On April 2nd, ASI held its first invitation-only CIO Summit — on Data Security in a Mobile World in downtown Washington, DC, exclusively for not-for-profit CIOs. The event brought together the best and brightest minds from the association, non-profit, and business communities to address the current data security threats they're facing, particularly in this increasingly mobile world.
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Description : Organizations have spent massive amounts of money to protect the perimeter of their networks, but if your business exists on the internet, there really is no perimeter. In this presentation, we'll discuss Digital Footprints in understanding your company’s external attack surface. We will discuss social, mobile, web attacks and analyze and review lessons learned recently publicized attacks (Polish banking institutions, Apache Struts Vulnerability or WannaCry ransomware. The speed of business and cybercrime isn't slowing down, so how can you be prepared to address and defend against these types of threats? Attend our session to find out how.
Reducing Your Digital Attack Surface and Mitigating External Threats - What, Why, How:
What is a Digital Footprint?
Breakdown of External Threats (Social, Mobile, Web)
What are blended attacks?
What is actually being targeting at your company?
How are your brands, customers, and employees being attack outside of your company?
How to become proactive in threat monitoring on the internet?
Considerations in External Threat solutions
Threat correspondence tracking considerations
Is legal cease and desist letters adequate in stopping attacks?
Examination of a phishing attack campaign
How phishing kits work
Analysis and lesson learned from recent published attacks
What are the most important capability in a digital risk monitoring solution?
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
Best Practices for a Mature Application Security Program Webinar - February 2016Security Innovation
In this webinar, you will learn about trends in application security, threat modeling and risk rating your applications, and optimizing your Software Development Lifecycle. Highlights include:
- Research from the Ponemon Institute: Where have companies improved and where do they continue to struggle when it comes to application security?
- Understanding application security threats to different platforms and how to prioritize vulnerabilities.
- Optimizing your Software Development Lifecycle by using best practices, identifying skill gaps, and building a roadmap.
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Description : Organizations have spent massive amounts of money to protect the perimeter of their networks, but if your business exists on the internet, there really is no perimeter. In this presentation, we'll discuss Digital Footprints in understanding your company’s external attack surface. We will discuss social, mobile, web attacks and analyze and review lessons learned recently publicized attacks (Polish banking institutions, Apache Struts Vulnerability or WannaCry ransomware. The speed of business and cybercrime isn't slowing down, so how can you be prepared to address and defend against these types of threats? Attend our session to find out how.
Reducing Your Digital Attack Surface and Mitigating External Threats - What, Why, How:
What is a Digital Footprint?
Breakdown of External Threats (Social, Mobile, Web)
What are blended attacks?
What is actually being targeting at your company?
How are your brands, customers, and employees being attack outside of your company?
How to become proactive in threat monitoring on the internet?
Considerations in External Threat solutions
Threat correspondence tracking considerations
Is legal cease and desist letters adequate in stopping attacks?
Examination of a phishing attack campaign
How phishing kits work
Analysis and lesson learned from recent published attacks
What are the most important capability in a digital risk monitoring solution?
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
Best Practices for a Mature Application Security Program Webinar - February 2016Security Innovation
In this webinar, you will learn about trends in application security, threat modeling and risk rating your applications, and optimizing your Software Development Lifecycle. Highlights include:
- Research from the Ponemon Institute: Where have companies improved and where do they continue to struggle when it comes to application security?
- Understanding application security threats to different platforms and how to prioritize vulnerabilities.
- Optimizing your Software Development Lifecycle by using best practices, identifying skill gaps, and building a roadmap.
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.
Big fix and Qradar will tighten endpoint security and avoid hackers threats offering the clients an integrated threat protection, enabling automated offense identification and continuous security configuration enforcement.
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
As cyber attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. Event monitoring and correlation technologies and security operations are often tied to incident handling responsibilities, but the number of attack variations is staggering, and many organizations are struggling to develop incident detection and response processes that work for different situations.
In this webcast, we'll outline the most common types of events and indicators of compromise (IOCs) that naturally feed intelligent correlation rules, and walk through a number of different incident types based on these. We'll also outline the differences in response strategies that make the most sense depending on what types of incidents may be occurring. By building a smarter incident response playbook, you'll be better equipped to detect and respond more effectively in a number of scenarios.
Breached! App Attacks, Application Protection and Incident ResponseResilient Systems
Software applications, like outward facing Web applications, are consistently ranked as one of the top threat vectors. For example, according to a recent report from Trustwave, SQL injection was the attack method for 26% of all reported breaches. Indeed despite being a decade-old, well understood vulnerability, SQL injection flaws remain present in 32% of applications.
This webinar will first explain software application vulnerabilities and define their various types. It will also present recent research findings about the prevalence of these vulnerabilities and their impact. From there it will discuss what organizations can do to harden their applications. Finally, the webinar will cover best practices for responding to a successful application attack.
Our featured speaker for this timely webinar is Chris Wysopal, Co-Founder, CTO & Chief Information Security Officer at Veracode.
Firewalls and border routers are still the cornerstone for perimeter security
Always will be a place for VPNs
Attacks occur at the application layer
So ensure app security
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowIBM Security
In this presentation with Chris Poulin, you'll gain the insight you need to stay ahead of the threats and to be prepared to respond before, during and after an attempted breach. Chris Poulin is Industry Security Systems Strategist and former CISO for Q1 Labs.
CONTENT:
• What is Security Intelligence?
• Why do we need Security Intelligence?
• What are the benefits of Security Intelligence in the enterprise?
Are existing compliance requirements sufficient to prevent data breaches? This session will provide a technical assessment of the 2019 Capital One data breach, illustrating the technical modus operandi of the attack and identify related compliance requirements based on the NIST Cybersecurity Framework. Attendees will learn the unexpected impact of corporate culture on overall cyber security posture.
This talk was presented at RSA Conference 2021 (Session RMG-T15) on May 18, 2021.
Original paper available for download at SSRN: Novaes Neto, Nelson and Madnick, Stuart E. and Moraes G. de Paula, Anchises and Malara Borges, Natasha, A Case Study of the Capital One Data Breach (28/04/2020). https://ssrn.com/abstract=3570138
Most of the money thrown at securing information systems misses the weak spots. Huge amounts are spent securing infrastructure while web applications are left exposed. It is a crisis that is largely ignored.
Software development teams, under pressure to deliver features and meet deadlines, often respond to concerns about the security of their web applications by commissioning a last-minute security assessment and then desperately attempt to address only the most glaring findings. They may even simply throw up a web application firewall to mitigate the threats. Such bolted-on solutions are not long-term answers to web application security.
