This is a concept of how to manage an innovative organization that can accelerate and useful for change innovation mindset capability. also useful for technology manager to understand how to introduce technology in the uncertainty market in the world.
This is a concept of how to manage an innovative organization that can accelerate and useful for change innovation mindset capability. also useful for technology manager to understand how to introduce technology in the uncertainty market in the world.
2024 State of Marketing Report – by HubspotMarius Sescu
https://www.hubspot.com/state-of-marketing
· Scaling relationships and proving ROI
· Social media is the place for search, sales, and service
· Authentic influencer partnerships fuel brand growth
· The strongest connections happen via call, click, chat, and camera.
· Time saved with AI leads to more creative work
· Seeking: A single source of truth
· TLDR; Get on social, try AI, and align your systems.
· More human marketing, powered by robots
ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
The realm of product design is a constantly changing environment where technology and style intersect. Every year introduces fresh challenges and exciting trends that mold the future of this captivating art form. In this piece, we delve into the significant trends set to influence the look and functionality of product design in the year 2024.
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits.
To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups.
Technology
For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did.
While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis.
Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad.
Age and Gender
When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same.
Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers.
Race Affects Attitudes
As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
Creative operations teams expect increased AI use in 2024. Currently, over half of tasks are not AI-enabled, but this is expected to decrease in the coming year. ChatGPT is the most popular AI tool currently. Business leaders are more actively exploring AI benefits than individual contributors. Most respondents do not believe AI will impact workforce size in 2024. However, some inhibitions still exist around AI accuracy and lack of understanding. Creatives primarily want to use AI to save time on mundane tasks and boost productivity.
Organizational culture includes values, norms, systems, symbols, language, assumptions, beliefs, and habits that influence employee behaviors and how people interpret those behaviors. It is important because culture can help or hinder a company's success. Some key aspects of Netflix's culture that help it achieve results include hiring smartly so every position has stars, focusing on attitude over just aptitude, and having a strict policy against peacocks, whiners, and jerks.
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
PepsiCo provided a safe harbor statement noting that any forward-looking statements are based on currently available information and are subject to risks and uncertainties. It also provided information on non-GAAP measures and directing readers to its website for disclosure and reconciliation. The document then discussed PepsiCo's business overview, including that it is a global beverage and convenient food company with iconic brands, $91 billion in net revenue in 2023, and nearly $14 billion in core operating profit. It operates through a divisional structure with a focus on local consumers.
Content Methodology: A Best Practices Report (Webinar)contently
This document provides an overview of content methodology best practices. It defines content methodology as establishing objectives, KPIs, and a culture of continuous learning and iteration. An effective methodology focuses on connecting with audiences, creating optimal content, and optimizing processes. It also discusses why a methodology is needed due to the competitive landscape, proliferation of channels, and opportunities for improvement. Components of an effective methodology include defining objectives and KPIs, audience analysis, identifying opportunities, and evaluating resources. The document concludes with recommendations around creating a content plan, testing and optimizing content over 90 days.
How to Prepare For a Successful Job Search for 2024Albert Qian
The document provides guidance on preparing a job search for 2024. It discusses the state of the job market, focusing on growth in AI and healthcare but also continued layoffs. It recommends figuring out what you want to do by researching interests and skills, then conducting informational interviews. The job search should involve building a personal brand on LinkedIn, actively applying to jobs, tailoring resumes and interviews, maintaining job hunting as a habit, and continuing self-improvement. Once hired, the document advises setting new goals and keeping skills and networking active in case of future opportunities.
A report by thenetworkone and Kurio.
The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands.
It’s important that you’re ready to implement new strategies in 2024.
Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024.
You’ll learn:
- The latest trends in AI and automation, and what this means for an evolving paid search ecosystem.
- New developments in privacy and data regulation.
- Emerging ad formats that are expected to make an impact next year.
Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape.
If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.
5 Public speaking tips from TED - Visualized summarySpeakerHub
From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world.
With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively.
The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage.
Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience.
See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers
See the original article on Forbes here:
http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world.
Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance.
For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age.
Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.
The document provides career advice for getting into the tech field, including:
- Doing projects and internships in college to build a portfolio.
- Learning about different roles and technologies through industry research.
