Presented by Mr Hoo Chuan-Wei, Technical Advisor-APAC, (ISC)2, at the CISSP Preview Session, which was jointly organised with (ISC)2 Singapore Chapter on 27 Jun 2017.
Defining an IT Auditor,
IT Auditor Certifications & ISACA,
IT Audit Phases,
Preparing to be Audited,
How IT auditor audits an Applications,
Auditing technology for Information System.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Defining an IT Auditor,
IT Auditor Certifications & ISACA,
IT Audit Phases,
Preparing to be Audited,
How IT auditor audits an Applications,
Auditing technology for Information System.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
The security of information systems and business-critical information needs constant managing to ensure your operational continuity and data protection. ISO 27001 Information Security Management Systems certification allows you to stand out from the competition through strong information security measurement.
Complete coverage of CISSP 7th Chapter - Security Operations. I have made sure to cover all topics from three books in this presentation. For corrections, clarifications, please feel free to reach me.
Risk management is the process of analyzing exposure to risk and determining how to best handle such exposure.
Issues important to top management typically receive lot of attention from many quarters. Since top management cares about risk management, a number of popular IT risk-management frameworks have emerged.
One of the core Meaningful use measures requires providers to perform a security audit to ensure the protection of patient information. Learn more about what a security audit should entail, as well as potential risks and how configuration options within the SuccessEHS solution can be used to protect patient data.
Information Security between Best Practices and ISO StandardsPECB
Main points covered:
• Information Security best practices (ESA, COBIT, ITIL, Resilia)
• NIST security publications (NIST 800-53)
• ISO standards for information security (ISO 20000 and ISO 27000 series)
- Information Security Management in ISO 20000
- ISO 27001, ISO 27002 and ISO 27005
• What is best for me: Information Security Best Practices or ISO standards?
Presenter:
This webinar was presented by Mohamed Gohar. Mr.Gohar has more than 10 years of experience in ISM/ITSM Training and Consultation. He is one of the expert reviewers of CISA RM 26th edition (2016), ISM Senior Trainer/Consultant at EGYBYTE.
Link of the recorded session published on YouTube: https://youtu.be/eKYR2BG_MYU
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Due to the dramatic increase of threats worldwide, there is a need for the companies to find ways how to increase the information security. Therefore, one solution is to implement the ISO/IEC 27001 in order to protect information both internally and externally.
Main points that will be covered are:
• The scope of ISO 27001 & associated other standards references
• Information Security and ISIM Terminologies
• ISIM auditing principles
• Managing audit program & audit activities
Presenter:
Eng. Kefah El-Ghobbas is a specialist in ‘Business Process Excellence' through ‘Business Process Re-engineering' with over 20 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/rTxA8PVULUs
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Find out the SOC Cyber Security at Steppa. Our SOC contains several capabilities like process and break down any PC translated information, assess and distinguish suspicious and maicious web and system activities, visualize and monitor all threats in real time.
ISO27001 standard was revised and a new version was published in 2013. ISO27001 is also becoming more common Information Security standard among service providers. This presentation focuses on the recent changes in 2013 version and also the process for implementing and getting certified for ISO27001.
Following are the key objectives of this presentation:
Provide an introduction to ISO27001 and changes in 2013 version
Discuss the implementation approach for an Information Security Management System (ISMS) framework
Familiarize the audience with some common challenges in implementation
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
The security of information systems and business-critical information needs constant managing to ensure your operational continuity and data protection. ISO 27001 Information Security Management Systems certification allows you to stand out from the competition through strong information security measurement.
Complete coverage of CISSP 7th Chapter - Security Operations. I have made sure to cover all topics from three books in this presentation. For corrections, clarifications, please feel free to reach me.
Risk management is the process of analyzing exposure to risk and determining how to best handle such exposure.
Issues important to top management typically receive lot of attention from many quarters. Since top management cares about risk management, a number of popular IT risk-management frameworks have emerged.
One of the core Meaningful use measures requires providers to perform a security audit to ensure the protection of patient information. Learn more about what a security audit should entail, as well as potential risks and how configuration options within the SuccessEHS solution can be used to protect patient data.