Instead, we advocate a built-in approach. We will show that by weaving security into the software development life cycle, and using mature resources for security coding standards, toolkits and frameworks such as those from OWASP, development teams can consistently produce secure systems without dramatically increasing the development effort or cost.
This slide deck was most recently presented at a SPIN meeting in Cape Town In September 2012 by Paul and Theo from ThinkSmart (www.thinksmart.co.za).
For more information, contact Paul at ThinkSmart (dot see oh dot zed ay).
Jump Start Your Application Security KnowledgeDenim Group
How to Jump-Start Your Application Security Knowledge
For the Network Security Guy Who Knows Nothing about Web Applications
Most security officers are not software developers, and rarely do they have control over the security associated with internally developed software systems. However, CSO's are still frequently held accountable when externally-facing software is compromised and a breach occurs. Unless security professionals radically upgrade their knowledge of software and software development techniques, they will continue to inadequately manage the risk that custom software systems represents to the enterprise.
Presented by John Dickson of Denim Group and Jeremiah Grossman of WhiteHat Security, this webinar will help non-development security managers understand the salient aspects of the software development process and to upgrade their IQ on software. It will help them to identify risks with different assessment approaches, how to inject themselves into the development process at key "waypoints," and to understand ways to influence development peers to write more secure code.
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.
Big fix and Qradar will tighten endpoint security and avoid hackers threats offering the clients an integrated threat protection, enabling automated offense identification and continuous security configuration enforcement.
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
As cyber attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. Event monitoring and correlation technologies and security operations are often tied to incident handling responsibilities, but the number of attack variations is staggering, and many organizations are struggling to develop incident detection and response processes that work for different situations.
In this webcast, we'll outline the most common types of events and indicators of compromise (IOCs) that naturally feed intelligent correlation rules, and walk through a number of different incident types based on these. We'll also outline the differences in response strategies that make the most sense depending on what types of incidents may be occurring. By building a smarter incident response playbook, you'll be better equipped to detect and respond more effectively in a number of scenarios.
Breached! App Attacks, Application Protection and Incident ResponseResilient Systems
Software applications, like outward facing Web applications, are consistently ranked as one of the top threat vectors. For example, according to a recent report from Trustwave, SQL injection was the attack method for 26% of all reported breaches. Indeed despite being a decade-old, well understood vulnerability, SQL injection flaws remain present in 32% of applications.
This webinar will first explain software application vulnerabilities and define their various types. It will also present recent research findings about the prevalence of these vulnerabilities and their impact. From there it will discuss what organizations can do to harden their applications. Finally, the webinar will cover best practices for responding to a successful application attack.
Our featured speaker for this timely webinar is Chris Wysopal, Co-Founder, CTO & Chief Information Security Officer at Veracode.
Firewalls and border routers are still the cornerstone for perimeter security
Always will be a place for VPNs
Attacks occur at the application layer
So ensure app security
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowIBM Security
In this presentation with Chris Poulin, you'll gain the insight you need to stay ahead of the threats and to be prepared to respond before, during and after an attempted breach. Chris Poulin is Industry Security Systems Strategist and former CISO for Q1 Labs.
CONTENT:
• What is Security Intelligence?
• Why do we need Security Intelligence?
• What are the benefits of Security Intelligence in the enterprise?
Are existing compliance requirements sufficient to prevent data breaches? This session will provide a technical assessment of the 2019 Capital One data breach, illustrating the technical modus operandi of the attack and identify related compliance requirements based on the NIST Cybersecurity Framework. Attendees will learn the unexpected impact of corporate culture on overall cyber security posture.
This talk was presented at RSA Conference 2021 (Session RMG-T15) on May 18, 2021.
Original paper available for download at SSRN: Novaes Neto, Nelson and Madnick, Stuart E. and Moraes G. de Paula, Anchises and Malara Borges, Natasha, A Case Study of the Capital One Data Breach (28/04/2020). https://ssrn.com/abstract=3570138
Most of the money thrown at securing information systems misses the weak spots. Huge amounts are spent securing infrastructure while web applications are left exposed. It is a crisis that is largely ignored.
Software development teams, under pressure to deliver features and meet deadlines, often respond to concerns about the security of their web applications by commissioning a last-minute security assessment and then desperately attempt to address only the most glaring findings. They may even simply throw up a web application firewall to mitigate the threats. Such bolted-on solutions are not long-term answers to web application security.
Instead, we advocate a built-in approach. We will show that by weaving security into the software development life cycle, and using mature resources for security coding standards, toolkits and frameworks such as those from OWASP, development teams can consistently produce secure systems without dramatically increasing the development effort or cost.
This slide deck was most recently presented at a SPIN meeting in Cape Town In September 2012 by Paul and Theo from ThinkSmart (www.thinksmart.co.za).
For more information, contact Paul at ThinkSmart (dot see oh dot zed ay).
Jump Start Your Application Security KnowledgeDenim Group
How to Jump-Start Your Application Security Knowledge
For the Network Security Guy Who Knows Nothing about Web Applications
Most security officers are not software developers, and rarely do they have control over the security associated with internally developed software systems. However, CSO's are still frequently held accountable when externally-facing software is compromised and a breach occurs. Unless security professionals radically upgrade their knowledge of software and software development techniques, they will continue to inadequately manage the risk that custom software systems represents to the enterprise.
Presented by John Dickson of Denim Group and Jeremiah Grossman of WhiteHat Security, this webinar will help non-development security managers understand the salient aspects of the software development process and to upgrade their IQ on software. It will help them to identify risks with different assessment approaches, how to inject themselves into the development process at key "waypoints," and to understand ways to influence development peers to write more secure code.
Using Threat Intelligence to Address Your Growing Digital RiskSurfWatch Labs
Cyber threat intelligence can be used to help organizations to better manage their growing digital risk footprints and drive more effective risk decisions.
How US Cybersecurity Executive Order Impacts IBM i Customers Precisely
Increasing threats from ransomware and geo-political threats of cyber warfare mean these are challenging times for those responsible for IT security. Earlier this year, US President Joe Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act. In addition, the White House recommended companies execute multiple strategies to protect critical services and systems in a statement titled “Act Now to Protect Against Potential Cyberattacks." Many of these recommendations are particularly relevant to the IBM i community. There are specific recommendations in security tools, response strategies, and preventive measures all IBM i companies should be implementing.
