Transcript of a BriefingDirect podcast on the growing need for cybersecurity as an important organizational goal for businesses and government agencies.
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...Dana Gardner
A transcript of a discussion on how comprehensive cloud security solutions need to go beyond on-premises threat detection and remediation to significantly strengthen extended digital business workflows.
Catbird CTO on Why New Security Models are Essential for Highly Virtualized D...Dana Gardner
Transcript of a BriefingsDirect discussion on how increased virtualization across data centers translates into the need for new approaches to security, compliance, and governance.
When you’re planning to move to the cloud and manage a hybrid environment, security is a top concern. But cloud is not necessarily less secure than a traditional environment. In fact, it may be possible to deliver even greater security in a hybrid cloud environment because it offers new and advanced opportunities.
In this eBook, you’ll discover how hackers are using traditional tactics in new ways to attack the cloud. You’ll also find out how the cloud can help you increase security with innovative approaches designed to detect threats long before they threaten your enterprise.
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...Dana Gardner
A transcript of a discussion on how comprehensive cloud security solutions need to go beyond on-premises threat detection and remediation to significantly strengthen extended digital business workflows.
Catbird CTO on Why New Security Models are Essential for Highly Virtualized D...Dana Gardner
Transcript of a BriefingsDirect discussion on how increased virtualization across data centers translates into the need for new approaches to security, compliance, and governance.
When you’re planning to move to the cloud and manage a hybrid environment, security is a top concern. But cloud is not necessarily less secure than a traditional environment. In fact, it may be possible to deliver even greater security in a hybrid cloud environment because it offers new and advanced opportunities.
In this eBook, you’ll discover how hackers are using traditional tactics in new ways to attack the cloud. You’ll also find out how the cloud can help you increase security with innovative approaches designed to detect threats long before they threaten your enterprise.
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
Journey to the Perfect Application: Digital Transformation During a CrisisAggregage
In most cases, the COVID-19 crisis has sped up the desire to engage in digital transformation for medium-to-large scale enterprises. Roadmaps are rarely implemented without challenges. During this session, MK Palmore, the Field CSO (Americas) for Palo Alto Networks and a former public-sector executive, will walk through the difficulties of crisis planning execution in the midst of an organization's digital changes. He will use a combination of industry insights through statistical observations and direct customer feedback to emphasize the importance of adopting new technologies to battle an ever changing threat landscape.
Middleware Audits And Remediation For Pci Compliancemjschreck
This document discusses the need to audit and remediate IBM's WebSphere MQ middleware for PCI compliance. It notes that MQ installations commonly use the default, insecure configuration and outlines how this could allow unauthorized access. The document argues that auditors should assess MQ security because recent data breaches show attackers are targeting internal networks and middleware presents a potential vulnerability. It intends to explain why MQ security auditing is important and provide information on how to properly evaluate and remedy any issues found.
This document discusses how adopting a hybrid cloud solution can transform an IT manager's role from a reactive maintainer of infrastructure to a proactive leader focused on addressing business needs. It emphasizes that a hybrid cloud, which combines on-premise and public cloud resources, allows IT managers to automate routine tasks and focus on more strategic opportunities through tools that integrate different environments. The document provides guidance on developing an effective cloud governance strategy by focusing on goals, metrics, processes and operations. It also outlines management, builder, developer and intermediary tools that can help streamline processes in a hybrid cloud environment.
Is your infrastructure holding you back?Gabe Akisanmi
This ebook will help you connect the dots between
today’s biggest business opportunities and the specific
technology required to seize them. You’ll get the facts
you need to identify where current components may
be falling short—and how the right investments in infrastructure
can lead to better business outcomes while
strengthening your role as a strategic consultant within
your organization.
The document outlines seven principles for organizations to consider when purchasing standardized packaged software:
1) By purchasing a software package, an organization joins that software's user network and commits to a long-term relationship.
2) Organizations should take a long-term perspective when choosing software, considering which technologies are likely to become dominant standards.
3) There is safety in choosing software with many users, as standards with larger networks are less likely to become obsolete.
4) Organizations should focus on compatibility and avoid proprietary additions that increase switching costs later.
5) The software chosen should have an accessible user base of knowledge to support its technology network.
6) The type of standardization the software uses, such
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Booz Allen Hamilton
This study provides insight into information assurance and mission assurance challenges posed by public cloud computing environments (CCE), and how accounting for those risks through acquisition security measures affect public CCE options.
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Dana Gardner
Transcript of a sponsored discussion on how improving both development speed and security comes with new levels of collaboration and communication across disparate teams.
How the Journey to Modern Data Management is Paved with an Inclusive Edge-to-...Dana Gardner
This document discusses how a data fabric approach can help organizations manage data from the edge to the core to the cloud in a harmonized way to improve insights. It explores some of the challenges organizations face with fragmented data and silos that limit insights. The HPE Ezmeral Data Fabric is presented as a solution that can provide common data access and governance across diverse data types and locations through standard APIs and security. This helps avoid issues around complexity, lock-in and lack of portability that come from point solutions and siloed data systems.
