AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summits
Speaker: Jonathan Allen, Enterprise Strategist, AWS
Hear why customers adopt, how you can follow and the positive impact of Financial Services customers choosing to use AWS Cloud. This session will be presented by Jonathan Allen – AWS Enterprise Strategist and Evangelist. Sharing some of his experience and lessons learned when he was the CTO of Capital One UK, across the paradigms of People, Process and Technology and leveraging first-hand knowledge of the AWS Cloud Adoption Framework and Mass Migration best practices.
International Journal of Computational Engineering Research(IJCER)ijceronline
International Journal of Computational Engineering Research(IJCER) is an intentional online Journal in English monthly publishing journal. This Journal publish original research work that contributes significantly to further the scientific knowledge in engineering and Technology.
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summits
Speaker: Jonathan Allen, Enterprise Strategist, AWS
Hear why customers adopt, how you can follow and the positive impact of Financial Services customers choosing to use AWS Cloud. This session will be presented by Jonathan Allen – AWS Enterprise Strategist and Evangelist. Sharing some of his experience and lessons learned when he was the CTO of Capital One UK, across the paradigms of People, Process and Technology and leveraging first-hand knowledge of the AWS Cloud Adoption Framework and Mass Migration best practices.
International Journal of Computational Engineering Research(IJCER)ijceronline
International Journal of Computational Engineering Research(IJCER) is an intentional online Journal in English monthly publishing journal. This Journal publish original research work that contributes significantly to further the scientific knowledge in engineering and Technology.
NetScaler: One Device, Every Need Guiding Enterprise IT to New HeightsePlus
Let's face it: sensitive data is more vulnerable than ever. Citrix's NetScaler App Firewall helps IT security leaders achieve application security and performance optimization capabilities. Thanks to ePlus, you've got a trusted IT integrator. And thanks to Citrix clearing the way with NetScaler, you've got an ADC that delivers flawless performance and cost savings that'll help carry your business well into the future.
CASB Workshop Part 2
(Technology Taxonomy for Cloud Security,Key Components of Cloud Security Architecture,Blue Print To Build Your Cloud Security Program,Basics of Cloud Security Access Brokers)
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan Singh
HIPAA's requirements serve to protect Protected Health Information (PHI) and Electronic Health Records (EHR) while PCI DSS concentrates on protected consumer credit card data. Both standards are highly effective in protecting the confidentiality of their patients and cardholders
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...Akamai Technologies
Akamai’s Kona Site Defender extends security beyond the data center while maintaining site performance and availability in the face of fast-changing threats. It leverages the power of the Akamai Intelligent Platform™ to detect, identify and mitigate Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks before they ever reach the origin.
Visit us to learn more: http://www.akamai.com/html/solutions/site-defender.html
Trust is no longer a factor of geography - your users have left the building aka your inside perimeter. Trust No One and secure your data and digital assets through adaptive access.
Akamai Security World Tour Stockholm May 14, 2019
Cloud Security Training Boot Camp by TONEX gives specialized points of interest on data, information , and capacity security in the cloud. All parts of verification, privacy, honesty, accessibility and security dangers and alleviations are secured.
IaaS/ PaaS / SaaS (SPI) for framework, stage, and programming as an administration demonstrate, security as an administration viewpoints are talked about. The course addresses put away information classification, cloud supplier tasks, personality and access administration in the cloud, accessibility administration and in addition protection.
All boot camp includes:
Experienced instructors including senior technology leaders, project managers, technical authors, engineers, educators, consultants, course developers, and CTOs.
Real life examples and practices.
Small class size.
Personalized instructor mentoring.
Pre-training discussions
Ongoing post-training support via e-mail, phone and WebEx.
Who Should Attend :
This course offers you detailed information on cloud computing security.
IT professional.
Information security and privacy practitioners.
Business managers.
Tech service providers.
People interested in cloud networking and security.
Objectives:
Review the current state of data security and storage in the cloud, including confidentiality, integrity, and availability
Learn about the identity and access management (IAM) practice for authentication, authorization, and auditing of the users accessing cloud services
Discover which security management frameworks and standards are relevant for the cloud
Understand the privacy aspects you need to consider in the cloud, including how they compare with traditional computing models
Learn the importance of audit and compliance functions within the cloud, and the various standards and frameworks to consider
Examine security delivered as a service-a different facet of cloud security
Course Outline :
Introduction to Cloud Computing
Cloud computing Security Framework
Cloud Security Reference Model
Overview of Cloud Security Risks
General Cloud Security Challenges
Cloud Security Control Model
Governing in the Cloud
TONEX Cloud Security Recommendations & Roadmaps.