Watch this on-demand webinar to learn about:
• Specific recommendations from the US government
• Applying these recommendations to your IBM i environment
• How Precisely can help
Evolving technologies and business models have led to advanced network security threats that never existed a few years back. Moreover, enterprises are also relying on outdated security solutions to shut out such threats and this is leading to bigger and frequent data breaches. So if your company recognizes the need for a reliable IT security solution, then you should join our webinar to learn the following:
- An overview of the prevalent enterprise security threats
- The evolving security landscape and the obsolete security mechanisms
- What Seqrite does to ensure enterprise security and network compliance
Cyber Security presentation for the GS-GMIS in Columbia, SC on 7-19-2018, 125 people present, discussion at an Executive level to help Project Managers better understand Cyber Security and recent updates and guidance to help you plan for your company
In moving towards cloud services, security concerns are often cited as reasons to delay or even abandon the transition. This presentation highlights some basic steps to take to analyse and assess what risk might exist and how to mitigate this. In short, the security concerns regarding cloud deployments will exist in your privately managed data centre environments as well. Outsourcing your service to a Cloud provider does not mean you pass on your liability to your own customers nor responsibility of managing your systems and services.
Want to know how to secure your web apps from cyber-attacks? Looking to know the Best Web Application Security Best Practices? Check this article, we delve into six essential web application security best practices that are important for safeguarding your web applications and preserving the sanctity of your valuable data.
David Cass discusses the role of security and how best practices can be used to accelerate cloud adoption and success.
Learn more by visiting our Bluemix Hybrid page: http://ibm.co/1PKN23h
Speaker: David Cass (Vice President, Cloud and SaaS CISO)
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersDenim Group
Far too often application security decisions are made in an ad hoc manner and based on little or no data. This leads to an inefficient allocation of scarce resources. To move beyond fear, uncertainty and doubt, organizations must adopt an approach to application risk management based on a structured process and quantitative data. This presentation outlines such an approach for organizations to enumerate all the applications in their portfolio. It then goes through background information to collect for each application to support further decision-making. In addition, the presentation lays out an application risk-ranking framework allowing security analysts to quantitatively categorize their application assets and then plan for assessment activities based on available budgets. This provides the knowledge and tools required for them to use the approach on the applications they are responsible for in their organization. Please email dan _at_ denimgroup dot com for a template spreadsheet and a how-to guide.
Because many organizations don't perform security unless they have to, more than 80% of all web applications are being exposed to vulnerabilities. In comes regulation. There are a number of different industries other than financial and healthcare that deal with PII and PHI but are either not regulated at all or are regulated very loosely. This presentation will discuss the various regulations (PCI, SOX, HIPAA, etc.) and what each does to address web application security, if any, as well as the shortcomings of each. Finally, it will further address industries that need to be more strictly regulated in order to better protect personal information.
Andrew Weidenhamer, Senior Security Consultant, SecureState
Andrew Weidenhamer, Senior Security Consultant, joined SecureState in January 2008. As a former member of the Profiling Team, Andrew performed technical security assessments on a weekly basis. These assessments included Internal and External Attack and Penetration Assessments, Wireless Penetration Assessments, Web Application Security Reviews, Physical Penetration Tests, and Social Engineering Assessments.
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers:
• The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS.
• Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections)
• Best practices for how to protect your environment from the latest threats
The Avid Life Media hack is a striking example of everything that can go wrong when a company is completely breached followed by a total disclosure of the stolen information. This attack resulted in an estimated $200 million in costs, firing of the CEO, and countless lives ruined. This presentation will review the data exposed and what can be learned to prevent this from happening to your organization.
This presentation discusses the massive increases in cyber threats and the best ways to keep your data safe. Through this presentation, you will learn the best practices for implementing and testing a data security program.
In this webcast, education associations will learn how the iMIS 20 Engagement Management System (EMS)™ streamlines processes (including dues renewals and professional development), improves operational efficiency, simplifies event management and registrations, automates member communications, and boosts retention/recruiting. Join us to see why so many of your peers have chosen iMIS.
In this webcast, you’ll learn how you can use the iMIS Online Communities module to demonstrate even greater value to your constituents and ensure their retention. We’ll show you how to create a vibrant social experience where members/donors can connect, collaborate, and communicate in a secure setting. You’ll see ways you can easily guide/monitor discussion forums, offer a members-only knowledge base, wiki and other resources, and measure the impact of your engagement efforts.
CxO London MemberWise ‘Harnessing the Web’ Survey ResultsiMIS
Richard Gott, Interim Director of Membership Services, Royal College of Psychiatrists and Heather Forrester, Managing Director, Research by Design Ltd., present results from the MemberWise ‘Harnessing the Web’ survey.
Niroo Rad, Managing Director of ASI Europe, delivers opening remarks at CxO London. CxO is a Performance Improvement Summit with tips, trends, and case studies on how successful associations and not-for-profit executives are leveraging member/donor engagement measurement strategies to boost retention, revenue, and performance.
Staying Relevant to Members and Donors in a Constantly Changing WorldiMIS
Several major shifts have changed the landscape for associations and non-profits including economic conditions, demographics, time poverty and technology. Explore how associations and non-profits are fighting for relevance and how to create a game plan to ensure you are essential to your members, donors, and other constituents as well as the community you serve.
Closing session for CxO. CxO is a Performance Improvement Summit for not-for-profit executives with tips, trends, and case studies on how successful associations and not-for-profits are leveraging member/donor engagement measurement strategies to boost retention, revenue, and performance.