Information Security between Best Practices and ISO StandardsPECB
Main points covered:
• Information Security best practices (ESA, COBIT, ITIL, Resilia)
• NIST security publications (NIST 800-53)
• ISO standards for information security (ISO 20000 and ISO 27000 series)
- Information Security Management in ISO 20000
- ISO 27001, ISO 27002 and ISO 27005
• What is best for me: Information Security Best Practices or ISO standards?
Presenter:
This webinar was presented by Mohamed Gohar. Mr.Gohar has more than 10 years of experience in ISM/ITSM Training and Consultation. He is one of the expert reviewers of CISA RM 26th edition (2016), ISM Senior Trainer/Consultant at EGYBYTE.
Link of the recorded session published on YouTube: https://youtu.be/eKYR2BG_MYU
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Due to the dramatic increase of threats worldwide, there is a need for the companies to find ways how to increase the information security. Therefore, one solution is to implement the ISO/IEC 27001 in order to protect information both internally and externally.
Main points that will be covered are:
• The scope of ISO 27001 & associated other standards references
• Information Security and ISIM Terminologies
• ISIM auditing principles
• Managing audit program & audit activities
Presenter:
Eng. Kefah El-Ghobbas is a specialist in ‘Business Process Excellence' through ‘Business Process Re-engineering' with over 20 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/rTxA8PVULUs
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Find out the SOC Cyber Security at Steppa. Our SOC contains several capabilities like process and break down any PC translated information, assess and distinguish suspicious and maicious web and system activities, visualize and monitor all threats in real time.
ISO27001 standard was revised and a new version was published in 2013. ISO27001 is also becoming more common Information Security standard among service providers. This presentation focuses on the recent changes in 2013 version and also the process for implementing and getting certified for ISO27001.
Following are the key objectives of this presentation:
Provide an introduction to ISO27001 and changes in 2013 version
Discuss the implementation approach for an Information Security Management System (ISMS) framework
Familiarize the audience with some common challenges in implementation
CISSP® is the most renowned certification in the information security domain. Our CISSP® certification training program aims to equip participants with in-demand technical and administrative competence to design, architect, and manage an organization’s security posture by applying internationally accepted information security standards.
CISSP® is the most renowned certification in the information security domain. Our CISSP® certification training program aims to equip participants with in-demand technical and administrative competence to design, architect, and manage an organization’s security posture by applying internationally accepted information security standards.
Register Here: https://www.infosectrain.com/courses/cissp-certification-training/
01Introduction to Information Security.pptit160320737038
A distributed system is a collection of computer programs that utilize computational resources across multiple, separate computation nodes to achieve a common, shared goal. Distributed systems aim to remove bottlenecks or central points of failure from a system.
Enumerating software security design flaws throughout the SSDLCJohn M. Willis
A tool and methodology to enumerate security functional requirements arising in the solution space is described. A proof of concept tool for use by security architects and security engineers is described. The tool facilitates use of community-developed security requirements packages, security functional requirements, threat model taxonomy including mitigations. A risk-based decision making process is facilitated. Tool outputs used for change checklist, new test requirements, system security plan, risk decision documentation, deferred controls, and inherited controls.
Enumerating software security design flaws throughout the ssdlc cosac - 201...John M. Willis
A tool and methodology to enumerate security functional requirements arising in the solution space is described. A proof of concept tool for use by security architects and security engineers is described. The tool facilitates use of community-developed security requirements packages, security functional requirements, threat model taxonomy including mitigations. A risk-based decision making process is facilitated. Tool outputs used for change checklist, new test requirements, system security plan, risk decision documentation, deferred controls, and inherited controls.
How to prepare for the CISSP Exam. A presentation created by the (ISC)2 Hellenic Chapter to assist and instruct those in Greece interested in pursuing the CISSP Certification.
The (ISC)2 Hellenic Chapter Team
Designing Impactful Services and User Experience - Lim Wee KheeNUS-ISS
In this engaging talk, we explore crafting impactful user-centric services, revealing the design principles that drive exceptional experiences. From empathetic customer journeys to innovative interfaces, learn how design can create meaningful connections, inspiring you to revolutionise your approach and drive lasting change in user satisfaction and brand success.
