'm preparing for the CISSP next week and also speaking for ISACA, so created this deck to help my peers with some concepts that appear in CISM/ CISSP and ITIL practitioner exams
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline
Building a Product Security Practice in a DevOps WorldArun Prabhakar
This is a whitepaper on Product Security that largely focusses on building key security capabilities for products that are developed using DevOps methodology. It also consists of an effort to set up and accomplish the governance of Product Security in the DevOps world.
Content Strategy and Developer Engagement for DevPortalsAxway
Slides from Write the Docs Ottawa Meet Up at Shopify HQ in Canada, June 24, 2019
We’ll walk through 5 scenarios and concrete ways of reaching a developer community for frictionless and increased engagement.
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMSGregory McNulty
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMS
Cryptography is a fundamental building block of secure system design that security architects use as part of a layered approach to keep information private, and protect systems against fake communications. Potential attacks against networks and systems can be achieved by subverting communications and introducing havoc using specially constructed false messages. These types of attacks are safeguarded against when using proper modern cryptography to check the authenticity of messages and guard their privacy.
NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...Alex Tan
GHL Systems’ family of award-winning netAccess enterprise payment network devices are essentially simple, plug-and-play routing devices that provide protocol conversion and allow multiple payment devices or EDC terminals to be interconnected, and then simultaneously routing transactions quickly to multiple destination hosts – without ever having to replace or redeploy EDC terminals.
The L & X-Series payment routers are merchant-level, LAN-optimized network transaction concentrators and routers that enable EDC terminals to be networked and to perform extremely cost-effective and efficient transaction routing from these LAN terminals to the acquiring parties.
Upgrade and transform their legacy payment networks from traditional RS232 EDC terminals to RS485 or TCP/IP – without having to re-deploy or change their existing infrastructure or network
Exploit more efficient or faster wireless communications (Wi-Fi, GPRS, EDGE or HSDPA) channels
Use other communications channels as secondary pr backup links (ADSL, PSTN-ODD)
Transform variable communication costs to fixed costs
Route transactions to multiple hosts accurately and securely
Resultados y logros del proyecto DCI-ALA/2012/302613 Fomento a la Producción de Plantas Medicinales ejecutado por la Facultad de Ciencias Agrarias a través de la Carrera de Ingeniería en Ecología Humana y financiado por la Unión Europea
Foursquare is a web and mobile application that allows registered users to post their location at a venue ("check-in") and connect with friends.
The app uses the iPhone's built-in GPS to display restaurants, bars, parks, and other attractions in your city. When you visit any of those locations, you "check in" on the FourSquare app, which broadcasts your location to your friends. You'll also see where your friends have checked in, which helps you meet up with them or find new things to do.
Marketing ROI, Opportunities, and Challenges in Online and Social Media Channels for Destination and Marketing Firms
Senior lodging and destination marketing executives often make vendor and marketing channel decisions without sufficient time to investigate the ROI of alternative strategies or emerging
media choices. An internet-based survey of 426 marketing executives, drawn from the TravelCom 2011 conference and Cornell Center for Hospitality Research database, with support from Vantage Strategy and iPerceptions, found a wide range of expenditures on online
marketing, as well as considerable diversity in organizational structures. Two-thirds of the sample comprised accommodation marketers, with the remainder being destination marketers or those responsible for other types of marketing. Nearly three-quarters of the respondents reported spending
less than $10,000 on mobile media in 2010, about two thirds spent less than $10,000 on all social media marketing. About 80 percent of the marketers said that they produced Twitter campaigns and social promotions in-house, but such functions as search engine optimization and pay-per-click advertising are largely outsourced. Accommodation firms are more likely to outsource all social media functions,
including pay-per-call, Twitter campaigns, and pay-per-click management. Destination marketers, on
the other hand, generally handle more functions in-house. Two-thirds of the entire sample said the
2010 e-commerce budgets had increased with respect to 2009. Sixty percent of accommodation
marketers anticipated a further increase in 2011, and 71 percent of the destination marketers said their
2011 budgets would increase.