Opening Session presentation for CxO. CxO is a Performance Improvement Summit for not-for-profit executives with tips, trends, and case studies on how successful associations and not-for-profits are leveraging member/donor engagement measurement strategies to boost retention, revenue, and performance.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
2. Agenda
• Welcome and Introductions
– David Riffle, Sr. Director, ASI
• Information Security Threats and Strategies
– Mark Breland, Sr. Product Engineering Exec., ASI
• What You Need to Know about PCI
Compliance
– David Johnson, Systems Engineer, Trustwave
3. Agenda
• Why the Era of CRM is Over
– Brent Sitton, Product Marketing Manager, ASI
– Bruce Ryan, CIO, Florida Bankers Association
– Artesha Moore, CIO, Association for Professionals
in Infection Control and Epidemiology
• Closing Remarks
16. Security Breaches Today
• By the numbers…in the US 2005 to April 2014
– Recorded breaches = 4,455
– Records exposed = 626,327,451
– Cost per record = $188
– Total cost = $117.8B
• Breach attack patterns
– 52% of stolen data due to “hacktivism”
– 40% of breaches incorporated malware
– Malicious or criminal attacks that exploit negligence
or system glitches
17. Security Breaches Today
• Primary data breach targets…
– Financial
– Retail
– Government
• 43% of all companies experienced a data breach in the
last year
– Of these, 27% had no response plan in place
– 80% had root cause in employee negligence
• Membership organizations emerging
– Controversial missions/philosophies
– Play to self-anointed judgment of “hacktivists”
– Least likely to have protections in place
18. Security Breaches Today
• Cyber risk and liability
– Target® breach of 2013…40M compromised records,
potential company liability of $90/exposed record =
$3.6B
– Target® directors and officers also facing derivative suits
– Home Depot® breach of 2014…56M compromised PCI
records, liability to exceed $3B
– JPMorgan Chase breach of 2014…83M compromised PII
accounts
– Anthem breach of 2015…80M compromised PHI records
– Data loss not typically covered under corporate
insurance policies…cyber liability insurance required to
cover corporate costs of a breach
19. Security Breaches Today
• Cyber risk and liability
– Brand value drops 17-31% after a breach
– Data loss not typically covered under corporate
insurance policies…cyber liability insurance required
to cover corporate costs of a breach
– Software vendors mostly protected by liability limits
clauses in their EULAs
– Custom developed software and software
implementation is another story…
– Any technology company associated with a breach is
open to litigation
20. Security Breaches Today
• Why NPOs should be concerned
– Larger budgets/revenues are attractive
– Mission statements draw hostile attention
– Greater need for online service provision
– Growing IT complexity to maintain operating
efficiency and maximize member benefits
– Increasing reliance on 3rd party cloud/hosting
service providers
21. Security Breaches Today
• One breach, 6 investigations…
– Internal investigation
– Shareholders vs. Directors and Officers
– Card brand vs. Company
– Federal Government vs. Company
– State Government vs. Company
– Law Enforcement vs. Attacker
22. Security Breaches Today
• Weak credentials
– Default credential provisioning
– Susceptible to brute force attacks
• System misconfiguration
– Accidental exposure of administrative consoles
– Stood up systems outside of policy
– Firewall errors/complexity
• Service/Software vulnerability
– Heartbleed, Shellshock
– Third party software
• Web application vulnerability
– Most commonly exploited
– Custom code developed without security
• Social engineering
– Phishing, link clicking
23. Security Breaches Today
Web security today is both a proactive and
reactive process…one must be fully prepared in
both aspects to survive in the current threat
environment.
24. Attack Vector Mitigation - Business
• Identify and understand your business risks as
regards likely channels of attack
• Educate Board and senior management on
responsibilities and effectively managing cyber
security risk
• Proactively secure data, systems, policies, and
procedures in advance…plan, Plan, PLAN
• Gather and share cyber attack intelligence
internally and among industry peers
25. Attack Vector Mitigation - Business
• Train staff and elevate cyber security awareness
• Engage outside help when needed
• Ensure compliance with all regulatory and
certification security requirements
• Respond clearly and deliberately to any critical
incident…focus on maintaining stakeholder
confidence
• Benchmark your cyber security program in
relation to your peers
27. Secure Web Implementation
• Protect each site with a valid SSL certificate
and HTTPS protocol
• Isolate web servers in the DMZ zone
• Protect services in the Trusted zone
• Disallow non-VPN or non-direct RDP access to
any server
28. Secure Web Implementation
• GreenSQL - a unified, ready-to-use database
security solution for all organizations. Easy to
install, use and maintain
– Hides and secures databases
– Monitors all incoming and outgoing SQL queries
– Alerts and blocks signature-based query attacks
– Maintains database security policy in real-time
– Protects against known and unknown database
exploits
29. Secure Web Implementation
– GreenSQL is located between the iMIS application and the
database, inspecting all access, including queries and
database responses. This ensures complete coverage for
securing, monitoring and masking of sensitive information
stored in databases.
30. Trusted
Secure Web Implementation
• Recommended GreenSQL deployment
Database
Server
Green SQL
iMIS
Application
Server
Internal iMIS
Clients
DMZ
Web
Servers
Public (web
browsers)
Registrants
(web
browsers)
Firewall
Firewall
31. Penetration Testing
• Process to identify security vulnerabilities in a
web application or site by evaluating the system
or network with various malicious techniques
• Various end targets…
– Full web site (Amazon, Google, iMIS customer)
– Web application product (iMIS 20 out-of-the-box)
• Various forms…
– Social engineering
– Application security
– Physical penetration
32. Penetration Testing
• Automated testing tools
– Pros – covers a lot of ground very fast, cost efficient,
consistent and repeatable, best suited for rapidly
evolving web applications
– Cons – can frequently flag false positives, only as good
as the latest signature database of known exploits
• Adaptive (manual) testing techniques
– Pros – follows the black hat mindset, uncovers
application-specific combinatorial vulnerabilities,
leverages non-related tools, much more rigorous
– Cons – labor-intensive, not easily repeatable, money
sink
33. Penetration Testing
• ASI committed to conducting self penetration testing
– iMIS 20-100/200 and 20-300 platforms
– Integral to pre-EA/GA regression testing
– Employ Netsparker tool as a start, will likely expand to
others
• ASI engaged independent penetration testing services
in 2014
– Currently GA iMIS 20-100 and 20-300 platforms
– Adaptive pen testing techniques and methodology
– No critical vulnerabilities found
– Secure coding practices strongly recommended
34. ASI Corporate Security Initiative
• Formed mid-2013 to address the issue of iMIS
running as a secure web application for the
benefit of our customers
• Focused on three areas to mitigate our risk
exposure with the use of the iMIS product
– Web application product development
– Site implementation
– Cloud services
• Phase 1 complete, Phase 2 emphasis on
establishing a corporate ASI Security Assurance
Plan with associated policies/procedures
37. Summary
• What is PCI?
• What has changed in PCI-DSS v3?
• Scope Adjustment + Segment and Pentesting
• Hosted Payment Pages Clarification
• Sampling
• POS Security
• Tips & Tricks
• What’s Next?