- Contributing to open source projects to build experience and network.
- Developing a personal brand through a website and social media presence.
- Networking through events, communities, and finding a mentor.
- Practicing interviews through mock interviews and whiteboarding coding questions.
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
1. Core updates from Google periodically change how its algorithms assess and rank websites and pages. This can impact rankings through shifts in user intent, site quality issues being caught up to, world events influencing queries, and overhauls to search like the E-A-T framework.
2. There are many possible user intents beyond just transactional, navigational and informational. Identifying intent shifts is important during core updates. Sites may need to optimize for new intents through different content types and sections.
3. Responding effectively to core updates requires analyzing "before and after" data to understand changes, identifying new intents or page types, and ensuring content matches appropriate intents across video, images, knowledge graphs and more.
A brief introduction to DataScience with explaining of the concepts, algorithms, machine learning, supervised and unsupervised learning, clustering, statistics, data preprocessing, real-world applications etc.
It's part of a Data Science Corner Campaign where I will be discussing the fundamentals of DataScience, AIML, Statistics etc.
Time Management & Productivity - Best PracticesVit Horky
Here's my presentation on by proven best practices how to manage your work time effectively and how to improve your productivity. It includes practical tips and how to use tools such as Slack, Google Apps, Hubspot, Google Calendar, Gmail and others.
The six step guide to practical project managementMindGenius
The six step guide to practical project management
If you think managing projects is too difficult, think again.
We’ve stripped back project management processes to the
basics – to make it quicker and easier, without sacrificing
the vital ingredients for success.
“If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.”
Dr Andrew Makar, Tactical Project Management
2024 State of Marketing Report – by HubspotMarius Sescu
https://www.hubspot.com/state-of-marketing
· Scaling relationships and proving ROI
· Social media is the place for search, sales, and service
· Authentic influencer partnerships fuel brand growth
· The strongest connections happen via call, click, chat, and camera.
· Time saved with AI leads to more creative work
· Seeking: A single source of truth
· TLDR; Get on social, try AI, and align your systems.
· More human marketing, powered by robots
ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
The realm of product design is a constantly changing environment where technology and style intersect. Every year introduces fresh challenges and exciting trends that mold the future of this captivating art form. In this piece, we delve into the significant trends set to influence the look and functionality of product design in the year 2024.
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits.
To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups.
Technology
For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did.
While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis.
Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad.
Age and Gender
When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same.
Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers.
Race Affects Attitudes
As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
Creative operations teams expect increased AI use in 2024. Currently, over half of tasks are not AI-enabled, but this is expected to decrease in the coming year. ChatGPT is the most popular AI tool currently. Business leaders are more actively exploring AI benefits than individual contributors. Most respondents do not believe AI will impact workforce size in 2024. However, some inhibitions still exist around AI accuracy and lack of understanding. Creatives primarily want to use AI to save time on mundane tasks and boost productivity.
Organizational culture includes values, norms, systems, symbols, language, assumptions, beliefs, and habits that influence employee behaviors and how people interpret those behaviors. It is important because culture can help or hinder a company's success. Some key aspects of Netflix's culture that help it achieve results include hiring smartly so every position has stars, focusing on attitude over just aptitude, and having a strict policy against peacocks, whiners, and jerks.
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
PepsiCo provided a safe harbor statement noting that any forward-looking statements are based on currently available information and are subject to risks and uncertainties. It also provided information on non-GAAP measures and directing readers to its website for disclosure and reconciliation. The document then discussed PepsiCo's business overview, including that it is a global beverage and convenient food company with iconic brands, $91 billion in net revenue in 2023, and nearly $14 billion in core operating profit. It operates through a divisional structure with a focus on local consumers.
Content Methodology: A Best Practices Report (Webinar)contently
This document provides an overview of content methodology best practices. It defines content methodology as establishing objectives, KPIs, and a culture of continuous learning and iteration. An effective methodology focuses on connecting with audiences, creating optimal content, and optimizing processes. It also discusses why a methodology is needed due to the competitive landscape, proliferation of channels, and opportunities for improvement. Components of an effective methodology include defining objectives and KPIs, audience analysis, identifying opportunities, and evaluating resources. The document concludes with recommendations around creating a content plan, testing and optimizing content over 90 days.