WEEK 3 ESSAY QUESTIONS Instructions Answer all questions .docxcockekeshia
WEEK 3 ESSAY QUESTIONS
Instructions: Answer all questions in a single document. Then submit to the
appropriate assignment folder. Each response to a single essay question should
be about a half-page in length (about 150 words).
1. Cryptographic algorithms provide the underlying tools to most security
protocols used in today’s infrastructures. The choice of which type of
algorithm depends on the goal that you are trying to accomplish, such as
encryption or data integrity. These algorithms fall into two main categories:
symmetric key and asymmetric key cryptography. In this essay, please
discuss the strengths and weaknesses of symmetric key cryptography and
give an example of where this type of cryptography is used. Then discuss
the strengths and weaknesses of asymmetric key cryptography and give an
example of where this type of cryptography is used.
2. Cryptography has been used in one form or another for over 4000 years
and attacks on cryptography have been occurring since its inception. The
type of people attempting to break the code could be malicious in their
intent or could just be trying to identify weaknesses in the security so that
improvements can be made. In your essay response, define cryptanalysis
and describe some of the common cryptanalytic techniques used in attacks.
3. Many people overlook the importance of physical security when addressing
security concerns of the organization. Complex cryptography methods,
stringent access control lists, and vigilant intrusion detection/prevention
software will be rendered useless if an attacker gains physical access to
your data center. Site and facility security planning is equally important to
the technical controls that you implement when minimizing the access a
criminal will have to your assets. In your essay response, define CPTED and
describe how following the CPTED discipline can provide a more aesthetic
alternative to classic target hardening approaches. Make sure that the
three CPTED strategies are covered in your response.
WEEK 1 ESSAY QUESTIONS
Instructions: Answer all questions in a single document. Then submit to the
appropriate assignment folder. Each response to a single essay question should
be about a half-page in length (about 150 words).
1. In this week’s readings, you learned about two methods of risk analysis:
quantitative assessment and qualitative assessment. Explain the steps
taken to assess a risk from a quantitative perspective where monetary and
numeric values are assigned and discuss the formulas used to quantify risk.
Then, explain the methods used to assess risk from a qualitative
perspective where intangible values are evaluated such as the seriousness
of the risk or ramifications to the reputation of the company.
2. Domain 1 introduced numerous security terms that are used in assessing
risk. Please define the terms vulnerability, threat, threat agent, risk,
exposure and control. Then, describe the.
Some organizations have the resources and skills to secure their IT infrastructure against security threats; however, many organizations cannot do so. Organizations have a state-of-the-art security software solution or pay thousands of dollars for security tools. Even after that, no organization is entirely secure. Certified Threat Intelligence Analyst (C|TIA) allows cybersecurity professionals to enhance their skills in building sufficient organizational cyber threat intelligence. It is a specialist-level program. CTIA is an examination that tests the individuals’ skills and prepares them to make useful threat intelligence in the organization.
Read more: https://www.infosectrain.com/blog/ctia-course-outline/
4MANUAL OVERVIEW
5SECTION 1:Introduction: Welcome to CyberLeet
51.1 Introduction
51.2 Your Role at CyberLeet
61.3 Purpose of This Manual
7SECTION 2:CORE TENETS OF CYBERSECURITY
72.1 Confidentiality
72.2 Integrity
82.3 Availability
9SECTION 3:CYBERSECURITY POLICIES
93.1 Password Policies
93.2 Acceptable Use Policies
103.3 User Training Policies
103.4 Basic User Policies
11SECTION 4:THREAT MITIGATION SCENARIOS
114.1 Theft
114.2 Malware
124.3 Your Choice
13SECTION 5: REFERENCES
MANUAL OVERVIEW
You are the training manager at CyberLeet Technologies, a midsized firm that provides cybersecurity services to other businesses. CyberLeet’s core customer base is sole proprietorships and other mom-and-pop shops that are too small to have their own IT departments and budgets. Generally speaking, your clients have a reasonably high risk tolerance, and put a premium on the functionality of their IT systems over stringent security measures. However, you also have clients that must protect highly sensitive information in order to continue operating successfully. For example, CyberLeet supports a few small public-accounting firms that need to maintain important tax-related information, as well as several day-care businesses that must keep children’s health records private while allowing necessary access for certain caregivers. In the past year, CyberLeet has experienced rapid growth, which means you can no longer personally provide one-on-one training to every new information security analyst as they are hired. Therefore, you have decided to create a training manual that will explain to the current and future cohorts of new hires the essential principles and practices that they must understand in order to be successful in their role as information security analysts at CyberLeet.