38. Who We Are
WHO WE ARE
Company facts and figures
SERVING
GLOBAL
GROWING
INNOVATING
over 3 MILLION subscribers
with over 1,100
EMPLOYEES
employees in 26 countries
over 56 patents granted / pending
VULNERABILITY
MANAGEMENT
Global Threat Database
feeding Big Data back-end
THREAT
MANAGEMENT
Integrated portfolio of
technologies delivering
comprehensive protection
COMPLIANCE
MANAGEMENT
Leading provider of cloud
delivered IT-GRC services
39. WHAT IS THE PCI DSS?
• The Payment Card Industry Data Security Standard (PCI DSS) is a set of 12
requirements designed to protect cardholder data
• Cardholder data is any personally identifiable data associated with a
cardholder, including:
– Primary Account Number
– Expiry Date
– Name
• All merchants accepting debit/credit cards must comply with the PCI
DSS at all times
41. PCI DSS v3 Changes
Definitions of Change
Change Type Definition Number of Changes
Clarification Clarifies intent of requirement. Ensures that
concise wording in the standard portrays
the desired intent of requirements.
74 changes
Additional
guidance
Explanation, definition and/or instruction
to increase understanding or provide
further information or guidance on a
particular topic.
5 changes
Evolving
Requirement
Changes to ensure that the standards are
up to date with emerging threats and
changes in the market.
19 changes
42. PCI DSS Version 3.0
• Specifically, scoping has been clarified to indicate that system components include, “Any component or
device located within or connected to the [cardholder data environment].”
• The new language also states that the “PCI DSS security requirements apply to all system components
included in or connected to the cardholder data environment
• Additionally, a new requirement has been added requiring that if segmentation is used, “penetration
testing procedures are designed to test all segmentation methods to confirm they are operational and
effective, and isolate all out-of-scope systems from in-scope systems.”
• As further clarity, the standard states that, “To be considered out of scope for PCI DSS, a system
component must be properly isolated (segmented) from the CDE such that even if the out-of-scope
system component was compromised it could not impact the security of the CDE.”
• The additional focus on connected systems likely expands (potentially greatly) the number of systems
considered in-scope for many organizations. For example, in most networks using Windows Activity
Directory security, a compromise of systems outside the CDE could impact the CDE and then could be
considered in-scope for the PCI assessment.
Most Notable Changes (1/4)
A Higher Bar to Achieve “Segmentation”
43. PCI DSS Version 3.0
• PCI DSS 3.0 offers a new definition of system components: “System components include
systems that may impact the security of the CDE (for example web redirection servers).”
• Up until now, web servers had been considered out-of-scope if they used iFrames, hosted
payment pages or other redirection technologies to prevent cardholder data from touching
the merchant’s systems.
• Under the new standard, all of these servers fall in-scope and, due to the new segmentation
requirement, likely bring the rest of a company’s network into scope as well.
• The only “out” for companies that lack the ability to ensure the security of web servers
internally remains fully outsourcing the web infrastructure.
Most Notable Changes (2/4)
Hosted Payment Pages Are No Longer A “silver bullet”
44. PCI DSS Version 3.0
Most Notable Changes (3/4)
Larger Samples Are Required
• The new standard requires larger samples. Specifically, “Samples of system components must
include every type and combination that is in use. For example, where applications are
sampled, the sample must include all versions and platforms for each type of application.”
• For merchants undergoing a third party assessment or Level 1 merchants that self assess, the
level of effort in the validation process is likely to increase.
45. PCI DSS Version 3.0
• In response to recent attacks in which POS devices have been physically
modified to capture card holder data, there is a new set of control
requirements around physical security for POS devices.
• First, merchants must maintain an inventory of POS devices, which must
be identified in detail, including the location and serial number of each
device.
• Additionally, POS devices must be inspected periodically for tampering,
and employees at POS locations must be trained in how to detect and
prevent device tampering
Most Notable Changes (4/4)
Greater Security Around POS Physical Controls
46. PCI DSS Version 3.0
• Annual Pentesting
– Internal & External Network (qualified internal/external resource)
• Segmentation must be verified
– Applications (qualified internal/external resource)
• Vulnerability Scanning
– Internal (ASV or Self)
– External (ASV only)
• Default Passwords – must be changed
• Security Education – pretty much everyone
– Role appropriate.
Additional Major Changes or Key Areas
47. Tips & Tricks
1. Read the PCI-DSS v3.
2. Leverage your entire employee base.
3. Read InfoSec News.
4. Keep the conversation going.
5. Be able to show proof.
6. Stay on top of documentation.
7. Standardize and remove risk.
8. Know your compliance anniversary date.
9. Start your assessment early.
10.Establish your current Merchant Level.
48. What’s Next?
Things to pay attention to in the near future
• InfoSec companies expect an increase in CHD theft ahead of EMV 2015
integration deadline in the USA.
• Employee and Business process security
• P2PE – it’s new and still in the works
49.
50. Thank You
• Eric Wassenaar, NFP Account Executive
• ewassenaar@trustwave.com
• (312) 470-8743
51. Why the Era of
CRM is Over
Brent Sitton
Product Marketing Manager
59. Engagement Management
• Integrate Web and Data Quickly
• Flexibility to adapt to deliver new services
• Complete 360° view of your constituents in
ONE system
• Interact with constituents on Any Device
• Measure member interaction
60. Pilot Project in iMIS
• Community Service Groups
– Notify targeted group
– Collect information
– Match them to volunteer event
– See the measurable results
64. Learning with an EMS
• Integrate Web and Data Quickly
• Flexibility to adapt to deliver new services
• Complete 360° view of your constituent in
ONE system
• Interact with constituents on Any Device
• Measure interaction
65. Learning Organization
iMIS RiSE enables your organization to LEARN
from customers’ actions and behavior,
understanding what they VALUE
Ushering in the END
of the CRM era
66. Associations for
Professionals in Infection
Control and Epidemiology
Artesha Moore, CAE
Vice President, Membership,
Education, and Technology
67. About APIC
Mission: Create a safer world through
the prevention of infection.