How to Prepare For a Successful Job Search for 2024Albert Qian
The document provides guidance on preparing a job search for 2024. It discusses the state of the job market, focusing on growth in AI and healthcare but also continued layoffs. It recommends figuring out what you want to do by researching interests and skills, then conducting informational interviews. The job search should involve building a personal brand on LinkedIn, actively applying to jobs, tailoring resumes and interviews, maintaining job hunting as a habit, and continuing self-improvement. Once hired, the document advises setting new goals and keeping skills and networking active in case of future opportunities.
A report by thenetworkone and Kurio.
The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands.
It’s important that you’re ready to implement new strategies in 2024.
Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024.
You’ll learn:
- The latest trends in AI and automation, and what this means for an evolving paid search ecosystem.
- New developments in privacy and data regulation.
- Emerging ad formats that are expected to make an impact next year.
Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape.
If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.
5 Public speaking tips from TED - Visualized summarySpeakerHub
From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world.
With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively.
The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage.
Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience.
See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers
See the original article on Forbes here:
http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world.
Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance.
For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age.
Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.
The document provides career advice for getting into the tech field, including:
- Doing projects and internships in college to build a portfolio.
- Learning about different roles and technologies through industry research.
- Contributing to open source projects to build experience and network.
- Developing a personal brand through a website and social media presence.
- Networking through events, communities, and finding a mentor.
- Practicing interviews through mock interviews and whiteboarding coding questions.
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
1. Core updates from Google periodically change how its algorithms assess and rank websites and pages. This can impact rankings through shifts in user intent, site quality issues being caught up to, world events influencing queries, and overhauls to search like the E-A-T framework.
2. There are many possible user intents beyond just transactional, navigational and informational. Identifying intent shifts is important during core updates. Sites may need to optimize for new intents through different content types and sections.
3. Responding effectively to core updates requires analyzing "before and after" data to understand changes, identifying new intents or page types, and ensuring content matches appropriate intents across video, images, knowledge graphs and more.
A brief introduction to DataScience with explaining of the concepts, algorithms, machine learning, supervised and unsupervised learning, clustering, statistics, data preprocessing, real-world applications etc.
It's part of a Data Science Corner Campaign where I will be discussing the fundamentals of DataScience, AIML, Statistics etc.
Time Management & Productivity - Best PracticesVit Horky
Here's my presentation on by proven best practices how to manage your work time effectively and how to improve your productivity. It includes practical tips and how to use tools such as Slack, Google Apps, Hubspot, Google Calendar, Gmail and others.
The six step guide to practical project managementMindGenius
The six step guide to practical project management
If you think managing projects is too difficult, think again.
We’ve stripped back project management processes to the
basics – to make it quicker and easier, without sacrificing
the vital ingredients for success.
“If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.”
Dr Andrew Makar, Tactical Project Management
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
C-SEC|2016 Session 3 How to pass and get certify on the new cyber/cloud security standards by AC & BV
1. How to Pass and Get Certify on the New
Cyber/Cloud Security Standards Toward Cyber Resilience
Venue: Glowfish
ธีรเดช วิบูลพัฒนะวงศ์
Teeradej Vibulpatanavong
Quality & IT Product Manager
Date: 23 Nov 16
2. 2ISSUE : November 2016 Cyber Resilience Audit & Certification
วัตถุประสงค์ของการสัมมนา
► เพื่อให้ผู้เข้าสัมมนารับทราบถึง
► Cyber Resilience กับ Business Continuity
► Cyber Resilience กับ Cybersecurity และ Information Security
► การตรวจประเมิน และ การรับรอง
► การเพิ่มเติมมาตการควบคุมสาหรับ ISO/IEC 27001: 2013
► ISO/IEC 27032 Guidelines for cybersecurity
► ISO/IEC 27017 Information security controls for cloud services
► ISO/IEC 27018 Protection of PII in public clouds
► เพื่อให้ผู้เข้าสัมมนาสามารถนาความรู้ไปประยุกต์ใช ้งาน และในการขอการรับรองระบบ
บริหารด้านความมั่นคงปลอดภัยของสารสนเทศ
4. 4ISSUE : November 2016 Cyber Resilience Audit & Certification
Bureau Veritas at a Glance
►Created in 1828
►A global leader in conformity
assessment services in the areas of
quality, health and safety, environment
and social responsibility (QHSE)
Network of more than 700 offices in 140 countries
Over 26,000 skilled employees
►Eight global businesses providing
a complete set of services
Services include: Inspection, testing, audit, certification,
classification, risk management, outsourcing, consulting and
training services
►Servicing 280,000 customers across a
wide range of end markets
Marine 11%
Inspection &
In-Service
Verification
13%
Certification
11%
HSE
10%
Industry
13%
Government Services 8%
Consumer Products
14%
Construction
20%
Asia Pacific &
Middle East
22%
Europe
22%
Americas
18%
France
33%
Africa 5%
1. 2006 revenue breakdown.