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...NUS-ISS
In today's digital age, the key to true transformation lies in our people. This talk will highlight the importance of digital fluency, emphasizing that everyone in an organization is now a digital professional. By synergizing the fundamental digital skills ranging from an agile mindset to making data-informed decisions and design thinking, we will discuss how a digitally skilled workforce can propel organizations to drive digital transformation with new heights of value creation. Though widespread workforce upskilling presents its challenges, this talk offers innovative organizational learning approaches that may pave the way to success. Join us to find out how to shape the future of your organization where success is defined not just by technology but by a workforce fully equipped with digital competencies, ready to take on whatever the future holds.
How the World's Leading Independent Automotive Distributor is Reinventing Its...NUS-ISS
In this captivating session, we'll unveil the profound impact of AI, poised to revolutionise the business landscape. Prepare to shift your perspective, as we transition from the lens of a data scientist to the visionary mindset of a product manager. We're about to demystify the captivating world of Generative AI, dispelling myths and illuminating its remarkable potential. We will also delve into the pioneering applications that Inchcape is leading, pushing the boundaries of what's achievable. Join us for an exhilarating journey into the future of AI, where professionalism meets unparalleled excitement, and innovation takes center stage!
The Importance of Cybersecurity for Digital TransformationNUS-ISS
In the rapidly evolving landscape of digital transformation, the importance of cybersecurity cannot be overstated. As organizations embrace digital technologies to enhance their operations, innovate, and connect with customers in new and dynamic ways, they simultaneously become more vulnerable to cyber threats.
This talk will discuss the importance of having a well thought through approach in dealing with cybersecurity in the form of a strategy that lays out the various programmes and initiatives that will underpin a secure and resilient digital transformation journey. Not surprisingly, having a pool of well-trained cybersecurity personnel is one of the key ingredient in a cyber strategy as exemplified in Singapore's own national cybersecurity strategy.
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...NUS-ISS
Join us for a deep dive into the art of architecting Customer Experience (CX) measurement frameworks and ensuring that CX metrics are precisely tailored for their intended purpose. In this engaging session, you'll walk away with actionable insights and a tangible plan for refining your measurement strategies. Discover how to craft CX measurement frameworks that align seamlessly with your business objectives, ensuring that your metrics deliver meaningful and robust insights. Whether you're seeking to enhance customer satisfaction, optimise processes, or drive innovation, this session will provide you with potential approaches and practical steps to bolster the effectiveness and relevance of your CX metrics. It's your blueprint for creating a customer-centric roadmap to success.
Understanding GenAI/LLM and What is Google Offering - Felix GohNUS-ISS
With the recent buzz on Generative AI & Large Language Models, the question is to what extent can these technologies be applied at work or when you're studying and how easy is it to manage/develop your own models? Hear from our guest speaker from Google as he shares some insights into how industries are evolving with these trends and what are some of Google's offerings from Duet AI in Google Workspace to the GenAI App Builder on Google Cloud.
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng TszeNUS-ISS
Enterprises striving to unlock value through digital products face a pivotal shift towards product-centric management, a transformation that carries its share of challenges. To navigate this journey successfully, close collaboration between Enterprise Architects and Digital Product Managers is essential. Together, they can craft the ideal strategy to deliver digital products on a grand scale. Join us in this session as we shed light on the critical interactions and activities that foster synergy between Enterprise Architects and Digital Product Managers. Discover how this collaboration paves the way for effective product-centric management, enabling enterprises to harness the full potential of their digital offerings.
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...NUS-ISS
We find ourselves in an era of exponential growth and transformation. The relentless pace of technological advancement is reshaping our world at a rate never seen before, making it increasingly challenging to stay abreast of these rapid developments. Join us for an insightful talk where we embark on a journey to explore the most significant technology trends set to unfold over the next decade. These trends promise to be nothing short of seismic, with the power to reshape every facet of our lives, from the way we work and learn to how we forge relationships and structure our society. Prepare to be enlightened as we delve into a future where the very fabric of our existence is on the brink of transformation. This talk is your compass to navigate the uncharted territory of tomorrow's world, and it's an opportunity you won't want to miss.