• Over 15,000 members from variety
of practice settings within
healthcare
• 120 domestic and international
chapters
• 11 special interest groups (similar
to Technical Councils)
• Over 50% growth in past few years
• Diverse membership with varying
needs
68. Challenge
In 2005, APIC wanted to grow, yet, systems were
not in place
• AMS out of date, inaccurate
• No true web integration
• Culture not supportive
Membership growth is not
possible without engagement
69. Growth Leads to Challenges
• Variable practice
settings with varying
needs
• High % retiring in 5
years
• Decreased time and
increased demands
impact member
participation
• Ever-changing
regulations and need
for new guidelines
70. Member Engagement Means...
• Ease of access to
features
• Integration of all
technologies with
AMS
• Enhancing customer
experience
71. Engagement Strategy
• Strengthen our AMS to enable greater connectivity to
online resources
• Get an accurate picture of our members using metrics
and data
• Increase capacity by automating routine tasks
• Work with vendors to integrate 3rd party add-ons to
expand program offerings
Change internal culture to embrace
both IT and member services
72. Engagement Strategy
Using data to make
decisions:
• Identifying key
members groups
• Tracking member
activity and
performance
• Identifying new
leaders
• Integrating with new
platforms
73. Engagement Strategy
• Open lines of
communication
between frontline
staff, IT and leaders
• Provide training to
empower staff to act
• Promote innovation at
all levels
• Connect personal goals
with organizational
goals
• Be open to new ideas
74. Embracing Technology...
• Plan must support
your strategic plan
• Strong infrastructure
is essential
• Knowledgeable staff
to help educate
members
• Develop partnership
with vendors
75. Enhancements Lead to New Possibilities
As APIC's database
and web resources
evolved, staff
focused on more
ways to get and keep
members engaged.
77. Results: New Leaders
• Using customized
tables to create a
database within
existing structure
• Using scoring in social
media to identify new
leaders
• Using web analytics to
understand member
content needs
79. "The single most important thing to
remember about any enterprise is
that there are no results inside its
walls. The result of a business is a
satisfied customer."
Zig Ziglar, Sales and motivational speaker and writer
82. Florida Bankers Association
Founded in 1888 in support of Florida’s FDIC insured banks
and financial institutions.
– 22 Staff Members
– Advocacy
– Education
– Membership
– Associate Membership
• Vendors
– Endorsed Partner Program
• Products
– Other Services
• Career Center, Fraudnet, Capwiz and more…
84. Our Goal with iMIS 20
• 100% Retention of
Members
• Staff Productivity
• More Efficient
Member and Client
Experience
85. Solution: iMIS 20
• CRM & CMS in one
system
• Events, product sales,
accounting, etc.
in one system
• Offline/Online
transactions in one
system
• Total web integration
86. Results iMIS 20
• Time Savings: Supporting
one application instead of
5+
• Cost Savings: Paying for
one application instead of
5+!
• Reporting: Happy staff!
• Ease of Use: One
application vs. 5+ (Happy
staff!!)
• Member Engagement!
90. Lessons Learned
• Massive change in communication is an
opportunity to grow and thrive
– Social networking - You Tube
– Mobility - Personalization
– Communities of Interests - Data Capture
• C Level Executives must lead this transition
Can everyone take their seats? We’re going to go ahead and get started.
Good morning! I’m David Riffle, welcome to our first CiO Summit on Data Security in a Mobile World.
I’m very excited to be here with you today and I want to personally thank you for taking time out of your schedules to be here with us, and in return, we’re going to deliver a series of presentations that, hopefully, you will not only learn from, but be inspired with great ideas on how to better protect your association’s most valued asset – your data! With more and more technology moving to the cloud, data becomes more vulnerable.
And we’re going to talk about not only how do modern systems protect that data, but all the other things you need to do beyond worrying about the technology you’re using. You’ll also get to hear, at high level, some of the great things an engagement management system like iMIS can provide to your association, while at the same time, mitigating the worry around a security breach.
So let me provide you with a quick overview of the day.
Timings for David’s use:
9.30am Welcome and Introduction
9.40am Information Security Threats and Strategies
10:00am What You Need to Know about PCI Compliance
10:20am Why the Era of CRM is Over
11:20am Closing Remarks
Timings for David’s use:
9.30am Welcome and Introduction
9.40am Information Security Threats and Strategies
10:00am What You Need to Know about PCI Compliance
10:20am Why the Era of CRM is Over
11:20am Closing Remarks
It’s really about the cloud and the move to mobile devices that’s making data more vulnerable. How do we protect against that? And at the same time, deliver on the two biggest challenges associations face….improving engagement and providing continuous performance improvement? It’s a very daunting task that none of us (who are old enough!) faced 20 years ago.
As I said, massive changes have occurred in the way associations communicate with members. NBC news posted these pictures on Instagram, and it illustrates how fast that change is occurring. The first is the crowd that gathered to greet Pope Benedict in 2005, jump ahead, just 8 years, and look at the crowd that welcomed Pope Francis in 2013. Almost everyone has a mobile device. Look how fast we get data today, it’s almost instantaneous.
Tell my story about going to lunch and forgetting my phone.
That’s a lot of change for just 8 years! Today we are going to explore how you protect your data in today’s world.
Not only have we brought together expert presenters on data security, but you will also hear from your peers on how they are doing this.
The authors of the book “Race for Relevance – 5 Radical Changes for Associations,” wrote that “not for profits must redefine their approach to technology. Technology must become an integral component of the organizations function and performance, and security is one major aspect of that.”
As leaders in technology, your role has to grow to make this happen, the message must be spread beyond the IT, Membership and Development. You have to consider not only your organization, but everyone that’s going to touch your data! Members, non-members, sponsors, legislative contacts, and so on and so on. Leadership throughout the organization needs to be engaged.
Security is a major focus for ASI because it is fast becoming a priority for our 1800 clients worldwide, spanning 25 countries and 6 continents.
As iMIS has evolved, it has become a web application, which is the most vulnerable location for data to be compromised. Whenever, there is a data breach, it doesn't have to be ASIs cloud, it could be a client's cloud, and if they can point back to our product as the breach, it could be huge - membership could sue us, regulators, like FTC, government, organization, state attorney general. The mitigating factor is the degree of preparedness that we already have, not if, but when a data breach occurs. You’re going to hear a lot about that risk mitigation today.
We all live in a world that has accepted, as a way of life, the maintenance and integration of multiple systems and suppliers that create highly disparate and expensive to maintain solutions, which leads to higher data risk. One of the industry consultants we work actively monitors 52 AMS products for his clients. 52! How do you provide data security and policies in an environment like that?
Data security is one of the reasons why we feel the era of CRM if over. It’s outdated, it was built to support a staff centric approach, without consideration for this massive move to a mobile environment. Our technology, iMIS, is one system, not 5 or 6. My challenge to you, after you leave today, go back and honestly assess, is can we survive a security breach, let alone deliver on improved engagement and continuous performance improvement!