Broad Geographic Presence1
Eight Global Businesses1
5. 5ISSUE : November 2016 Cyber Resilience Audit & Certification
Our Profession : QHSE Compliance
Reference Standard Action Deliverable
Assessment
Full Independence
from any
Design / Manufacturing / Contracting / Insurance
6. 6ISSUE : November 2016 Cyber Resilience Audit & Certification
A Balanced Portfolio of Activities
Marine ► Ship classification, ship and marine equipment certification, technical assistance and outsourcing services
Industry
► Conformity assessment of industrial equipment and installations to regulatory or client specifications from
feasibility stage to de-commissioning
► Services include design review, shop inspection, site inspection, asset integrity management, product
certification and related testing services such as non-destructive testing
Inspection & In-Service
Verification (IVS)
► Periodic inspection of equipment and installations to assess conformity with regulations or client-specific
requirements
► Services apply to electrical installations, fire safety systems, lifts, pressure and lifting equipment, and machinery
Construction
► Conformity assessment of construction projects to local regulations and construction standards, from design
stage to completion
► Services include design review, code compliance, technical control, on-site safety coordination, testing
of construction materials, asset management and technical due diligence services
Health, Safety and
Environment (HSE)
► Inspection, audit, measurement and testing services in the areas of environment and health and safety
► Technical assistance and consultancy services to help companies define their HSE management strategy and
improve their performances
Certification
► Certification of management systems and processes in the areas of quality, health and safety, environment
and social responsibility based on public standards
► Second party auditing services based on customer-specific or Bureau Veritas standards
Consumer Products
► Testing, inspection and certification of consumer goods including textile, hardlines, toys, electrical and
electronics
► Factory audits, social responsibility audits and training services
Government Services
and International Trade
(GSIT)
► Government Services: Pre-Shipment Inspection, X-Ray Scanning, Verification of Conformity of imported
products
► International Trade: Commodity quantity/quality assurance, automotive services
Eight global businesses providing strong growth and cross-selling opportunities
7. 7ISSUE : November 2016 Cyber Resilience Audit & Certification
Our Logo
Logo Change
From To
Certification Mark Change
From To
Effectivesince 17 January 2007
9. 9ISSUE : November 2016 Cyber Resilience Audit & Certification
Cyber
Security
Cyber
Resilience
Business
Resilience
Cyber Resilience = Cyber Security + Business Resilience
Cyber Resilience: A simple explanation
Information
Security
Business
Continuity
10. 10ISSUE : November 2016 Cyber Resilience Audit & Certification
Cyber Resilience: A Definition
Cyber Resilience
►นิยาม (Definition):
► an entity's ability to continuously deliver the intended outcome despite
adverse cyber events.
► ความสามารถขององค์กร ในการส่งมอบผลลัพธ์ที่ต้องการได้อย่างต่อเนื่อง
แม้เกิดเหตุการณ์รุนแรงด้านไซเบอร์
►วัตถุประสงค์(Objectives):
เพื่อให้องค์กรรักษาความสามารถในการส่งมอบผลลัพธ์ที่ต้องการได้อย่างต่อเนื่อง ตลอดเวลา
►จุดเน้น (Focus):
มาตรการในการป้องกัน ตรวจจับ โต้ตอบ ในสภาพแวดล้อมเทคโนโลยีสารสนเทศ เพื่อประเมินช่องโหว่และนาไปสูง
การปรับปรุงความมั่นคงปลอดภัยขององค์กรในภาพรวม
11. 11ISSUE : November 2016 Cyber Resilience Audit & Certification
Definition
Resilience:
►ability of an organization to absorb the impact of a sudden
business interruption and continue to provide a minimum acceptable
level of service.