Manual Layout
There are four sections in the manual, which cover all the components of a new employee training manual. As the training manager, you must complete each section using information you learned in this course. Refer to the background information on CyberLeet and apply the appropriate information that best matches based on the size of the company, the value of cybersecurity, and its core tenets. Apply best practices of cybersecurity principles for addressing the common threat scenarios of a sole proprietary business. The main sections of the manual you are responsible for completing are the following:
· Introduction
· Core tenets of cybersecurity
· Developing cybersecurity policies
· Threat mitigation scenarios
In Section One, describe the organization. Provide a short history of the company, define the way it operates, and describe its place within the industry and the community it serves. Follow the prompts to complete each section. All prompts should be deleted prior to submitting this section. SECTION 1:
Introduction: Welcome to CyberLeet1.1 Introduction
Prompt: Explain the value of CyberLeet Technologiesas a provider of cybersecurity services to its .
Essay QuestionsAnswer all questions below in a single document, pr.docxjenkinsmandie
Essay Questions
Answer all questions below in a single document, preferably below the corresponding topic.
Responses should be no longer than half a page.
One
1. A security program should address issues from a strategic, tactical, and operational view. The
security program should be integrated at every level of the enterprise’s architecture. List a
security program in each level and provide a list of security activities or controls applied in these
levels. Support your list with real-world application data.
2. The objectives of security are to provide availability, integrity, and confidentiality protection to
data and resources. List examples of these security states where an asset could lose these
security states when attacked, compromised, or became vulnerable. Your examples could
include fictitious assets that have undergone some changes.
3. Risk assessment can be completed in a qualitative or quantitative manner. Explain each risk
assessment methodology and provide an example of each.
Two
1. Access controls are security features that are usually considered the first line of defense in
asset protection. They are used to dictate how subjects access objects, and their main goal is to
protect the objects from unauthorized access.
These controls can be administrative, physical, or technical in nature and should be applied in a
layered approach, ensuring that an intruder would have to compromise more than one
countermeasure to access critical assets. Explain each of these controls of administrative,
physical, and technical with examples of real-world applications.
2. Access control defines how users should be identified, authenticated, and authorized. These
issues are carried out differently in different access control models and technologies, and it is up
to the organization to determine which best fits its business and security needs. Explain each of
these access control models with examples of real-world applications.
3. The architecture of a computer system is very important and comprises many topics. The
system has to ensure that memory is properly segregated and protected, ensure that only
authorized subjects access objects, ensure that untrusted processes cannot perform activities
that would put other processes at risk, control the flow of information, and define a domain of
resources for each subject. It also must ensure that if the computer experiences any type of
disruption, it will not result in an insecure state. Many of these issues are dealt with in the
system’s security policy, and the security model is built to support the requirements of this
policy. Given these definitions, provide an example where you could better design computer
architecture to secure the computer system with real-world applications. You may use fictitious
examples to support your argument.
Three
1. Our distributed environments have put much more responsibility on the individual user, facility
management, and administrative procedures and controls than in th.