The 5 most trusted cyber security companies to watch.Merry D'souza
Through this latest edition of Insights Success, we wish to feature organizations that are quite adept in utilizing and adopting these tech-trends in their operations. ‘The 5 Most Trusted Cyber Security Companies to Watch,’ is an edition which will take you on a journey towards the digital security space. So, give it a read and enjoy articles curated by our in-house editorial team.
The document provides CYFIRMA's predictions for cybersecurity threats and risks in 2022. Some of the top predictions include:
1) Cybercriminals will increasingly arm IoT/IIoT devices and operational technology for cybercrime as the number of connected devices grows dramatically.
2) Cybercrime will become more specialized and targeted, behaving more like a legitimate industry and making cybercrime an investment-worthy asset class.
3) Cybercriminals may embark on kinetic cyberattacks that cause real-world physical damage beyond just non-violent attacks.
4) The war for intellectual property theft will intensify as state-sponsored groups target industries like health research and pharmaceuticals.
The impact of a security breach on MSP's and their clientsJose Lopez
This solution brief outline the financial and reputation impact of a security breach for a MSP and his customers. Choosing the best Antivirus/Antimalware and content control solution for a MSP is critical for protect his customers properly against new and emerging threats.
Cloud Computing IT Lexicon's Latest Hot SpotTech Mahindra
Oracle aims to support both public and private clouds with a complete portfolio of products. Their strategy includes providing enterprise-grade technology through their PaaS platform and IaaS offerings. Oracle's platform allows customers to build, deploy, and manage applications and services in cloud environments. They are developing their portfolio of applications, middleware, databases, servers, and management tools to enable rich SaaS and cloud solutions.
The Quarantine Report: Cybersecurity Impact Assessment for COVID-19Alex Smirnoff
The document provides a cybersecurity impact assessment of the COVID-19 outbreak. It finds that while the work from home shift has changed the attack surface, there is no clear evidence of a significant outbreak of cyber attacks. However, cybercriminals are exploiting COVID-19 in social engineering and phishing attacks. VPN and RDP usage has increased to enable remote work but these protocols have ongoing security issues. The document recommends adopting a zero trust approach and improving security awareness as a long term strategy.
Staying ahead in the cyber security game - Sogeti + IBMRick Bouter
Cyber security is center stage in the world today, thanks to almost continuous revelations about incidents and breaches. In this context of unpredictability and insecurity, organizations are redefining their approach to security, trying to find the balance between risk, innovation and cost. At the same time, the field of cyber security is undergoing many dramatic changes, demanding organizations embrace new practices and skill sets.
Cyber security risk is now squarely a business risk – dropping the ball on security can threaten an organization’s future – yet many organizations continue to manage and understand cyber security in the context of the it department. This has to change.
Enterprises that have successfully digitally transformed have seen significant improvements in business performance and revenue growth compared to competitors with lower digital maturity. However, cybersecurity risks can undermine these benefits if not properly addressed. The document introduces the Cyber Mastery Matrix, a suite of solutions from Deloitte that aims to embed cybersecurity into an enterprise's strategy and culture. It includes services like cyber wargames, simulations, and awareness training to help organizations strengthen their cyber resilience and prepare for future attacks.
Big Data and data security are becoming increasingly important in machine-to-machine (M2M) communication and the Internet of Things (IoT) as more devices become connected. As the number of connected devices grows exponentially, so too does the amount of data generated. This data needs to be securely transmitted, stored, and analyzed in real-time to extract valuable insights. New approaches to encryption are required to enable high-speed transmission of large amounts of data without compromising security or introducing latency. Emerging technologies that can analyze vast amounts of machine-generated data in real-time will be critical to extracting value from the growing Internet of Things.
Space to think | Cloud research using Logica futurescope CGI
The document discusses the results of a cloud research study conducted using Logica FutureScope. Over six weeks, 268 Logica FutureScope members participated by viewing 24 statements about cloud computing and writing 402 comments. The majority agreed on statements related to security concerns about data breaches and loss of availability in public clouds. There was less agreement on statements about early cloud adoption and large organizations adopting cloud faster. The results provide insights into both consensus views and areas of differing opinions on issues like security, agility, cloud adoption, and consumer preferences. Logica can help organizations develop cloud strategies tailored to their needs and priorities.
Michael Jackson died of cardiac arrest at his home in 2009. His personal physician administered CPR but Jackson was pronounced dead at the hospital. The coroner determined Jackson's death was a homicide caused by drugs in his system. Jackson's memorial was held at Staples Center where he had been rehearsing. His burial was delayed multiple times and finally held on September 3, 2009 at Forest Lawn Cemetery.
We’re all trying to find that idea or spark that will turn a good project into a great project. Creativity plays a huge role in the outcome of our work. Harnessing the power of collaboration and open source, we can make great strides towards excellence. Not just for designers, this talk can be applicable to many different roles – even development. In this talk, Seasoned Creative Director Sara Cannon is going to share some secrets about creative methodology, collaboration, and the strong role that open source can play in our work.
Journey to the Perfect Application: Digital Transformation During a CrisisAggregage
In most cases, the COVID-19 crisis has sped up the desire to engage in digital transformation for medium-to-large scale enterprises. Roadmaps are rarely implemented without challenges. During this session, MK Palmore, the Field CSO (Americas) for Palo Alto Networks and a former public-sector executive, will walk through the difficulties of crisis planning execution in the midst of an organization's digital changes. He will use a combination of industry insights through statistical observations and direct customer feedback to emphasize the importance of adopting new technologies to battle an ever changing threat landscape.