Visit Tonex website to learn more
Cloud Security Training Crash Course
https://www.tonex.com/training-courses/cloud-security-training/
This webinar features ServiceNow Sr. Director of Security and Risk Practice, Bryce Schroeder who discusses how agencies can both enhance their cybersecurity situational awareness, and ensure incident tracking and response is aligned with their cyber priorities for protection of systems and information assets.
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
Collaboration often drives how we work especially when our workforce is mobile, when it is working off premises and serving clients in the field. Our employees adopt cloud solutions to communicate, exchange ideas and files, and to collaborate without our knowledge…this approach keeps security officers sleepless not only in Seattle but also in Columbus…
This presentation is an overview of Office 365 functionality, security and compliance (reporting) capabilities to manage information privacy, security and compliance risks, and related documentation. Office 365 email security and management, SharePoint collaboration platform and Azure Active Directory reporting will be reviewed. This is a business/technical (not in depth technical) presentation to help business / technical audience understand the security and functionality of Office 365 solution when considering cloud solutions adoption.
Web APIs are a primary target for malicious attacks on you and your digital assets. This presentation provides some effective API security approaches such as identifying API risks in business ecosystems, quaality and safety of APIs, and the risk from connected devices aka Internet of Things
Akamai Security World Tour Stockholm May 14, 2019 by Gerd Giese
At our winter East Midlands Cyber Security Forum event, Dave Walker gave a presentation looking at Amazon’s security approach for their web services, outlining the key tools that are available to ensure a secure deployment.
http://qonex.com/east-midlands-cyber-security-forum/
We had the opportunity to present at a BCS event. This presentation explored these three main aspects:
- What is trustworthy software?
- How do you build trustworthy software (supply side)
- How do you identify trustworthy software (demand side)?
NetScaler: One Device, Every Need Guiding Enterprise IT to New HeightsePlus
Let's face it: sensitive data is more vulnerable than ever. Citrix's NetScaler App Firewall helps IT security leaders achieve application security and performance optimization capabilities. Thanks to ePlus, you've got a trusted IT integrator. And thanks to Citrix clearing the way with NetScaler, you've got an ADC that delivers flawless performance and cost savings that'll help carry your business well into the future.
CASB Workshop Part 2
(Technology Taxonomy for Cloud Security,Key Components of Cloud Security Architecture,Blue Print To Build Your Cloud Security Program,Basics of Cloud Security Access Brokers)
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan Singh
HIPAA's requirements serve to protect Protected Health Information (PHI) and Electronic Health Records (EHR) while PCI DSS concentrates on protected consumer credit card data. Both standards are highly effective in protecting the confidentiality of their patients and cardholders
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...Akamai Technologies
Akamai’s Kona Site Defender extends security beyond the data center while maintaining site performance and availability in the face of fast-changing threats. It leverages the power of the Akamai Intelligent Platform™ to detect, identify and mitigate Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks before they ever reach the origin.
Visit us to learn more: http://www.akamai.com/html/solutions/site-defender.html
Trust is no longer a factor of geography - your users have left the building aka your inside perimeter. Trust No One and secure your data and digital assets through adaptive access.
Akamai Security World Tour Stockholm May 14, 2019
Cloud Security Training Boot Camp by TONEX gives specialized points of interest on data, information , and capacity security in the cloud. All parts of verification, privacy, honesty, accessibility and security dangers and alleviations are secured.
IaaS/ PaaS / SaaS (SPI) for framework, stage, and programming as an administration demonstrate, security as an administration viewpoints are talked about. The course addresses put away information classification, cloud supplier tasks, personality and access administration in the cloud, accessibility administration and in addition protection.
All boot camp includes:
Experienced instructors including senior technology leaders, project managers, technical authors, engineers, educators, consultants, course developers, and CTOs.
Real life examples and practices.
Small class size.
Personalized instructor mentoring.
Pre-training discussions
Ongoing post-training support via e-mail, phone and WebEx.
Who Should Attend :
This course offers you detailed information on cloud computing security.
IT professional.
Information security and privacy practitioners.
Business managers.
Tech service providers.
People interested in cloud networking and security.