Overcoming Hidden Risks in a Shared Security ModelOnRamp
Risk management, compliance, and security are a shared burden between your organization and your vendors. Standards such as NIST (Publication 500-292) and regulations like HIPAA and PCI-DSS provide considerations for compliance and security but do not account for the nuances of your unique business or your infrastructure. Guidelines are written as though one party is responsible for compliance and security, but you rely on multiple vendors. Outsourcing can lead to ambiguous delegation of compliance responsibilities, lack of data governance and security practices, and difficulty in achieving data protection—ultimately risking non-compliance and leaving your infrastructure vulnerable.
Join our expert panel as they share insights into closing the gap on who’s responsible for what in data security and best practices for improving your security posture.
Takeaways:
Who owns the responsibility of compliance and security?
How to find and mitigate hidden risks in a 3rd party ecosystem
How to map your requirements to owners, policies, and controls
Expert recommendations for PCI, HIPAA, FERPA, FISMA and more.
Managed Detection and Response (MDR) WhitepaperMarc St-Pierre
Managed detection and response (MDR) solutions benefit from investigative capabilities, particularly as derived and evolved from the digital forensic community. Buyers should thus include investigative experience as a selection factor when reviewing MDR offerings.
Whitepaper from TAG Cyber and OpenText on Managed Detection and Response (MDR): Investigative Capability as a Key Selection Factor.
Jon Murphy, National Practice Lead, AOS
Top 10 Trends for 2015 in Information Tech Risk Management
ITRM is more than merely security hardware and apps under the control of an overworked network admin. It is strategic and tactical process, technology, and people in various roles and levels working collaboratively to protect vital organizational assets like data, information, ability to delivery timely, and reputation. Organizations need continuous, current, Actionable InsightSM about probable sources of majorly impactful risks and threats. Then and only then are they adequately prepared to make the smartest investments in continuing education, process improvement, and procedures for the proper use of the right technology for their situation. This multi-media, interactive presentation will cover the current top trends for 2015 in ITRM and that Actionable InsightSM - what your organization can and should do about likely and impactful IT risks and vulnerabilities.
Harry Davis just finished interviewing a candidate to fill another.docxshericehewat
Harry Davis just finished interviewing a candidate to fill another medical billing specialist opening. As the human resources manager for MedEx, a medical billing company, Harry is concerned about the high turnover rate for the specialists. Turnover is very costly for the company, and Harry is trying to identify ways to lower the turnover rate. The candidate he just interviewed asked Harry if any of the specialists worked from home. Harry informed him that they do not right now, but telecommuting may be an option in the near future. MedEx employs more than medical billing specialists in its office located in a busy downtown metropolitan area. Each specialist works on a group of specific accounts, coding medical records and entering them into the computer system. The specialist position requires an intense 3-week training program to learn the coding system, but once they are proficient at their work, the specialists work independently on their assigned accounts. In an attempt to identify the cause of the high turnover rate, Harry asked the specialists to complete an employee survey that asked about their satisfaction with their pay, benefits, and working conditions. In general, the employees indicated satisfaction with pay levels and benefits, but were not satisfied in some other areas. In the “comments” section of the survey, several employees noted challenges in getting to work each day. Some mentioned heavy traffic that caused long commutes, while others noted the high cost of parking downtown. Further, many employees noted high stress levels due to trying to balance their work and personal responsibilities. When asked for specific ideas on how to improve the work environment, more than half of the specialists noted the option to telecommute as a desirable benefit. Because the specialists work independently, telecommuting is a feasible option. The specialists would need to work in the office at least 1 or 2 days per week in order to get updates on their accounts, but it would be possible for the employees to work from home the other days. Harry now must carefully consider whether to recommend offering the telecommuting option. Questions: 12-6. Would offering telecommuting as an option benefit MedEx? How? 12-7. Are there any disadvantages or challenges in offering telecommuting? 12-8. What do you recommend MedEx do? Why?