You’re going to hear from industry leaders that are practicing everything I discussed this morning, and we’re going to provide you with some tools that can greatly help you ensure that you’re protected and prepared. And whether you’re staying with your existing platform, or looking for a new one, you don’t invest in a technology platform that will never be able to meet your data security need, in addition to the strategic needs of your organization.
With that, I’m going to ask Mark Breland to take over, and step you through Information Security Threats and Strategies.
Everyday more than 3 million business trust Trustwave to provide security and compliance services for their everyday need.
We were founded in 1995 and are celebrating our 20th anniversary this year.
We are global with employees in nearly 26 countries and actively selling services throughout every major region – including North America, EMEA, Latin and Central America, and the Asia Pacific region. This global footprint is a proofpoint that we are trusted globally and can service customers 24x7 to “Follow the Threat” so you don’t have to.
Finally, we have a unique portfolio of over 56 patents (and counting) that cut across three major areas of customer concern – threat, vulnerability and compliance management. The fact that we own and work with our own technology allows us to control the roadmap to providing integrated and cost-effective security in a manner that other MSSPs (managed security service providers) cannot, because they rely on third-party vendor that typically sell their technologies in a “Do-it-Yourself” manner.
E2EE vs P2PE
E2EE isn’t an official standard.
P2PE – official standard, regulated and test by the PCI-SSC. Short list.
Now I’d like to shift our focus to the benefits that an Engagement Management System can deliver to your organization and your constituents.
Just as the security requirements are heightened in today’s mobile environment, we believe the demand for new and better services and programs are higher today than ever before.
Today’s constituents demand more. They expect new online services and programs that are personalized to their needs and we believe that only an engagement management system enables you to deliver personalization over multiple devices.
The traditional Donor & Association Management Software (AMS) & CRM Software just aren’t built for that. They were initially designed for the staff who needed to perform administrative tasks such as processing dues payments, donations, and event registrations. These systems were also designed for on premise use instead of the hosted model or the cloud!
(CLICK) Later clients found they needed additional capability and this was added on. First there was a need for a member or donor portal.
(CLICK) Then there was a need to add on new social communities capability.
(CLICK) Next there were financial transaction processed thru other applications.
(CLICK) Later as the industry evolved web sites with their own databases had to be connected with the CRM database.
All of these systems were designed to track constituents and their demographics.
(CLICK) We believe this is a Half-Cycle Approach to Association and Donor Management Software and we believe it will hinder your personal and organizational goal attainment!
The iMIS 20 Engagement Management System, on the other hand, is ONE system that is FLEXIBLE and one that allows you to QUICKLY implement new programs and services, EASILY interact with constituents, provides them ONLINE access from ANY DEVICE, and MEASURES their interaction.
Today, we’re going to highlight how easy it is to implement new programs and services using the RiSE system where you can manage everything in one place.
In the past, when it comes to using your information system to implement new programs and services you really had 2 choices. This not only applies to the system infrastructure to support new programs and services but also to deciding which ONES to implement. There are no shortage of ideas, right?
(CLICK) The first method is to dip your toe in the water by surveying members, asking them what services they want and how much they are willing to pay for them.
(CLICK) Unfortunately, respondents have a VERY hard time articulating their thoughts and envisioning what a solution might look like. Surveys and Focus groups work well for feedback, but not for NEW services.
It’s also not reliable because respondents aren’t being asked to actually vote with their actions – it’s all qualitative research.
So that leaves you with the option to jump into the water based on your assumptions that the water is deep and that there’s nothing unpleasant in the water!
We believe that BOTH these methods are outdated and can predominately lead to failure.
Why do we say this…
History tells us.
The Standish group found in their 1994 CHAOS survey that only 16% of all software projects failed. They were either cancelled outright or were significantly over budget or delayed.
We are improving as an industry, however when you start a software project, there is less than half chance that you will be successful. The stakes are high and we need to be right.
Let’s take a look at two similar examples of companies that proves this point.
Jumping in lead to disastrous results for the organization as in the case of Pets.com who filled a warehouse, built a large ecommerce system, and advertised in the super bowl only to discover that their assumptions were completely wrong.
Zappos is a great example of this new method of ‘Learning’ the right programs and services to provide to customers.
The founder believed that people were ready to purchase shoes online. But rather than filling a large warehouse at first, he worked with a few shoe stores.
Zappos put that store’s inventory online.
They tested his operation with the small number of users early.
In the process, Zappos discovered something they didn’t know – that customer service and the ability to return products with no questions asked was the primary element to customer satisfaction.
That’s the VALUE of being a Learning Organization – you WILL discover things as you implement the new service.
THEN Zappos built the business model and the business.
The end result is that Amazon purchased Zappos for $1.2 BILLION in 2009.
In order to facility the learning model, however, you MUST have an engagement management system.
(CLICK) You must be able to use information in your database to drive action on the web and vice-versa.
(CLICK) You must have an adaptable system without costly customization.
(CLICK) Sometimes things can be very simple – if you don’t have ALL the information about your customers in ONE system, it makes it very difficult to understand your customer.
(CLICK) Today, your services MUST take mobile devices into account
(CLICK) Finally, you have to be able to measure your customer’s actions and behaviors.
So, today, let’s see how iMIS allows us to quickly implement a new service and learn from it. In this case, I’m going to use research from our partners at Marketing General. They tell us that the best method of ensuring customer retention in the first year is to ask the new customer to do something for the organization.
We’re going to test that hypothesis. We’re going to organize groups of volunteers to participate in local community service projects to make them feel a part of the organization. This is a win for everybody. The organization gets committed constituents, they get to network with others in the organization and give back to the community at the same time.
We’re going to start small though, maybe focus on a specific location.
To do this, we need to select and target a small group of constituents and notify them of the event.
We’ll create the structure to collect their volunteer interests and availability.
We’ll match them with events according to their interests and availability.
And finally, we’ll measure the results through real time charting and dashboards.
Now we don’t have to wait a year to see if our program is working. We’ll use two measures to indicate success or failure. We’ll measure whether the constituent volunteers for another event and whether they encourage others to participate.
As you can see, we used the iMIS RiSE engagement management system to quickly create a new program, allowed our constituents to access the service from any device, and we measured their interaction.
In the process we validated with quantitative results that the service is valuable to constituents. We can now expand the program and achieve even greater results.
We also learned something we didn’t expect – that the majority of our constituents have an affinity with the environment. This is knowledge we can use in all of our programs and services. It also allows us to evolve by offering more volunteer events related to the environment.
This the TRUE VALUE of an Engagement Management System – it enables your organization to become a learning organization, one that can evolve according to the actions and behaviors of your members.