Objectives:
Review the current state of data security and storage in the cloud, including confidentiality, integrity, and availability
Learn about the identity and access management (IAM) practice for authentication, authorization, and auditing of the users accessing cloud services
Discover which security management frameworks and standards are relevant for the cloud
Understand the privacy aspects you need to consider in the cloud, including how they compare with traditional computing models
Learn the importance of audit and compliance functions within the cloud, and the various standards and frameworks to consider
Examine security delivered as a service-a different facet of cloud security
Course Outline :
Introduction to Cloud Computing
Cloud computing Security Framework
Cloud Security Reference Model
Overview of Cloud Security Risks
General Cloud Security Challenges
Cloud Security Control Model
Governing in the Cloud
TONEX Cloud Security Recommendations & Roadmaps.
Visit Tonex website to learn more
Cloud Security Training Crash Course
https://www.tonex.com/training-courses/cloud-security-training/
This webinar features ServiceNow Sr. Director of Security and Risk Practice, Bryce Schroeder who discusses how agencies can both enhance their cybersecurity situational awareness, and ensure incident tracking and response is aligned with their cyber priorities for protection of systems and information assets.
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
Collaboration often drives how we work especially when our workforce is mobile, when it is working off premises and serving clients in the field. Our employees adopt cloud solutions to communicate, exchange ideas and files, and to collaborate without our knowledge…this approach keeps security officers sleepless not only in Seattle but also in Columbus…
This presentation is an overview of Office 365 functionality, security and compliance (reporting) capabilities to manage information privacy, security and compliance risks, and related documentation. Office 365 email security and management, SharePoint collaboration platform and Azure Active Directory reporting will be reviewed. This is a business/technical (not in depth technical) presentation to help business / technical audience understand the security and functionality of Office 365 solution when considering cloud solutions adoption.
Web APIs are a primary target for malicious attacks on you and your digital assets. This presentation provides some effective API security approaches such as identifying API risks in business ecosystems, quaality and safety of APIs, and the risk from connected devices aka Internet of Things
Akamai Security World Tour Stockholm May 14, 2019 by Gerd Giese
At our winter East Midlands Cyber Security Forum event, Dave Walker gave a presentation looking at Amazon’s security approach for their web services, outlining the key tools that are available to ensure a secure deployment.
http://qonex.com/east-midlands-cyber-security-forum/
We had the opportunity to present at a BCS event. This presentation explored these three main aspects:
- What is trustworthy software?
- How do you build trustworthy software (supply side)
- How do you identify trustworthy software (demand side)?
Internet of Things - how secure is it?IISPEastMids
Internet of Things Security event looked at how the Internet of Things operates; what advantages it could bring to you and your organisation; examines what the security issues are; and gave advice and guidance on how you can overcome them.
Managing and insuring cyber risk - a risk perspectiveIISPEastMids
Russell Price from the Cyber Risk & Insurance Forum, and Chair of the Continuity Forum. A presentation that looks at the role Cyber Insurance has to play in an overall approach to managing risk for a business. Given as part of the East Midlands Cyber Security Forum on 21st May. More details at https://www.nexor.com/iisp-east-midlands/may-2015.
Colin Robbins, Managing Consultant at Qonex, gives an overview of the key measures which companies need to put in place for effective information security governance.
First presented at the East Midlands Cyber Security Conference and Expo.
For more cyber security resources visit www.qonex.com
Simon Heron, Chief Technical Officer at Redscan briefly looked at how his organisation had attempted to tackle Insider Threat as part of the Insider Threat event
Colin Robbins, Managing Consultant from Qonex, looks at the government-backed scheme and gives a basic guideline on how SME’s can achieve Cyber Essentials.
First presented at the East Midlands Cyber Security Conference and Expo.
For more cyber security resources visit www.qonex.com
Managing and insuring cyber risk - coverage of insurance policiesIISPEastMids
Tim Johnson, a Cyber Insurance specialist from Browne Jacobson, looks in detail at what Cyber Insurance will cover businesses for and gave some tips on what to consider when deciding on a policy. Given as part of the East Midlands Cyber Security Forum on 21st May. More details at https://www.nexor.com/iisp-east-midlands/may-2015.
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Lilian Edwards looked at the basics on what you need to know about the new regulation.
http://qonex.com/east-midlands-cyber-security-forum/
The Impact of the General Data Protection Regulation - 10th May 2016IISPEastMids
This event looked at the new data protection regulation how it will effect your business. The event gave an overview of the new regulation as well as things that you need to watch out within the regulation when it comes into force in 2018.
http://qonex.com/east-midlands-cyber-security-forum/
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
At our Autumn East Midlands Cyber Security Forum event, Mark Chimely gave a presentation looking at the history of ransomware, and explained what ransomware is and how it can effect your business.
http://qonex.com/east-midlands-cyber-security-forum/
How to avoid becoming the next victim of ransomwareIISPEastMids
This event looked at what ransomware is, how it can effect your business, and the steps to prevent your business from becoming the next victim of ransomware.
http://qonex.com/east-midlands-cyber-security-forum/
Insider threat: tackling cyber security risk from inside your organisation. This event provided an overview of the current state of understanding of who the “insiders” are; how they operate; what motivates them and what threats they pose to information systems.