Martocchio, J. J. Strategic Compensation. [Strayer University Bookshelf]. Retrieved from https://strayer.vitalsource.com/#/books/9780134320595/
Running head: Cryptography 1
Cryptography 6
Cryptography
Aisha Tate
UMUC
August 29, 2019
Hi Aisha
You are heading in the right direction. You need to have specific details correct. Please use this guide and use scholarly/peer-reviewed articles. You appear to have just googled the information. Here is the checklist. Create appropriate tables and use the correct sources. Please see my notes below.
Best wishes,
Dr K
Student Name: Aisha Tate
Date: 7-Sep-201 ...
This follow up post on the subject of Artificial Intelligence focuses on Expert Systems and the role of traditional experts in their design and development. It explores four main themes:
What do we mean by Expert?
How do experts work?
Expert Systems Application Domains, and
Features of rule based Expert (KB) Systems
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...James W. De Rienzo
Print report contains conditional formatting and printer settings to enhance comprehension for for Cloud Service Providers (CSP) as well as Federal and Departmental Agencies.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Assuring Contact Center Experiences for Your Customers With ThousandEyes
SEI CERT Podcast Series
1. CERT Podcast Series.xlsx
Rec Seq Category
Title
Description
1 1 Forensics
Characterizing and Prioritizing Malicious Code
In this podcast, Jose Morales discusses how to prioritize malware samples, helping analysts to identify the most
destructive malware to examine first.
2 Forensics
TJX, Heartland, and CERT's Forensics Analysis Capabilities
In this podcast, participants recount complex, distributed, multi‐year investigations of computer crimes using
sophisticated methods, techniques, and tools.
3 Forensics
Computer and Network Forensics: A Master's Level Curriculum
In this podcast, Kris Rush describes how students learn to combine multiple facets of digital forensics and draw
conclusions to support investigations.
4 Forensics
Computer Forensics for Business Leaders: Building Robust Policies and Processes
In this podcast, participants discuss how business leaders can play a key role in computer forensics by establishing
and testing strong policies.
5 Forensics
Computer Forensics for Business Leaders: A Primer
In this podcast, participants discuss how computer forensics is often overlooked when planning an incident
response strategy.
2 6 Governing for Enterprise Security
Why Use Maturity Models to Improve Cybersecurity: Key Concepts, Principles, and Definitions
In this podcast, Rich Caralli explains how maturity models provide measurable value in improving an organization's
cybersecurity capabilities.
7 Governing for Enterprise Security
NIST Catalog of Security and Privacy Controls, Including Insider Threat
In this podcast, participants discuss why security controls, including those for insider threat, are necessary to
protect information and information systems.
8 Governing for Enterprise Security
Public‐Private Partnerships: Essential for National Cyber Security
In this podcast, participants explain that knowledge of software assurance is essential to ensure that complex
systems function as intended.
9 Governing for Enterprise Security
Establishing a National Computer Security Incident Response Team (CSIRT)
In this podcast, participants discuss how essential a national CSIRT is for protecting national and economic security
and continuity.
10 Governing for Enterprise Security
Leveraging Security Policies and Procedures for Electronic Evidence Discovery
In this podcast, John Christiansen explains that effectively responding to e‐discovery requests depends on well‐
defined policies, procedures, and processes.
3 11 Measuring Security
Measuring Operational Resilience
In this podcast, Julia Allen explains that measures of operational resilience should answer key questions, inform
decisions, and affect behavior.
http://www.cert.org/podcasts/index.cfm#securityeducation Page 1 of 5
2. CERT Podcast Series.xlsx
Rec Seq Category
Title
Description
3 11
12 Measuring Security
Getting to a Useful Set of Security Metrics
Well‐defined metrics are essential to determine which security practices are worth the investment.
13 Measuring Security
Using Benchmarks to Make Better Security Decisions
In this podcast, Betsy Nichols describes how benchmark results can be used to help determine how much security
is enough.
14 Measuring Security
Initiating a Security Metrics Program: Key Points to Consider
In this podcast, Samuel Merrell explains that a sound security metrics program should select data relevant to
consumers from repeatable processes.