Middleware Audits And Remediation For Pci Compliancemjschreck
This document discusses the need to audit and remediate IBM's WebSphere MQ middleware for PCI compliance. It notes that MQ installations commonly use the default, insecure configuration and outlines how this could allow unauthorized access. The document argues that auditors should assess MQ security because recent data breaches show attackers are targeting internal networks and middleware presents a potential vulnerability. It intends to explain why MQ security auditing is important and provide information on how to properly evaluate and remedy any issues found.
This document discusses how adopting a hybrid cloud solution can transform an IT manager's role from a reactive maintainer of infrastructure to a proactive leader focused on addressing business needs. It emphasizes that a hybrid cloud, which combines on-premise and public cloud resources, allows IT managers to automate routine tasks and focus on more strategic opportunities through tools that integrate different environments. The document provides guidance on developing an effective cloud governance strategy by focusing on goals, metrics, processes and operations. It also outlines management, builder, developer and intermediary tools that can help streamline processes in a hybrid cloud environment.
Is your infrastructure holding you back?Gabe Akisanmi
This ebook will help you connect the dots between
today’s biggest business opportunities and the specific
technology required to seize them. You’ll get the facts
you need to identify where current components may
be falling short—and how the right investments in infrastructure
can lead to better business outcomes while
strengthening your role as a strategic consultant within
your organization.
The document outlines seven principles for organizations to consider when purchasing standardized packaged software:
1) By purchasing a software package, an organization joins that software's user network and commits to a long-term relationship.
2) Organizations should take a long-term perspective when choosing software, considering which technologies are likely to become dominant standards.
3) There is safety in choosing software with many users, as standards with larger networks are less likely to become obsolete.
4) Organizations should focus on compatibility and avoid proprietary additions that increase switching costs later.
5) The software chosen should have an accessible user base of knowledge to support its technology network.
6) The type of standardization the software uses, such
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Booz Allen Hamilton
This study provides insight into information assurance and mission assurance challenges posed by public cloud computing environments (CCE), and how accounting for those risks through acquisition security measures affect public CCE options.
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Dana Gardner
Transcript of a sponsored discussion on how improving both development speed and security comes with new levels of collaboration and communication across disparate teams.
How the Journey to Modern Data Management is Paved with an Inclusive Edge-to-...Dana Gardner
This document discusses how a data fabric approach can help organizations manage data from the edge to the core to the cloud in a harmonized way to improve insights. It explores some of the challenges organizations face with fragmented data and silos that limit insights. The HPE Ezmeral Data Fabric is presented as a solution that can provide common data access and governance across diverse data types and locations through standard APIs and security. This helps avoid issues around complexity, lock-in and lack of portability that come from point solutions and siloed data systems.
The 5 most trusted cyber security companies to watch.Merry D'souza
Through this latest edition of Insights Success, we wish to feature organizations that are quite adept in utilizing and adopting these tech-trends in their operations. ‘The 5 Most Trusted Cyber Security Companies to Watch,’ is an edition which will take you on a journey towards the digital security space. So, give it a read and enjoy articles curated by our in-house editorial team.
The document provides CYFIRMA's predictions for cybersecurity threats and risks in 2022. Some of the top predictions include:
1) Cybercriminals will increasingly arm IoT/IIoT devices and operational technology for cybercrime as the number of connected devices grows dramatically.
2) Cybercrime will become more specialized and targeted, behaving more like a legitimate industry and making cybercrime an investment-worthy asset class.
3) Cybercriminals may embark on kinetic cyberattacks that cause real-world physical damage beyond just non-violent attacks.
4) The war for intellectual property theft will intensify as state-sponsored groups target industries like health research and pharmaceuticals.
The impact of a security breach on MSP's and their clientsJose Lopez
This solution brief outline the financial and reputation impact of a security breach for a MSP and his customers. Choosing the best Antivirus/Antimalware and content control solution for a MSP is critical for protect his customers properly against new and emerging threats.
Cloud Computing IT Lexicon's Latest Hot SpotTech Mahindra
Oracle aims to support both public and private clouds with a complete portfolio of products. Their strategy includes providing enterprise-grade technology through their PaaS platform and IaaS offerings. Oracle's platform allows customers to build, deploy, and manage applications and services in cloud environments. They are developing their portfolio of applications, middleware, databases, servers, and management tools to enable rich SaaS and cloud solutions.
The Quarantine Report: Cybersecurity Impact Assessment for COVID-19Alex Smirnoff
The document provides a cybersecurity impact assessment of the COVID-19 outbreak. It finds that while the work from home shift has changed the attack surface, there is no clear evidence of a significant outbreak of cyber attacks. However, cybercriminals are exploiting COVID-19 in social engineering and phishing attacks. VPN and RDP usage has increased to enable remote work but these protocols have ongoing security issues. The document recommends adopting a zero trust approach and improving security awareness as a long term strategy.