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...NUS-ISS
The hottest topic in the tech world right now is generative AI. In this session, we go beyond the hype to delve into honest answers about how generative AI is impacting the future of work. This is an important topic for all digital leaders to have a thorough understanding of when driving digital transformation.
Supply Chain Security for Containerised Workloads - Lee Chuk MunnNUS-ISS
Containers have emerged as an indispensable component of modern cloud-native applications, serving diverse roles from development environments to application distribution and deployment on platforms like Azure's App Service and Kubernetes. In this presentation, we will delve into a suite of powerful tools designed to ensure the adoption of best practices in container management. You'll gain insights into how to scan container images rigorously, identifying and mitigating vulnerabilities effectively. We'll also explore the art of generating comprehensive software bill of materials (SBOM) for your containers and the significance of signing container images for enhanced security. The ultimate goal of this presentation is to empower you with the knowledge and skills necessary to seamlessly integrate these tools and practices into your CI (Continuous Integration) pipelines. By the end of this session, you'll be well-equipped to fortify your container workflows, delivering secure and robust cloud-native applications that thrive in today's dynamic digital landscape.
The future is always uncertain. To be truly future-ready, companies need the ability to quickly learn and adapt and to foster a culture of continuous curiosity and experimentation. But how can we facilitate rapid learning throughout the organisation? What will the future of learning look like for you? How can we ensure our organisations become engines of growth through learning?
The future is always uncertain. To be truly future-ready, companies need the ability to quickly learn and adapt and to foster a culture of continuous curiosity and experimentation. But how can we facilitate rapid learning throughout the organisation? What will the future of learning look like for you? How can we ensure our organisations become engines of growth through learning?
Site Reliability Engineer (SRE), We Keep The Lights On 24/7NUS-ISS
There are many phases in the software development cycle, from requirements to development and testing, but at the tail of the process, is an often overlooked aspect: deployment and delivery. With the paradigm shift of delivering on-site software to offering software-as-a-service, Site Reliability Engineering is beginning to take a greater role in product delivery.
This session aims to give a glimpse of the work that goes into site reliability engineering (SRE) and effort that goes into keeping a service going 24/7.
Product Management in The Trenches for a Cloud ServiceNUS-ISS
More often than not, people’s perception of Product Management is usually centred around the definition, management and prioritisation of software features and functionality. While that is largely true, it is also one of many things that a Product Manager needs to focus on, given limited time and resources.
This session aims to provide an unfiltered view of how Product Management looks like in the context of Enterprise Cloud Applications development, the challenges confronting Product Managers, and the tradeoff decisions to be made in order to overcome these challenges.
All this, while shipping a working product with each release that will surprise and delight the end user.
Overview of Data and Analytics Essentials and FoundationsNUS-ISS
As companies increasingly integrate data across functions, the boundaries between marketing, sales and operations have been blurring. This allows them to find new opportunities that arise by aligning and integrating the activities of supply and demand to improve commercial effectiveness. Instead of conducting post-hoc analyses that allow them to correct future actions, companies generate and analyze data in near real-time and adjust their operations processes dynamically. Transitioning from static analytics outputs to more dynamic contextualized insights means analytics can be delivered with increased relevance closer to the point of decision.
This talk will cover the analytics journey from descriptive, predictive and prescriptive analytics to derive actionable and timely insights to improve customer experience to drive marketing, salesforce and operations excellence.
With the use of Predictive Analytics, companies are able to predict future trends based on existing available data. The actionable business predictions can help companies achieve cost savings, higher revenue, better resource allocation and efficiency. Predictive analytics has been used in various sectors such as banking & finance, sales & marketing, logistics, retail, healthcare, F&B, etc. for various purposes.
Get set to learn more about the different stages of predictive analytics modelling such as data collection & preparation, model development & evaluation metrics, and model deployment considerations will be discussed.
In this digital transformation era, we have seen the rise of digital platforms and increased usages of devices particularly in the area of wearables and the Internet of Things (IoT). Given the fast pace change to the IoT landscape and devices, data has become one of the important source of truth for analytics and continuous streaming of data from sensors have also emerged as one of the fuel that revolutionise the emergence of IoT. These includes health telematics, vehicle telematics, predictive maintenance of equipment, manufacturing quality management, consumer behaviour, and more. With this, we will give you an introduction on how to leverage the power of data science and machine learning to understand and explore feature engineering of IoT and sensor data.