Remembering the sobering reports that 61% of all software projects fail, and that there are competing ideas and demands on IT to support new programs and services, we know that becoming a learning organization is critical to your success and it takes an engagement management system to help get you there.
Using data to make decisions
Who are we looking to serve?
How can we track perform using iMIS?
How can we identify new leaders
Ease of integration is essential
Engaging new generation of content leaders to drive new areas of business
Online learning
Communities of practice and new content generation
Tracking performance using data and dashboards
Intro
IT Guy
Been using iMIS 5 Years
This slide shows all the disparate applications we were running…prior to iMIS 20.
Basically staff would duplicate multiple tasks in multiple software applications to accomplish one goal.
Even though we had computers we were still doing things manually.
Staff had to enter the same data into multiple systems. Excel AND DMG AND Access…
Reports were manually done in order to bring together the information from multiple sources.
Registrations for events and educational programs were all manual.
As well as all product orders were manual.
Manual systems are tiring, inefficient and prone to error.
So even though we had the technology and the resources we had gotten to the point of Disparate Applications Diminished Returns.
We also knew we were not taking advantage of the internet, social media and eMailing.
There had to be a better way…
We are blessed with 100% retention of members…
Our primary goal was and is staff productivity – we were doing the same job manually in multiple applications.
And secondarily to create a more efficient member experience - event registration, product sales and community building for our members/clients.
And there is a better way !!
We needed to streamline our processes – put them in as few containers as possible – and get everyone in the same system and connect as many of them as possible.
We needed to combine our disparate databases, applications and web tools into one easy to use system.
iMIS 20 provided that solution for us.
We combined our schools DB and member DB into one, we brought all the reporting into iMIS.
We tied all of our accounting into the same database with easy integration into our accounting software.
And using iMIS 20 we were able to integrate our website management tools into the same iMIS system!.
And automate most of our processes, from event registrations to product purchases.
We are really starting to see the results.
Streamlined systems, better reporting from a single source, easy backups of everything, better security – it is easier to lock down one application then many.
We can respond to our member/client needs more efficiently.
Members can log into the website and see – in real time – their accounts – all tied to iMIS.
At first the online registrations were slow… the bankers change slowly lol… but over the past year we have seen an exponential increase in online registrations and the purchasing of products.
More and more members also log in and manage their own profiles.
I have been using the Company Admin feature that allows someone in a company the rights to go online and update individual’s address, phone, email, title and interest areas – that we use for contacts and mailings
As our members become accustomed to the online features, managing their own accounts, registering themselves and others in their companies, purchasing products easily from our store they are more aware of what we do provide for them over all.
Our magazine is online – and only available for members.
Found a sponsor for the website now that it has a real value.
100% paid for !
Time Savings: Supporting one application instead of 5+
Cost Savings: Paying for one application instead of 5+!
Reporting: Happy staff!
Ease of Use: One application vs. 5+ (Happy staff!!)
Member Engagement!
We are really starting to see the results.
Streamlined systems, better reporting from a single source, easy backups of everything, better security – it is easier to lock down one application then many.
We can respond to our member/client needs more efficiently.
Members can log into the website and see – in real time – their accounts – all tied to iMIS.
At first the online registrations were slow… the bankers change slowly lol… but over the past year we have seen an exponential increase in online registrations and the purchasing of products.
More and more members also log in and manage their own profiles.
I have been using the Company Admin feature that allows someone in a company the rights to go online and update individual’s address, phone, email, title and interest areas – that we use for contacts and mailings
As our members become accustomed to the online features, managing their own accounts, registering themselves and others in their companies, purchasing products easily from our store they are more aware of what we do provide for them over all.
Our magazine is online – and only available for members.
Found a sponsor for the website now that it has a real value.
100% paid for !
I hope you enjoyed the day as much as we did. We learned a great deal and were energized by your participation and comments. I would like to thank all the presenters for sharing their knowledge with us, and thank everyone else for attending and paying attention!
Nobody here needs to be convinced that massive change is upon us especially in the areas of information and communications and the impact it’s having on data security. Historically, this type of massive change has been a prescription for innovation and even re-invention of organizations. As with any major change leaders are needed; we know that you will return to your organizations later today and begin leading your organizations in this direction.
Harrison Coever and Mary Byers’ book, Race for Relevance 5 Radical Changes for Associations reminds us that it is imperative for Not-For-Profit Organizations “to Bridge the Technology Gap and Build a Framework for the Future.”
As leaders in the not-for-profit world we need to redefine our approach to technology and that “the adoption and exploitation of technology, particularly information and communication technologies, must become an integral component of the organizations functioning and performance.”
To make this happen the message must be spread beyond the IT, Membership and Development departments. Leadership in every organization needs to be engaged and the messages you hear today are messages that need to be repeated to CEOs and COOs in every Not for profit Organization.
You have seen this slide before, but I think it’s important to re-introduce it during the close. If your current technology platform looks like this, it does make data security more complex, not to mention increased costs due to continuing maintenance of each separate system, as well as reduced decision making capabilities because of multiple data silos thus making access to and protection of data more difficult. Not only complicating security efforts, but inhibiting your ability to – improve engagement and performance.
Your platform for engagement of your members and donors needs to look more like this!!
Massive change in communication is an opportunity to grow and thrive, but with this growth comes a greater need for protection. And at ASI, we take data security very seriously and it is fast becoming a key ingredient in the health of all our clients.
You’ve all seen this quote before….
CRMs were not designed to do this!! The ERA of CRM is over.
This member needs to register for a conference using her phone after her work out from the stadium steps and she doesn’t want to worry that by doing so the data she sends you is at risk.
Not sure how to move forward? The ASI success assessment helps identify gaps in your operations, in 4 key areas – recruit, engage, measure and grow. We use this analysis to help understand where you need to improve in order to drive member engagement and improve performance. If this interests you, let us know on the comment form.
This assessment can lead to further engage with us through the Success Partnership program!! The purpose of this program is for you to be able to prove to yourself that the era of CRM is over and you need an Engagement Management System. Again, if this interests you, just let us know on the comment form and we can provide you with further information.
So let’s all leave this meeting a little more prepared and aware, so that none of us are caught by surprise when we do have a data security breach. If you would please take a few moments to fill out the survey form we’ve distributed to you, and return those to us, we would really appreciate it.
Thank you for your time, and I, along with the other presenters, will be more than happy to take individual questions you may have. Thanks again!