Staying ahead in the cyber security game - Sogeti + IBMRick Bouter
Cyber security is center stage in the world today, thanks to almost continuous revelations about incidents and breaches. In this context of unpredictability and insecurity, organizations are redefining their approach to security, trying to find the balance between risk, innovation and cost. At the same time, the field of cyber security is undergoing many dramatic changes, demanding organizations embrace new practices and skill sets.
Cyber security risk is now squarely a business risk – dropping the ball on security can threaten an organization’s future – yet many organizations continue to manage and understand cyber security in the context of the it department. This has to change.
Enterprises that have successfully digitally transformed have seen significant improvements in business performance and revenue growth compared to competitors with lower digital maturity. However, cybersecurity risks can undermine these benefits if not properly addressed. The document introduces the Cyber Mastery Matrix, a suite of solutions from Deloitte that aims to embed cybersecurity into an enterprise's strategy and culture. It includes services like cyber wargames, simulations, and awareness training to help organizations strengthen their cyber resilience and prepare for future attacks.
Big Data and data security are becoming increasingly important in machine-to-machine (M2M) communication and the Internet of Things (IoT) as more devices become connected. As the number of connected devices grows exponentially, so too does the amount of data generated. This data needs to be securely transmitted, stored, and analyzed in real-time to extract valuable insights. New approaches to encryption are required to enable high-speed transmission of large amounts of data without compromising security or introducing latency. Emerging technologies that can analyze vast amounts of machine-generated data in real-time will be critical to extracting value from the growing Internet of Things.
Space to think | Cloud research using Logica futurescope CGI
The document discusses the results of a cloud research study conducted using Logica FutureScope. Over six weeks, 268 Logica FutureScope members participated by viewing 24 statements about cloud computing and writing 402 comments. The majority agreed on statements related to security concerns about data breaches and loss of availability in public clouds. There was less agreement on statements about early cloud adoption and large organizations adopting cloud faster. The results provide insights into both consensus views and areas of differing opinions on issues like security, agility, cloud adoption, and consumer preferences. Logica can help organizations develop cloud strategies tailored to their needs and priorities.
Michael Jackson died of cardiac arrest at his home in 2009. His personal physician administered CPR but Jackson was pronounced dead at the hospital. The coroner determined Jackson's death was a homicide caused by drugs in his system. Jackson's memorial was held at Staples Center where he had been rehearsing. His burial was delayed multiple times and finally held on September 3, 2009 at Forest Lawn Cemetery.
We’re all trying to find that idea or spark that will turn a good project into a great project. Creativity plays a huge role in the outcome of our work. Harnessing the power of collaboration and open source, we can make great strides towards excellence. Not just for designers, this talk can be applicable to many different roles – even development. In this talk, Seasoned Creative Director Sara Cannon is going to share some secrets about creative methodology, collaboration, and the strong role that open source can play in our work.
The impact of innovation on travel and tourism industries (World Travel Marke...Brian Solis
From the impact of Pokemon Go on Silicon Valley to artificial intelligence, futurist Brian Solis talks to Mathew Parsons of World Travel Market about the future of travel, tourism and hospitality.
Reuters: Pictures of the Year 2016 (Part 2)maditabalnco
This document contains 20 photos from news events around the world between January and November 2016. The photos show international events like the US presidential election, the conflict in Ukraine, the migrant crisis in Europe, the Rio Olympics, and more. They also depict human interest stories and natural phenomena from various countries.
This document summarizes a study of CEO succession events among the largest 100 U.S. corporations between 2005-2015. The study analyzed executives who were passed over for the CEO role ("succession losers") and their subsequent careers. It found that 74% of passed over executives left their companies, with 30% eventually becoming CEOs elsewhere. However, companies led by succession losers saw average stock price declines of 13% over 3 years, compared to gains for companies whose CEO selections remained unchanged. The findings suggest that boards generally identify the most qualified CEO candidates, though differences between internal and external hires complicate comparisons.
The Six Highest Performing B2B Blog Post FormatsBarry Feldman
If your B2B blogging goals include earning social media shares and backlinks to boost your search rankings, this infographic lists the size best approaches.
1) The document discusses the opportunity for technology to improve organizational efficiency and transition economies into a "smart and clean world."
2) It argues that aggregate efficiency has stalled at around 22% for 30 years due to limitations of the Second Industrial Revolution, but that digitizing transport, energy, and communication through technologies like blockchain can help manage resources and increase efficiency.
3) Technologies like precision agriculture, cloud computing, robotics, and autonomous vehicles may allow for "dematerialization" and do more with fewer physical resources through effects like reduced waste and need for transportation/logistics infrastructure.
For UK MSP, optimizing customer experience is key to successful security post...Dana Gardner
Transcript of a discussion on how Scottish MSP Grant McGregor takes the customer experience imperative to new heights, even as its users move increasingly to hybrid IT models.
How Dashboard Analytics Bolster Security and Risk Management Across IT Supply...Dana Gardner
Transcript of a discussion on how Bruce Auto Group gained deep insights into their systems, apps, and data to manage and reduce risks across their entire IT and services supply chain.
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security EssentialDana Gardner
Transcript of a discussion on why more automation, integration, and acquiring security services “as a service” are in hot demand amid rapidly growing IT security costs and the added complexity of protecting distributed workforces.