15 Measuring Security
Building a Security Metrics Program
In this podcast, Betsy Nichols explains that reporting meaningful security metrics depends on topic selection,
context definition, and data access.
4 16 Privacy
Considering Security and Privacy in the Move to Electronic Health Records
In this podcast, participants discuss how using electronic health records bring many benefits along with security
and privacy challenges.
17 Privacy
Integrating Privacy Practices into the Software Development Life Cycle
In this podcast, participants explain that addressing privacy during software development is just as important as
addressing security.
18 Privacy
Electronic Health Records: Challenges for Patient Privacy and Security
In this podcast, Robert Charette explains why electronic health records (EHRs) are possibly the most complicated
area of IT today.
19 Privacy
Protecting Information Privacy ‐ How To and Lessons Learned
In this podcast, Kim Hargraves describes three keys to ensuring information privacy in an organization.
20 Privacy
The Value of De‐Identified Personal Data
In this podcast, participants discuss the complex legal compliance landscape and how de‐identification can help
organizations share data more securely.
5 21 Risk Management and Resilience
Comparing IT Risk Assessment and Analysis Methods
In this podcast, the presenters discuss IT risk assessment and analysis, and comparison factors for selecting
methods that are a good fit for your organization.
22 Risk Management and Resilience
The Electricity Subsector Cybersecurity Capability Maturity Model (ES‐C2M2)
ES‐C2M2 helps improve the operational resilience of the U.S. power grid.
23 Risk Management and Resilience
http://www.cert.org/podcasts/index.cfm#securityeducation Page 2 of 5
3. CERT Podcast Series.xlsx
Rec Seq Category
Title
Description
5 23 Using the Cyber Resilience Review to Help Critical Infrastructures Better Manage Operational Resilience
In this podcast, the presenters explain how CRRs allow critical infrastructure owners to compare their
cybersecurity performance with their peers.
24 Risk Management and Resilience
Managing Disruptive Events ‐ CERT‐RMM Experience Reports
In this podcast, the participants describe four experience reports that demonstrate how the CERT‐RMM can be
applied to manage operational risks.
25 Risk Management and Resilience
Managing Disruptive Events: Demand for an Integrated Approach to Better Manage Risk
In this podcast, Nader Mehravari describes how governments and markets are calling for the integration of plans
for and responses to disruptive events.
6 26 Security Education and Training
How to Become a Cyber Warrior
In this podcast, Dennis Allen explains that protecting the internet and its users against cyber attacks requires more
skilled cyber warriors.
27 Security Education and Training
Software Assurance: A Master's Level Curriculum
In this podcast, participants explain how knowledge about software assurance is essential to ensure that complex
systems function as intended.
28 Security Education and Training
Better Incident Response Through Scenario Based Training
In this podcast, Christopher May explains how teams are better prepared to respond to incidents if realistic, hands‐
on training is part of their normal routine.
29 Security Education and Training
Using High Fidelity, Online Training to Stay Sharp
In this podcast, Jim Wrubel explains how virtual training environments can deliver high quality content to security
professionals on‐demand, anywhere, anytime.
30 Security Education and Training
What Business Leaders Can Expect from Security Degree Programs
In this podcast, participants discuss whether information security degree programs meet the needs of business
leaders seeking knowledgeable employees.
7 31 Software Security
Raising the Bar ‐ Mainstreaming CERT C Secure Coding Rules
In this podcast, Robert Seacord describes the CERT‐led effort to publish an ISO/IEC technical specification for
secure coding rules for compilers and analyzers.
32 Software Security
Cisco's Adoption of CERT Secure Coding Standards
In this podcast, Martin Sebor explains how implementing secure coding standards is a sound business decision.