►ability to prepare for and adapt to changing conditions and
withstand and recover rapidly from disruptions
[Presidential Policy Directive PPD-21, USA]
►ability of an organization to resist being affected by an incident
[BS25999-2: 2007]
►ability of a business to spring back from a disruption to its
operations [Hannah Snyder, 22 April 2013]
Resilience: A Definition
12. 12ISSUE : November 2016 Cyber Resilience Audit & Certification
Business Continuity กับ Business Resilience
Business Continuity
►นิยาม:
capability of the organization to continue delivery of products or
services at acceptable predefined levels following disruptive incident
ความสามารถขององค์กร ในการส่งมอบผลิตภัณฑ์หรือบริการที่ระดับที่กาหนด ภายหลักการเกิดเหตุการณ์หยุดชะงัก
►Business continuity และ Disaster recovery ดั้งเดิม เน้นที่ ความสามารถของธุรกิจ
ในการคืนสภาพจากเหตุการณ์ที่ทาให้เกิดธุรกิจหยุดชะงัก
► การคืนสภาพมีนัยว่า มีเวลาหยุด downtime ที่ธุรกิจไม่ได้ดาเนินการ
►Resilience มีนัยว่า แม้เกิดเหตุการณ์ที่อาจมีผลกระทบต่อการดาเนินธุรกิจ แต่ ธุรกิจไม่
เคยหยุดดาเนินการอย่างสมบูรณ์ (never completely unavailable)
13. 13ISSUE : November 2016 Cyber Resilience Audit & Certification
Cybersecurity: A Definition
Cybersecurity / Cyberspace Security
► preservation of confidentiality, integrity and availability of information in
the Cyberspace [ISO/IEC 27032: 2012]
Information Security
► preservation of confidentiality, integrity and availability of information
[ISO/IEC 27001: 2013]
22. 22ISSUE : November 2016 Cyber Resilience Audit & Certification
มาตรฐานที่เกี่ยวข้องกับ Cyber Resilience
► ISO 31000: 2009
Risk management — Principles and guidelines
► ISO 22301: 2012
Societal security — Business continuity management systems —
Requirements
► ISO/IEC 27001: 2013
Information technology — Security techniques — Information security
management systems — Requirements
► ISO/IEC 20000-1: 2011
Information technology — Service management — Part 1: Service
management system requirements
► ISO/IEC 27031:2011
Information technology — Security techniques — Guidelines for
information and communication technology readiness for business
continuity
23. 23ISSUE : November 2016 Cyber Resilience Audit & Certification
มาตรฐานที่เกี่ยวข้องกับ Cyber Resilience
► ISO/IEC 27032: 2012
Information technology — Security techniques — Guidelines for
cybersecurity
► ISO/IEC 27017: 2015
Information technology — Security techniques — Code of practice for
information security controls based on ISO/IEC 27002 for cloud services
► ISO/IEC 27018: 2014
Information technology — Security techniques — Code of practice for
protection of personally identifiable information (PII) in public clouds
acting as PII processors
► ISO/IEC 27036-4: 2016
Information technology — Security techniques — Information security
for supplier relationships — Part 4: Guidelines for security of cloud
services
24. 24ISSUE : November 2016 Cyber Resilience Audit & Certification
มาตรฐานที่เกี่ยวข้องกับ Cyber Resilience
► ISO/IEC 27009:2016
Information technology — Security techniques — Sector-specific
application of ISO/IEC 27001 — Requirements
► ISO/IEC 27011:2008
Information technology — Security techniques — Information security
management guidelines for telecommunications organizations based on
ISO/IEC 27002
► ISO 27799:2016
Health informatics — Information security management in health using
ISO/IEC 27002
► ISO/IEC TR 27015:2012
Information technology — Security techniques — Information security
management guidelines for financial services
► ISO/IEC TR 27019:2013
Information technology — Security techniques — Information security
management guidelines based on ISO/IEC 27002 for process control
systems specific to the energy utility industry