Cloud computing - Assessing the Security Risks - Jared Carstensenjaredcarst
This is the presentation I recently gave regarding cloud computing and the risks which are often not thought through.
Looks at the cloud from an Information Security and compliance aspect which is often forgotten.
Best wishes,
Jared Carstensen
Security in Clouds: Cloud security challenges – Software as a
Service Security, Common Standards: The Open Cloud Consortium – The Distributed management Task Force – Standards for application Developers – Standards for Messaging – Standards for Security, End user access to cloud computing, Mobile Internet devices and the cloud. Hadoop – MapReduce – Virtual Box — Google App Engine – Programming Environment for Google App Engine.
Predicting The Future: Security and Compliance in the Cloud AgeAlert Logic
The emergence of the Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) models are just two of many inflection points as IT migrates away from the traditional data centers and into the cloud, shifting more control over security from the enterprise to the service provider. How will your security and compliance strategy change when this transformation is complete? This presentation will explore technologies and strategies you need to adopt today to prepare to support security and compliance in the cloud age.
An educational overview of the Cloud Computing Ecosystem or Framework. This presentation is geared toward those who are just beginning to understand Cloud Computing.
Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is critical for any enterprise IT departments. This requires a set of 12 cloud-based apps including infrastructure as a service (IaaS), software as a service (SaaS) and platform as a service (PaaS). With Amazon Web Services (AWS) as an environment, we offer a guide to the key considerations for PCI DSS compliance
Presented at ISACA Indonesia Monthly Technical Meeting, 11 Dec 2019 at Telkom Landmark.
Key takeaways from my presentation:
1. Cloud customers have to understand the share responsibilities between customer and cloud provider
2. Different cloud service model (IaaS, PaaS, SaaS) has different audit methodology
3. Customer’s IT Auditor have to be trained to have the skills needed to audit the cloud service
4. Understanding IAM in Cloud is very important. Each Cloud Service Provider has different IAM mechanism
5. Understanding different type of audit logs in cloud platform is important for IT Auditor
With so many different cloud providers and solutions, how can organizations know which one meets their needs? Check out this presentation and learn more about this essential decision.
Building and Operating Clouds: What to Do Once You Hit The On Switch
Webinar presented by:
Roy Ritthaler, Sr. Director Product Marketing, BMC
Rich Plane, Director, Solution Development and Delivery, Harris Corp.
Attendees discovered:
Building and operating cloud environments is a known science
There are commercially viable software and solution provider opportunities in the market today for cloud
Leveraging out-of-the-box software, it’s now possible to achieve an enterprise-level, fully operational cloud
Managing risks related to vendors presents its own challenges particularly if they are high technology companies such as Cloud Service Providers (CSP).
Rob looked at who the first people you should call when suffering a data breach or a hack. He also explained how the first response unit deals with attacks and the practical steps to take.
This slideshare was originally presented at the East Midlands Cyber Security Forum's Autumn event on 19th October 2017 at University of Nottingham.
https://emcsf.org.uk/
Sam looked at some cases of data breaches and hacks and explained the importance of planning, cyber hygiene and recovery plans.
This slideshare was originally presented at the East Midlands Cyber Security Forum's Autumn event on 19th October 2017 at University of Nottingham.
https://emcsf.org.uk/
Colin Robbins provided an introduction to the internet of things and the security implications of using IoT devices.
This slideshare was originally presented at the East Midlands Cyber Security Forum's Summer event on 6th June 2017 at University of Nottingham.
https://emcsf.org.uk/
This event provided insight for organisations considering adopting Internet of Things (IoT) technology from a business perspective, and included the advantages of connecting things and the security implications of doing so.
https://emcsf.org.uk/
Jon Longstaff looked at the recent attacks on Ukraine power stations and talked about the security implications of IoT devices in industry and how to secure them.
This slideshare was originally presented at the East Midlands Cyber Security Forum's Summer event on 6th June 2017 at University of Nottingham.
https://emcsf.org.uk/
Graham Markall talked about the work that the IoTSF has done in securing the Internet of Things.