33 Software Security
How to Develop More Secure Software ‐ Practices from Thirty Organizations
In this podcast, participants discuss how organizations can benchmark their software security practices against 109
observed activities from 30 organizations.
http://www.cert.org/podcasts/index.cfm#securityeducation Page 3 of 5
4. CERT Podcast Series.xlsx
Rec Seq Category
Title
Description
7 34 Software Security
The Power of Fuzz Testing to Reduce Security Vulnerabilities
In this podcast, Will Dormann urges listeners to subject their software to fuzz testing to help identify and eliminate
security vulnerabilities.
35 Software Security
The Role of the CISO in Developing More Secure Software
In this podcast, Pravir Chandra warns that CISOs must leave no room for doubt that they understand what is
expected of them when developing secure software.
8 36 Threat
Using a Malware Ontology to Make Progress Towards a Science of Cybersecurity
In this podcast, Dave Mundie explains why a common language is essential to developing a shared understanding
to better analyze malicious code.
37 Threat
Mitigating Insider Threat ‐ New and Improved Practices Fourth Edition
In this podcast, participants explain how 371 cases of insider attacks led to 4 new and 15 updated best practices
for mitigating insider threats.
38 Threat
Building a Malware Analysis Capability
In this podcast, Jeff Gennari explains that analyzing malware is essential to assessing the damage and reducing the
impact associated with ongoing infection.
39 Threat
Indicators and Controls for Mitigating Insider Threat
In this podcast, Michael Hanley explains how technical controls can be effective in helping to prevent, detect, and
respond to insider crimes.
40 Threat
Protect Your Business from Money Mules
Organized criminals recruit unsuspecting intermediaries to help steal funds from small businesses.
9 41 Tips from the Trenches: Areas of Practice
DevOps ‐ Transform Development and Operations for Fast, Secure Deployments
In this podcast, Gene Kim explains how the "release early, release often" approach significantly improves software
performance, stability, and security.
42 Tips from the Trenches: Areas of Practice
Securing Mobile Devices aka BYOD
In this podcast, Joe Mayes discusses how to ensure the security of personal mobile devices that have access to
enterprise networks.
43 Tips from the Trenches: Areas of Practice
Using Network Flow Data to Profile Your Network and Reduce Vulnerabilities
In this podcast, participants discuss how a network profile can help identify unintended points of entry,
misconfigurations, and other weaknesses.
44 Tips from the Trenches: Areas of Practice
How to More Effectively Manage Vulnerabilities and the Attacks that Exploit Them
In this podcast, Greg Crabb explains how CERT‐RMM can be used to establish and meet resilience requirements for
a wide range of business objectives.
http://www.cert.org/podcasts/index.cfm#securityeducation Page 4 of 5
5. CERT Podcast Series.xlsx
Rec Seq Category
Title
Description
9 45 Tips from the Trenches: Areas of Practice
Why Organizations Need a Secure Domain Name System
Use of Domain Name System security extensions can help prevent website hijacking attacks.
10 46 Trends and Lessons Learned
Cyber Security, Safety, and Ethics for the Net Generation
In this podcast, Rodney Peterson explains why capitalizing on the cultural norms of the Net Generation is essential
when developing security awareness programs.
47 Trends and Lessons Learned
Tackling Tough Challenges: Insights from CERT’s Director Rich Pethia
In this podcast, Rich Pethia reflects on the CERT Division's 20‐year history and discusses its future IT and security
challenges.
48 Trends and Lessons Learned
Climate Change: Implications for Information Technology and Security
In this podcast, Richard Power explains how climate change requires new strategies for dealing with traditional IT
and information security risks.
49 Trends and Lessons Learned
Integrating Security Incident Response and e‐Discovery
In this podcast, Julia Allen explains how responding to an e‐discovery request involves many of the same steps and
roles as responding to a security incident.
50 Trends and Lessons Learned
Virtual Communities: Risks and Opportunities
In this podcast, Jan Wolynski advises business leaders to evaluate risks and opportunities when considering
conducting business in online, virtual communities.
http://www.cert.org/podcasts/index.cfm#securityeducation Page 5 of 5