25. 25ISSUE : November 2016 Cyber Resilience Audit & Certification
มาตรฐานที่เกี่ยวข้องกับ Cyber Resilience
► ISO/IEC 27014: 2013
Information technology — Security techniques — Governance of
information security
► ISO/IEC 27036-3: 2013
Information technology — Security techniques — Information security
for supplier relationships — Part 3: Guidelines for information and
communication technology supply chain security
► ISO/IEC 27035-2: 2016
Information technology — Security techniques — Information security
incident management — Part 2: Guidelines to plan and prepare for
incident response
26. 26ISSUE : November 2016 Cyber Resilience Audit & Certification
มาตรฐานที่เกี่ยวข้องกับ Cyber Resilience
► ISO/IEC 27033
Information technology — Security techniques — Network security
(Part 1 to Part 6)
► ISO/IEC 27034
Information technology — Security techniques — Application security
(Part 1, 2, and 6. Part 3, 5, 7 under development)
► ISO/IEC 27040: 2015
Information technology — Security techniques — Storage security
► …
27. 27ISSUE : November 2016 Cyber Resilience Audit & Certification
มาตรฐานที่เกี่ยวข้องกับ Cyber Resilience
► NIST, SP 800-144 2011
Guidelines on Security and Privacy in Public Cloud Computing
► NIST, SP 800-146 2012
Cloud Computing Synopsis and Recommendations
► NIST, SP 800-145 2011
The NIST Definition of Cloud Computing
► US-CERT / NIST Cyber Security Framework 2014
► Singapore Standard SS 584:2013
Specification for Multi-Tiered Cloud Computing Security
► Singapore Technical Reference 31:2012
Technical Reference for security and service level guidelines for the
usage of public cloud computing services
► CSA STAR
► CERT Resilience Management Model, 2016
33. 33ISSUE : November 2016 Cyber Resilience Audit & Certification
ผู้มีส่วนได้ส่วนเสียใน Cyberspace ตาม ISO/IEC 27032
Real World
Virtual World
Cyberspace
Service Providers
Consumer: Organization
Consumer: Individual
ISO 27001
ISO 27001
ISO 27032
34. 34ISSUE : November 2016 Cyber Resilience Audit & Certification
เนื้อหาของ ISO/IEC 27032
► 1 Scope
► 2 Applicability
► 3 Normative references
► 4 Terms and definitions
► 5 Abbreviated terms
► 6 Overview
► 7 Stakeholders in the Cyberspace
► 8 Assets in the Cyberspace
► 9 Threats against the security of
the Cyberspace
► 10 Roles of stakeholders in
Cybersecurity
► 11 Guidelines for stakeholders
► 12 Cybersecurity controls
► 13 Framework of information
sharing and coordination
35. 35ISSUE : November 2016 Cyber Resilience Audit & Certification
Assets in the Cyberspace
Type of Assets:
►Information;
►Software, such as a computer
program;
►Physical, such as a computer;
►Services;
►People, their qualifications, skills,
and experience; and
►Intangibles, such as reputation
and image.
Asset Classes:
►Personal (e.g. consumer’s online
identity, online credit information) ;
►Organizational (e.g. networks,
servers, applications)
For both classes, an asset can also
be further classified as
►a Physical asset, whose form exists
in the real world, or
►a Virtual asset, which only exists in
the Cyberspace and cannot be seen
or touched in the real world.
42. 42ISSUE : November 2016 Cyber Resilience Audit & Certification
การเลือกมาตรการควบคุมใน ISO/IEC 27001
6.1.3 Information security risk treatment
The organization shall define and apply an information security risk
treatment process to:
►a) select appropriate information security risk treatment options, taking
account of the risk assessment results;
►b) determine all controls that are necessary to implement the
information security risk treatment option(s) chosen;
NOTE Organizations can design controls as required, or identify them
from any source.