Diagnosing Complex Problems Using System ArchetypesNUS-ISS
In today’s VUCA world, we are faced with problems coming in fast and furious. In order to resolve such problems quickly, we need to first understand the problems. One of the techniques to understand complex problem is through the use of system archetypes. System archetypes are patterns of behaviour of a system. Let’s us explore some of the system archetypes in this session as well as tips on how to resolve them.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
CISSP Preview - For the next generation of Security Leaders
1.
2. OVERVIEW OF 8 DOMAINS
A look into the 8 domains in the CISSP CBK
3. 3
CISSP 8 Domains
1. Security and Risk Management
(Security, Risk, Compliance, Law, Regulations, Business Continuity)
2. Asset Security
(Protecting Security of Assets)
3. Security Engineering
(Engineering and Management of Security)
4. Communications and Network Security
(Designing and Protecting Network Security)
5. Identity and Access Management
(Controlling Access and Managing Identity)
6. Security Assessment and Testing
(Designing, Performing, and Analyzing Security Testing)
7. Security Operations
(Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
8. Software Development Security
(Understanding, Applying, and Enforcing Software Security)
Effective April 15, 2015
4. 4
CISSP Domain & Weights
Domains Weight
1. Security and Risk Management 16%
2. Asset Security 10%
3. Security Engineering 12%
4. Communication and Network Security 12%
5. Identity and Access Management 13%
6. Security Assessment and Testing 11%
7. Security Operations 16%
8. Software Development Security 10%
Total 100%
5. 5
Security & Risk Management
The Security and Risk Management provides you with
the framework and policies, concepts, principles,
structures, and standards used to establish criteria
for the protection of information assets and to assess
the effectiveness of that protection. It includes issues
of governance, organizational behavior, and security
awareness.
6. 6
Security & Risk Management
• Understand and apply concepts of confidentiality,
integrity and availability
• Apply security governance principles
• Compliance
• Understand legal and regulatory issues that pertain
to information security in a global context
• Understand professional ethics
• Develop and implement documented security
policy, standards, procedures, and guidelines
7. 7
Security & Risk Management
• Understand business continuity requirements
• Contribute to personnel security policies
• Understand and apply risk management concepts
• Understand and and apply threat modeling
• Integrate security risk considerations into
acquisition strategy and practice
• Establish and manage information security
education, training, and awareness
8. 8
Asset Security
The Asset Security domain provides you with the
concepts, principles, structures, and standards used
to monitor and secure assets and those controls
used to enforce various levels of confidentiality,
integrity, and availability.
9. 9
Asset Security
• Classify information and supporting assets
• Determine and maintain ownership
• Protect privacy
• Ensure appropriate retention
• Determine data security controls
• Establish handling requirements
10. 10
Security Engineering
The Security Engineering domain provides you with
the concepts, principles, structures, and standards
used to design, implement, monitor, and secure
operating systems, equipment, networks,
applications, and those controls used to enforce
various levels of confidentiality, integrity, and
availability.
11. 11
Security Engineering
• Implement and manage engineering processes using
secure design principles
• Understand the fundamental concepts of security
models
• Select controls and countermeasures based upon
systems security evaluation models
• Understand security capabilities of information
systems
• Assess and mitigate the vulnerabilities of security
architectures, designs, and solution elements
12. 12
Security Engineering
• Assess and mitigate the vulnerabilities in web-based
systems
• Assess and mitigate vulnerabilities in mobile systems
• Assess and mitigate vulnerabilities in embedded
devices and cyber-physical systems
• Apply cryptography
• Apply secure principles to site and facility design
• Design and implement physical security
13. 13
Communications & Network Security
The Communications and Network Security domain
provides you with an understanding of network
security related to structures, methods, formats, and
measures for the transmission of information.