The document discusses the importance of data security standards and certifications for businesses in light of rising cyber attacks. It notes that India has witnessed disruptive ransomware attacks that threaten heavy damages including data loss and business disruptions. The document states that CISOs must re-examine their data protection applications and build innovative applications to generate insights to make informed decisions in response to security threats.
How a Widely Distributed Dental Firm Protects Sensitive Data While Making It ...Dana Gardner
Transcript of a discussion on how a rapidly growing dental services company combined hyperconverged infrastructure with advanced security products to efficiently gain data availability, privacy, and security.
As if IT security didn’t have enough issues to contend with, it now has another. And,it’s a troublesome one...mitigating the risk of repelling customers because security defenses make your company unattractive or too hard to do business with. In this age of the customer – who wants everything available on every device from everywhere all the time – IT security is at risk of hurting the very business it is charged with protecting.
Industry Moves to Fill Gap for Building Trusted Supply Chain Technology Accre...Dana Gardner
The document discusses the importance of establishing standards for security and reliability in technology supply chains. The Open Group Trusted Technology Forum is developing an accreditation process to help buyers ensure technology providers adhere to best practices. Panelists at a conference discussed progress made in developing the standards and accreditation program, with a draft specification expected soon. The goal is to provide confidence to technology buyers that accredited providers have secure engineering and supply chain practices.
Robert Hood discusses keys to shutting down attacks on endpoints. He emphasizes the importance of (1) protecting endpoints through technologies like antivirus and anti-malware, as well as educating users on social engineering threats, and (2) using advanced endpoint security solutions that provide real-time forensics and analytics to more easily detect legitimate incidents and reduce alerts for security teams to analyze. Hood also notes that as employees work remotely on mobile devices, endpoints effectively extend network perimeters, making their protection even more critical.
1. Finding the right balance in any organization depends on assessing risk and then convincing executive management to fund security needs.
2. To justify endpoint security solutions, one expert recommends using actual metrics that show the effectiveness of something already deployed, rather than scare tactics about potential attacks.
3. When facing budget reductions, the expert advises resetting expectations by informing management how service levels may be impacted and the increased risks from reduced resources. Quantitative data showing improved security with existing tools can help make the case for continued funding.
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOUNormShield
Companies invest in cyber security to protect themselves against cyber attacks. They get cyber security products/solutions from SIEM solutions, SOC services to Firewalls, IPS/IDS devices, etc. to detect and remediate cyber incidents. With all these security measures, how safe are you? Is there a way to measure it? Or in other words, is it possible to assess your cyber risk? Sure once-a-year penetration tests and risk assessments through internal audits give some answers, but an outside-in approach with easyto-understand monitoring helps you understand your cyber security posture. In order to do that, you need to see what hackers see…
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Mighty Guides, Inc.
Lester Godsey discusses how a security framework provides a baseline for acceptable security practices in an organization and enables security conversations with other business areas. It gives context for discussing exceptions or additional controls. Most businesses customize frameworks based on their specific needs and regulations. Having a framework in place allows an organization to design security metrics that map to important controls and align with business objectives.
Lee Bailey notes that security frameworks help mature a security practice by guiding organizations from identifying needs to defining controls and processes. It enables aligning security and business objectives by making security decisions based on risk and explaining security issues to non-technical staff. For retailers, payment security standards help maintain customer trust and confidence, supporting the core business strategy. Frameworks also simplify
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
Wayne Peterson, the CISO of Kroll Associates, believes that the first priority for any organization should be to identify and shut down attacks before they threaten the business. Peterson's first action as CISO was to build out an incident response team to enable early detection and quick response to any incidents. Peterson notes that in the past, organizations focused on building firewalls and perimeter security, but today the greatest vulnerability is at the endpoint level due to remote and mobile workers. Effective endpoint security solutions can provide greater visibility into true threats and help organizations make smarter security decisions. Peterson advises starting any security strategy with a focus on solid endpoint protection rather than trying to purchase one's way into complete security.
How is the Age of Disruption and geospatial tech & data key to the digital transformation of insurers? How will it allow them to rapidly change their business models, their cultures and the way they use information to enhance the customer experience and remain relevant in the 21st century?
Sonia randhawa speaks on cybersecurity and innovationSonia Randhawa
Sonia Randhawa said Security professionals are expected to remain proactive in their approach and develop their skills in dealing with digital threats. Cybersecurity experts need to strengthen their business continuity and disaster recovery planning skills.
Cybersecurity experts must have a thorough understanding of how to analyze available security options and create innovative solutions that use them. Cybersecurity professionals must find creative ways to solve complex information security problems in a variety of existing and emerging digital technologies and environments. Cloud security is a skill that must be acquired for a promising and lucrative career in cybersecurity.
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...Dana Gardner
Transcript of a discussion on how cloud security is rapidly advancing and how enterprises can begin to innovate to prevail over digital disruption by increasingly using cloud-defined security.
What can go wrong?!
Thirty years of commercial information security have taught us to orchestrate perimeter controls, to correctly configure AAA systems, to evaluate risks and manage them.
But when we talk about the supply chain, the context dramatically changes and we risk realising we did not understand it all or we naively transferred our risk to an unaware third party.