►c) compare the controls determined in 6.1.3 b) above with those in
Annex A and verify that no necessary controls have been omitted;
►d) produce a Statement of Applicability that contains the necessary
controls (see 6.1.3 b) and c)) and justification for inclusions, whether they
are implemented or not, and the justification for exclusions of controls
from Annex A;
44. 44ISSUE : November 2016 Cyber Resilience Audit & Certification
ความสัมพันธ ์ของมาตรฐาน ISO เกี่ยวกับ Cloud
ISO/IEC 27001: 2013
Information security management systems — Requirements
ISO/IEC 27017: 2015
Code of practice for
Information security controls
for cloud services
ISO/IEC 27018: 2014
Code of practice for
protection of personally
identifiable information (PII)
in public clouds acting
as PII processors
46. ISO/IEC 27017: 2015
Information technology — Security techniques —
Code of practice for information security controls
based on ISO/IEC 27002 for cloud services
47. 47ISSUE : November 2016 Cyber Resilience Audit & Certification
ISO/IEC 27017 Information security controls for cloud services
► เป็นข้อปฏิบัติ (Code of Practices) เกี่ยวกับการป้องกันข้อมูลส่วนบุคคล
ใน Cloud
ใช้เพิ่มมาตรการควบคุมของ ISO27001 ใน การตรวจประเมิน / การรับรอง ได้
► ผู้ใช ้มาตรฐาน:
Cloud Service Customers
Cloud Service Providers
► โครงสร ้าง:
มาตรการควบคุม ตาม ISO 27002 หรือ Annex A ของ ISO 27001 โดยแบ่งเป็น
• มาตรการสาหรับ Cloud Service Customers
• มาตรการสาหรับ Cloud Service Providers
• มาตรการสาหรับทั้ง Cloud Service Providers และ Cloud Service Providers
Cloud service extended control set
48. 48ISSUE : November 2016 Cyber Resilience Audit & Certification
ผู้มีส่วนได้ส่วนเสียใน Cloud
Physical World Cloud
Clouse Service Providers
PII Processor
Cloud Service Customer:
PII Controller
Cloud Service Customer:
PII Individual
ISO 27017
ISO 27018
ISO 27017
ISO 27018
ISO 27018
ISO 27017
49. 49ISSUE : November 2016 Cyber Resilience Audit & Certification
เนื้อหาของ ISO/IEC 27017: 2015
► 1 Scope
► 2 Normative references
► 3 Definitions and abbreviations
► 4 Cloud sector-specific concepts
► 5 Information security policies
► 6 Organization of information
security
► 7 Human resource security
► 8 Asset management
► 9 Access Control
► 10 Cryptography
► 11 Physical and environmental
security
► 12 Operations security
► 13 Communication security
► 14 System acquisition,
development and maintenance
► 15 Supplier relationships
► 16 Information security incident
management
► 17 information security aspects
of business continuity
management
► 18 Compliance
► Annex A – Cloud service
extended control set
50. 50ISSUE : November 2016 Cyber Resilience Audit & Certification
ข้อกาหนดเพิ่มเติมจาก ISO 27001
Title
No. of additional clause for
Cloud Service Providers
No. of additional clause for
Cloud Service Customers
No. of additional clause for
Both
5 Information security policies 1 1 0
6 Organization of information security 2 2 0
7 Human resource security 1 1 0
8 Asset management 2 2 0
9 Access Control 5 6 0
10 Cryptography 2 1 0
11 Physical and environmental security 1 1 0
12 Operations security 7 6 0
13 Communication security 1 1 0
14 System acquisition, development and
maintenance
2 2 0
15 Supplier relationships 2 2 0
16 Information security incident
management
2 2 1
17 Information security aspects of
business continuity management
0 0 0
18 Compliance 5 5 0
51. 51ISSUE : November 2016 Cyber Resilience Audit & Certification
Cloud service extended control set
Title
Cloud service extended
control set for
Cloud Service Providers
Cloud service extended
control set for
Cloud Service Customers
Cloud service extended
control set for
Both
5 Information security policies 0 0 0
6 Organization of information security 1 Obj
1 Ctl
1 Obj
1 Ctl
0
7 Human resource security 0 0 0
8 Asset management 1 Ctl 1 Ctl 0
9 Access Control 1 Obj 1 Obj
1 Ctl
1 Obj
1 Ctl
10 Cryptography 0 0 0
11 Physical and environmental security 0 0 0
12 Operations security 2 Ctl 2 Ctl 0