14. 14
Communications & Network Security
• Apply secure design principles to network
architecture
• Secure network components
• Design and establish secure communication
channels
• Prevent or mitigate network attacks
15. 15
Identity and Access Management
The Identity and Access Management domain
provides the basis for the understanding how access
management works, why it is a key security discipline,
and how each individual component to be discussed
in this chapter relates to the overall access
management universe. The most fundamental and
significant concept to master is a precise definition of
the term “access control”.
16. 16
Identity and Access Management
• Control physical and logical access to assets
• Manage identification and authentication of people
and devices
• Integrate identity as a service
• Integrate third-party identity services
• Implement and manage authorization mechanisms
• Prevent or mitigate access control attacks
• Manage the identity and access provisioning
lifecycle
17. 17
Security Assessment and Testing
The Security Assessment and Testing domain
provides you with the knowledge to assist in
managing the risks involved in developing, producing,
operating, and sustaining systems and capabilities.
18. 18
Security Assessment and Testing
• Design and validate assessment and test
strategies
• Conduct security control testing
• Collect security process data
• Analyze and report test outputs
• Understand the vulnerabilities of security
architectures
19. 19
Security Operations
The Security Operations domain covers operations
security and security operations. Operations security
is primarily concerned with the protection and control
of information processing assets in centralized and
distributed environments. Security operations is
primarily concerned with the daily tasks required to
keep security services operating reliably and
efficiently.
20. 20
Security Operations
• Understand and support investigations
• Understand requirements for investigation types
• Conduct logging and monitoring activities
• Secure the provisioning of resources
• Understand and apply foundational security operations
concepts
• Employ resource protection techniques
• Conduct incident management
• Operate and maintain preventative measures
21. 21
Security Operations
• Implement and support patch and vulnerability
management
• Participate in and understand change management
processes
• Implement recovery strategies
• Implement disaster recovery processes
• Test disaster recover plans
• Participate in business continuity planning and exercises
• Implement and manage physical security
• Participate in addressing personnel safety concerns
22. 22
Software Security Development
The Software Security Development domain provides
you with the abilities required to ensure that the
focus of the enterprise security architecture includes
application development, since many information
security incidents involve software vulnerabilities in
one form or another.
23. 23
Software Development Security
• Understand and apply security in the software
development lifecycle
• Enforce security controls in development
environments
• Assess the effectiveness of software security
• Assess security impact of acquired software
24. 24
CISSP Exam
• 250 Questions
– 225 questions are graded
• Multiple choice questions
– One answer is correct or is the “BEST” answer
• 6 hours given to complete the exam
• Passing grade is 700 out of 1000 points
26. 26
(ISC)² Education
Official (ISC)² Education Products
Official (ISC)² Guide to the CISSP CBK
Textbook
Official (ISC)² CISSP Study Guide
CISSP for Dummies
CISSP Practice Tests
Official Study App
Exam Outline
Official (ISC)² Training
Interactive Flashcards
For details: https://www.isc2.org/cissp-exam-prep/
27. 27
CISSP Exam Preparation
• Self-Study Tools
– CISSP Exam Outline
– Official (ISC)² Guide to the CISSP CBK, 4th Edition
– Official (ISC)² CISSP Study Guide, 7th Edition
– CISSP for Dummies, 5th Edition
– Official (ISC)² CISSP Practice Tests
– Official CISSP Study App
– Official (ISC)² CISSP Flash Cards
29. 29
Download the Exam Outline
• Provides a comprehensive overview of the
domains and key areas of knowledge
• Examination qualification requirements
• Includes a suggested reference list
• Download >> www.isc2.org/exam-outline
30. 30
Official (ISC)² Guide to the CISSP
CBK, Fourth Edition
• Aligns with the 8 domains
• Real work examples
• Glossary with over 400 terms
• End of domain review questions
• Only textbook endorsed by (ISC)²
• Available in hard cover, iTunes,
and Kindle
• Learn more >> www.isc2.org/official-isc2-textbooks
31. 31
Official (ISC)² Training Seminar
• Official (ISC)² courseware
• Taught by an authorized (ISC)² instructor
• Student handbook
• Real-world learning activities and scenarios
• Interactive and engaging learning techniques
• Available online, in classroom, or private on-site
• Learn more >> www.isc2.org/cissprevsem