Similar to Cybersecurity is a Necessity, Not an Option, in the Face of Global Security Threats, Says CSC (20)
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Introduction of Cybersecurity with OSS at Code Europe 2024
Cybersecurity is a Necessity, Not an Option, in the Face of Global Security Threats, Says CSC
1. Cybersecurity is a Necessity, Not an Option, in the Face of
Global Security Threats, Says CSC
Transcript of a BriefingDirect podcast on the growing need for cybersecurity as an important
organizational goal for businesses and government agencies.
Listen to the podcast. Find it on iTunes. Sponsor: HP
Dana Gardner: Hello, and welcome to the next edition of the HP Discover Performance
Podcast Series. I'm Dana Gardner, Principal Analyst at Interarbor Solutions, your
moderator for this ongoing discussion of IT innovation and how it’s making an
impact on people’s lives.
Once again, we're focusing on how IT leaders are improving security and
reducing risks as they adapt to the new harsh realities of doing business online.
We have a fascinating discussion today, because we're joined for Part 2 of our series with HP
strategic partner and IT services and professional services global powerhouse CSC. We'll be
exploring how CSC itself has improved its own cybersecurity posture. [Disclosure: HP is a
sponsor of BriefingsDirect podcasts.]
With that, please join me in welcoming our guests. We're here with Dean Weber, the Chief
Technology Officer for CSC Global Cybersecurity. Welcome back, Dean.
Dean Weber: Thank you.
Gardner: We're also here with Sam Visner, Vice President and General Manager for CSC Global
Cybersecurity. Welcome back to you too, Sam.
Sam Visner: Thanks, Dana, for this opportunity to discuss this topic.
Gardner: As you recall, in Part 1 of our series, we examined the tough challenges facing
companies and how they need to adjust their technology and security operations. We
saw how they were all now facing a weapons-grade threat, as we put it, with big
commercial incentives for online attacks and also a proliferation of more
professional attackers.
We also learned how older IT security methods have proven inadequate to the
escalating risks that are also expanding beyond corporate networks to include critical
infrastructure, supply chains, and even down to devices and sensors.
So today, we'd like to take a deeper dive into how CSC itself is going beyond just technology and
older methods to understand a better path to improve cybersecurity.
2. Let me start with you, Sam. What's the most impactful thing that CSC has done in the past
several years, perhaps in concert with HP, that's proven to be a major contributor to a more
secure environment?
Visner: There are three things to which I'd point. In the course of any conversation about three
things, I'll think of a fourth, a fifth, a sixth, and a seventh in due course, but let
me start with three things.
The first is the recognition that cybersecurity is an important issue for any
organization today, whether they're a Global 1000 company, a Fortune 500
company, or a government agency, and everybody has a stake in cybersecurity.
Same question
The first thing is that, because everybody has this stake, there has been a recognition that the
cybersecurity of the commercial world and the cybersecurity of the public sector are really the
same question.
The commercial world provides the technology on which governments depend. Governments
express the interest that the public has and the cybersecurity of those parts of the private sector
that manage energy, transportation, critical manufacturing, aerospace, defense, chemicals,
banking, healthcare, and any other thing that we call critical infrastructure.
In our company, where we serve both the public sector and private sector, we recognized early on
that it made sense to address commercial and public sector cybersecurity from a common
strategy. That's the first thing.
The second thing is that we then built a unified capability, a unified P&L, a unified line of
business and delivery capability for cybersecurity that brings together our commercial and our
public-sector business. We're end to end. So from consulting and assessments, then education,
through managed cybersecurity services and systems integration, all the way through incident
response, we make our full portfolio available to all our customer set, not just part of our
customer set.
And the third thing is -- and I am going to ask Dean Weber to comment on this, because more
than anyone else he has been the motivating powerhouse here -- a lot of people think about
cybersecurity as tools. What's my firewall? What's my user provisioning? What's my password
policy? How am I handling passwords? What should I be doing about endpoint protection?
That's a recipe for disaster, because you're always playing catch up against the problem and you
don't even know if the tools work together. You certainly don't have the means to take the
information that these tools generate, put them together, analyze them and give yourself the big
3. picture that allows you to be effective in understanding the total threat you face and the total
situation that you have internal in your organization.
The third thing that has been important is moving from a tools-based perspective to an
architecture-based perspective, one in which before we buy tools or develop tools, or even in
which we define offerings, we define the architecture of our offerings.
What are we trying to do? How will these offerings fit together in accruing information outside
of our enterprise about the global threat environment and inside of an enterprise about everything
that affects the security of an organization, from their smartphone, all the way down to their
industrial control systems on the shop floor?
What are the offerings that, when knit together, give you a total capability? Then, what are the
specific technologies that are pertinent to each of those offerings? So taking an architectural
approach as opposed to a product-specific approach is the third basic development.
Again, the public sector and commercial sector have to be approached in a common strategy, the
need to build a common organization serving all our customers across the CSC space, and
approaching our solutions from an architectural perspective where you fit everything together in
terms of offerings, capabilities, and technology. Those would be the three things to which I'd
point.