13 Communication security 0 1 Ctl 0
14 System acquisition, development and
maintenance
0 0 0
15 Supplier relationships 0 0 0
16 Information security incident management 0 0 0
17 Information security aspects of business
continuity management
0 0 0
18 Compliance 0 0 0
52. ISO/IEC 27018: 2014
Information technology — Security techniques —
Code of practice for protection of personally identifiable
information (PII) in public clouds acting as PII processors
53. 53ISSUE : November 2016 Cyber Resilience Audit & Certification
ISO/IEC 27018: 2014 Protection of PII in public clouds
► เป็นข้อปฏิบัติ (Code of Practices) เกี่ยวกับการป้องกันข้อมูลส่วนบุคคล
ใน Cloud
ใช้เพิ่มมาตรการควบคุมของ ISO27001 ใน การตรวจประเมิน / การรับรอง ได้
► ผู้ใช ้มาตรฐาน:
PII processors เป็นผู้ใช้หลัก
PII controllers ก็สามารถนามาประยุกตใช้ได้
► โครงสร ้าง:
มาตรการควบคุม ตาม ISO 27002 หรือ Annex A ของ ISO 27001
PII protection for cloud computing services provider ใน Annex A ของ
ISO/IEC 27018
54. 54ISSUE : November 2016 Cyber Resilience Audit & Certification
ISO/IEC 27018: 2014 Protection of PII in public clouds
นิยาม:
►PII Principal
Natural person to whom the personally identifiable (PII) relates
►PII Controller
Privacy stakeholder that determines the purposes and means for
processing personally identifiable information (PII) other than natural
persons who use data for personal purposes
►PII processor
Privacy stakeholder that process personally identifiable information
(PII) on behalf of and in accordance with the instruction of a PII
Controller
55. 55ISSUE : November 2016 Cyber Resilience Audit & Certification
เนื้อหาของ ISO/IEC 27018: 2014
► 0 Introduction
► 1 Scope
► 2 Normative references
► 3 Terms and definitions
► 4 Overview
► 5 Information security policies
► 6 Organization of information
security
► 7 Human resource security
► 8 Asset management
► 9 Access Control
► 10 Cryptography
► 11 Physical and environmental
security
► 12 Operations security
► 13 Communication security
► 14 System acquisition,
development and maintenance
► 15 Supplier relationships
► 16 Information security incident
management
► 17 information security aspects
of business continuity
management
► 18 Compliance
► Annex A Public cloud PII
Processor extended control set
for PII protection
56. 56ISSUE : November 2016 Cyber Resilience Audit & Certification
ข้อกาหนดเพิ่มเติมจาก ISO 27001
Title Guidance No. of clause
5 Information security policies Sector-specific Implementation Guidance
Other Information
1 Ctl
6 Organization of information security Sector-specific Implementation Guidanc 1 Ctl
7 Human resource security Sector-specific Implementation Guidance
Other Information
1 Ctl
8 Asset management None 0
9 Access Control Sector-specific Implementation Guidance
Other Information
1 Obj
2 Ctl
10 Cryptography Sector-specific Implementation Guidanc 1 Ctl
11 Physical and environmental security Sector-specific Implementation Guidance
Other Information
1 Ctl
12 Operations security Sector-specific Implementation Guidanc 4 Ctl
13 Communication security Sector-specific Implementation Guidance
Other Information
1 Ctl
14 System acquisition, development and
maintenance
None 0
15 Supplier relationships None 0
16 Information security incident management Sector-specific Implementation Guidanc 1 Obj
1 Ctl
17 Information security aspects of business
continuity management
None 0
18 Compliance Sector-specific Implementation Guidance
Other Information
1 Ctl
57. 57ISSUE : November 2016 Cyber Resilience Audit & Certification
Extended control set for PII Protection
Title No. of clause
A.1 Consent and choice 1
A.2 Purpose lgitimacy and specification 2
A.3 Collection limitation 0
A.4 Data minimization 1
A.5 Use, retention and disclosure
limitation
2
A.6 Accuracy and quality 0
A.7 Openness, transparency and notice 1
A.8 Inidividual particiation and access 0
A.9 Accountability 3
A.10 Information security 13
A.11 Privacy compliance 1