This slideshare was originally presented at the East Midlands Cyber Security Forum's Summer event on 6th June 2017 at University of Nottingham.
https://emcsf.org.uk/
Alisdair Ritchie gave a presentation talking about the work PETRAS is doing to protect and secure IoT devices.
This slideshare was originally presented at the East Midlands Cyber Security Forum's Summer event on 6th June 2017 at University of Nottingham.
https://emcsf.org.uk/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
2. About the presenter
Senior IT security at a global utility company
Worked in IT infrastructure and consultancy roles for
twenty five years
Involved with security related roles and projects for the
last ten years.
Assessing the security of cloud solutions for the last five
years.
3. Scope
This presentation will mainly discuss the issues around
adoption of Cloud services and data security, and the
approach of a multi-national utility company to cloud
service adoption.
We will look at the issues, and the assessment and
selection of cloud service providers.
How to minimise some of the loopholes with contracts
4. Recap - What is Cloud?
NIST – National Institute for Standards and Technology
The NIST Definition of Cloud Computing
Cloud computing is a model for enabling
ubiquitous, convenient, on-demand network access
to a shared pool of configurable computing
resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly
provisioned and released with minimal
management effort or service provider interaction.
5. Deployment and Service models
Cloud Deployment models
Private cloud.
Community cloud.
Public cloud.
Hybrid cloud.
Cloud Service models
IaaS – Infrastructure as a service
PaaS – Platform as a service
SaaS – Software or Application as a service
DBaaS – database as a service
BaaS – Business as a service
6. Fundamental business requirements are enabled and
supported by cloud-based application platforms.
Customer & Partner
Integration
Digital products, services
& businesses
Multi-Enterprise EcoSystem
Digital Utility Market
Transformation
Business Drivers
Quick response on
unpredictable demand or
requests of customers &
partners
Time to market / quick
availability of services and
products to customers &
partners
Flexible / scalable cost
(opex)
Analysis of large data
volumes to predict
customer demand /
service adoption
Business Requirements Cloud Characteristics
Elasticity
• Ability to handle expected &
unexpected changes in load
High Performance Computing
• “Infinite” computing capacity
aligned with demand
Cost Flexibility
• Flexible IT costs (as you go model)
• Low costs of adoption
• Low exit cost
Speed
• Faster availability of business
functionality
Why are we doing it?
7. The portfolio of application platforms will diversify and the usage of public
cloud services will increase.
Dedicated
platforms
Virtual Servers
Dedicated
platforms
Private cloud
(Paas, Iaas) &
Virtual Servers
Public Cloud
(SaaS)
Dedicated
platforms
Private cloud
(Paas, Iaas)
&
Virtual Servers
Public Cloud
(SaaS)
2013 2016 2020
Others (Cloud, SaaS)
Public Cloud
(IaaS, PaaS)
Public Cloud
(IaaS, PaaS)
How will it change in the future?
8. How do organisations use Cloud services?
Sanctioned Cloud Services
The IT organisation has assessed various CSPs
Security options included in service
Framework Contracts in place
Services are re-assessed regularly
Shadow IT
IT organisation has no knowledge
Paid for out of department budgets
No assessment of CSP
Security enhancements missing
9. The Challenge
To assess the abilities of Cloud Service Providers
and their offerings to provide adequate
security for the data and applications that will
entrusted to them.
10. What do we need to know?
Compliance
Data Governance
Human Resources
Information Security Policy
Legal
Operation Management
Risk Management
Release Management
Resiliency
Security Architecture
Audit Planning
Independent Audits
Third Party Audits
Contact / Authority Maintenance
Information System Regulatory
Mapping
Intellectual Property
Management Program
Impact Analysis
Business Continuity Planning
Environmental Risks
Equipment Location
Equipment Power Failures
Power / Telecommunications
11. Example: Where are they going to
process our data and do we care?
Security approach EU vs USA
Many public service providers are US based
US does not have general data privacy legislation
Safe Harbour was voluntary
EU very restrictive (Even more so with GDPR)
Strict rules on what can processed
Strict rules on where it can be processed
If you plan to use Personal Data in a cloud solution you
need to know that EU rules will be followed
13. CSP selection - Issues and approach
Traditional approach, compare third party
service offering with in house service hosting
Cloud providers will not provide information
about their internal hosting and processes
Unable to compare CSPs infrastructure model
directly
Need to discover what we can from what
they publish
Need to trust intermediary to verify security
measures not visible to us.