Architectural level
Gardner: Dean Weber, let's get some more input on the shift from a tools perspective or a
tactical perspective to that architectural level?
Weber: As Sam pointed out, the idea here is that we need an integrated capability to combat the
current and emerging threats. You do that based on a global ability to detect and
defer the threats, remediate as quickly as possible from threats that have
manifested themselves, and recover.
Not only are we a services provider of managed security services to enterprise
and government, we also consume those services ourselves on the inside. There's
no difference. We drink our own champagne, or eat our own dog food, or
however you want to put it.
But at the end of the day we have made this very security operations center (SOC)-centric
offering, where we have elected to use a common technology framework across the globe. All of
our SOCs worldwide use the same security and information event management -- SIEM
technology, in this case ArcSight.
That allows us to deliver the same level of consistency and maturity, and given some of the
advanced capabilities of ArcSight, it has allowed us to interconnect them using a concept we call
4. the global logical SOC, where for data protection and data privacy purposes, data has to reside in
the region or country of its origin, but we still need to share threat intelligence, both internally
generated and externally applied. The ArcSight platform allows us to build on that basis.
Separate and apart from that, any other tools that we want to bring to bear, whether that's
antivirus or vulnerability scanning, all the way up the stack to application security lifecycle, with
a product like Fortify, we can plug all of that into the managed framework regardless of where
it's delivered on the globe and we can take advantage of that appropriately and auditably across
the entire hemisphere or across the entire planet.
Visner: Dean mentioned Fortify. As you may know, we're bringing out an application security
testing-as-a-service component of our portfolio. It’s an offering. That was done very deliberately.
It's a portfolio of offerings that comprise a total capability. Each offering goes through offering
lifecycle management to ensure that it conforms to the architecture, and then trade studies to
determine which technologies, in this case the HP Fortify technology, are pertinent to that
offering.
As we move out on this, what people should expect is not that somebody is going to show up and
say, "Buy our tool." Instead, what we're going to be doing is soliciting requirements for tools and
technologies, some of which we'll buy or license and some which we'll develop ourselves that
conform to the total architectural approach that Dean described. What we're doing with HP
Fortify is a perfect example of that very deliberate and methodical approach.
Gardner: It sounds as if an important pillar of those three items you brought up, Sam, the
common strategy, unified capability, and architecture, is to know yourself as an organization, to
deeply understand where you are, and then be dynamic in terms of tracking that. Do the HP
Fortify and HP ArcSight technologies come to bear on that aspect of self-awareness.
Visner: The way I would put it is this. We have to deal with a situation in which we have a broad
set of industries that we serve from a cybersecurity perspective. I'm going to take a look at the
ArcSight situation here more particularly, because the ArcSight situation is one that had to serve
CSC and its customers on a global basis.
Wide range of environments
We do cybersecurity for public-sector organizations, but we also do it for chemical companies,
banks, aerospace and defense companies, manufacturing companies, and companies in the
healthcare space.
We have to be able to bring together data across a very wide range of environments. Although
there are some great global threats out there, some of those threats are being crafted to be specific
to some of the industries and some of the government’s activities that we try to safeguard.
5. Therefore, in the case of ArcSight, we needed an environment that would allow us to use a broad
range of tools, some of which may have to be selected to be fit for purpose for a specific
customer environment and yet to accrue data in a common environment and use that common
environment for correlation and analysis.
This is a way in which our self-awareness as a company that does cybersecurity across many
sectors of the private sector, as well as a broad range of public sector organizations, told us that
we needed an environment that could accrue a wide range of data and allow us to do correlation.
In terms of what we're doing with Fortify and application security testing, one of the things
we've learned about ourselves is that we're going to support organizations that have very specific
applications requirements. In some cases, these requirements will relate to things like healthcare
or banking. In some cases, it will be for transactions. In some cases, it will be specific workflows
associated with these industries.
What’s common to this, we have learned, is the need for secure applications. What’s also
common is that globally the world isn’t doing enough in terms of testing the security of
applications. This is something we found we could do that would be of value to a broad range of
CSC customers. Again, that's based on our own self-awareness of what those customers need in
our history.
Remember, our company has been doing independent IT and software work since 1959. One of
the things we've learned over 54 years is that there is a wide variety of things that organizations
do in terms of making their software really useful, and there is a wide variety in the attention
they pay to testing that software from the perspective of security.
We are trying to raise the bar globally to one, high, common level of application security testing.
So that’s a way that we are working with it. That’s what the Fortify tool will help us do.
Gardner: Dean Weber, to Sam’s point about the amount of data required to track, understand,
and follow, do you consider this a big-data function? We hear, of course, a lot about that in the
marketplace these days. How important would general-data and/or big-data capabilities be in a
good secure organization? Are they hand in hand?
Weber: They are absolutely hand in hand. As we generate more data across our grids, both
sensor data and event data, and as we combine our information technology networks with our
operational technology networks, we have an exploding data problem. No longer is it finding a
needle in a haystack. It’s finding a needle amongst needles in a haystack.
Big-data problem
The problem is absolutely a big-data problem. Choosing technologies like ArcSight that allow
us to pinpoint technology aberrations from a log, alert, or an event perspective, as well as from a
historical trending perspective, is absolutely critical to trying to stay ahead of the problem. At the
6. end of the day, it’s all about identity, access, and usage data. That's where we find the indicators
of these advanced threats.