Need to trust information sources.
14. Assessment Processes for Sanctioned
Services
What can you do for yourselves?
CSA attestation (Cloud Security Alliance)
Self Certified
Audited once
Ongoing auditing
Custom assessment questionnaires
What do you cover?
ISO Accreditation
SOC Audits
15. CSA - https://cloudsecurityalliance.org
The Cloud Security Alliance (CSA) is the world’s leading
organization dedicated to defining and raising
awareness of best practices to help ensure a secure
cloud computing environment.
Star Attestation is based on type 2 SOC attestations
supplemented by the criteria in the Cloud Controls
Matrix (CCM).
Is based on a mature attest standard
Does not require the use of any criteria that were not
designed for, or readily accepted by cloud providers
Provides for robust reporting on the service provider’s
description of its system and on the service provider’s
controls, including a description of the service auditor’s
tests
16. Use of CSA Attestation
Where a CSP has filed a STAR attestation this can
be used as the basis for evaluation
CSA 3.0.1 Link
This requires expertise to evaluate
19. Custom assessment questionnaire
This can be used where there is no existing CSA
attestation or to tailor the information gathered.
We created Cloud Risks and Controls Analysis
This was based on CSA 1.3
This highlighted areas we were particularly
concerned about
We deleted topic areas about which we
were not concerned
Process intensive, takes a lot of effort to keep
up to date
Takes skill to operate
Tools needs frequent updates
20. What should be covered by Contract?
There are a number of topics which may require
specific references in contracts with CSPs, some
examples:
Location of processing of data
Regular production of Audit reports, SOC2, etc.
Regular report of results of pen testing
Incident management process
Change management process
Warning: Do not Expect CSPs do modify their service
to suit you!
21. Assessment Processes
What can you do if you don’t write your own
tool and the CSP is not CSA registered?
Cloud Access Security Broker services
Subscription services
Monitor thousands of CSPs
Regularly update compliance status
Add new CSPs and services as they
become available
Alert if CSP status changes
22. Shadow IT - Background
Shadow IT, also known as stealth IT, describes IT systems or solutions used
within an organisation without the approval, or often even the knowledge, of
corporate IT.
According to the customers of a major vendor of Cloud Service
Management Systems:
• 80% of employees admit to using unsanctioned SaaS
• Software-as-a-Service (SaaS) growing at 199%
• Infrastructure-as-a-Service (IaaS) growing at 122%
The intentions behind this practise are often good, but what appears to
employees to be a great solution, being cheap to buy, agile, and aiding
productivity, can be a huge downside to the company.
Shadow IT opens dangerous security holes that expose the corporate
network and the systems and data within it, to theft, malware, or loss.
There is no central co-ordination of procurement often leading to licensing,
technical and security issues.
23. How can the risks be mitigated?
Organisations which have an established security infrastructure can
monitor internet breakout and manually screen for unsanctioned cloud
service use.
This may be laborious and requires considerable house keeping effort to
keep up to date.
The use of a subscription service is probably going to be more secure
and cost effective, back to CASB services.
There are many tools and products available to evaluate what is
happening in the network.
Most have multi-functionality such as :
Cloud service discovery
Broker service
Policy enforcement
Careful selection of functionality enables the creation of a service fit for
your purpose.
The Objective should be to help the business by helping them to
embrace the cloud service model and realise the benefits while guiding
them towards the more secure solutions.
24. Typical Cloud Service Broker Solutions
Feature SP1 SP2 SP3
Encryption of data leaving the enterprise X X
Tokenization of data leaving the enterprise X
Broker service X X X
Classification of Information X
Cloud service discovery X X X
Investigate Usage X X
Malware Detection X
Discover anomalous behaviour X X
Event Alerting X X
DLP Solution X X X
Policy Enforcement X X
Enable Historical Analysis X
Cloud based service portal X X X
Products for major CSPs X X
SSL Inspection
Central Breakout agnostic (Can cover local breakout) X
Filtering
In Line Protection X
Integrates with SIEM X X
SaaS X X X
IaaS X X
PaaS X X
Customer keeps the keys X
25. Summary
To operate securely in the cloud care must be taken to
select the right cloud service provider.
Information a CSP will provide directly to the consumer
is limited.
They may provide more information via the CSA or to
broker services.
Contract clauses should cover specific important
areas of compliance
Maintaining you own tools requires a lot of effort and
knowledge.
Broker services may be appropriate, particularly if it is
intended to use many different CSPs.