As the trade craft of our opponents gets better, as Sam likes to put it, we have to respond, and it’s
not easy to respond at that level. One of the reasons that Fortify is going to become one of the
cornerstones of our offering is because as we get better at securing infrastructure using the
technologies we've already talked about, the next low-hanging fruit is the application
vulnerabilities themselves.
Recently, Android announced that they have a vulnerability in their crypto product. There are
900 million Android products that are affected by that. While Google has released a patch for
that particular crypto vulnerability, all the rest of the vendors who use an Android platform are
still struggling with how to patch, when to patch, where to patch, how do they know they
patched.
Visner: And who is responsible for the patch?
Weber: And who is responsible for the patch, absolutely true.
Gardner: That brings us to this. When you talk about responsibility and tracking, who is doing
what and how it’s getting done? We started to talk about key performance indicators (KPIs).
How much of a shift have you had to go about there at CSC to put in place the ability to track
metrics of success and KPIs? How do you measure and gauge these efforts?
Visner: I'm going to ask Dean to cleanup on my answer, but a lot of people are paying attention
to global threat intelligence and threat attribution. That’s really important, but I think what’s even
more important is not knowing where the threat came from, or what the motivations are. That’s
useful to know, because it can help characterize other aspects of the threat and what you can
expect from the threat actor to do, not just in terms of one piece of malware, but an integrated
approach.
The other piece of this is understanding yourself. That is to say it’s not enough to know that I
have patched my desktop. It’s not enough to know that I have got good governance, risk, and
compliance (GRC) enterprise-wide password maintenance and password reset.
I have to know everything about my enterprise today, all the way down to the industrial control
systems on the shop floor, the supervisory control and data acquisition systems that coordinate
my enterprise, the enterprise databases and applications that I use for global transactions, as well
as individual desktops and smartphones.
What we're really talking about is a level of awareness that people are not used to having.
They're really not. People don’t worry about what goes on beyond their own computer. Even
CIOs haven’t really worried about the cybersecurity of computers that are embedded in
manufacturing systems or control systems. Now, I think they have to be.
7. Swinging back to the awareness question, this is required of us and of any other enterprise to go
beyond the status of an individual device to treat the status of the entire enterprise as important
corporate knowledge. That's important corporate knowledge.
Holistic global view
Think of it this way, this is an organization that needs to know globally what its credit
worthiness is, where its lines of credit are, and how it’s using those lines of credit and its cash
instruments globally to manage its cash flow. That’s important corporate knowledge, and it has to
be dealt with on a holistic global view. Otherwise it’s worthless.
The same thing is true with cybersecurity, knowing what the effect is. Cybersecurity of a specific
server is interesting, but it's actually not nearly as useful as knowing the state of cybersecurity
throughout your entire enterprise. That's global corporate knowledge and that's the difference
between a piece of information which is interesting and corporate knowledge which is vital,
important, and very valuable.
We have to treat the state of cybersecurity in an organization with the same seriousness, and
consider it to be the same level of resource and asset, as the global cash flow of a global
organization. It's the same thing.
Gardner: Dean Weber, the opportunity to bring big-data capabilities to bear on this problem is
one thing that we've addressed, but there is also the operations and organizational side of having
reports, delivering reports, measuring those reports, and being able to act on it.
What have you done there to allow for a KPI-oriented or a results-oriented organizational
approach that leverages of course all the data?
Weber: You've just touched on the value proposition for a global managed security services
provider (MSSP) in the fact that we have data sources that span the planet. While CSC as a 90-
plus thousand person organization is considered a large scale organization, it pales in comparison
to the combined total of CSC's customer base.
Being able to combine intelligence and operational knowledge from multiple enterprises
spanning multiple countries and geographic regions with differing risk postures and business
models, sometimes even with differing technologies employed in those models, gives us a real
opportunity to see what the global threat looks like.
From the distribution of that threat perspective our ability to, within the laws appropriate across
the globe and auditable against those laws, share that threat intelligence without rushing up
against or breaking those laws is very important to an organization. This ultimately keys to the
development of the value proposition of why do business with the global MSSP in the first place.
8. Gardner: It was interesting to me when Sam said that there's no difference between
understanding your financial situation and your security posture. Is there some opportunity for
security and cybersecurity to be a driver for even better business practices?
Now, you might start employing these technologies and putting in place these operational
capabilities because of an existential threat to your security, but in doing so, it seems to me that
you're becoming a far better organization along the way. Have any customers, or have you
yourself, been able to demonstrate that taking the opportunity to improve your cyber posture also
improves your business posture?
Not well managed
Weber: That's becoming evident. Not everybody gets it yet, but more and more people do.
The general proposition is that an organization that doesn't understand, for example, its financial
position is not well-managed and isn't a good investment. It probably can't mobilize its resources
to support its customers.
It isn't in a position to bring new products to market and probably can't support those products.
Or it might find that those product lines are stolen, manufactured at a lower standard by
somebody else, and not properly supported, so that the customer suffers, the company suffers,
and everybody but the cyber thief suffers.
A financial organization that can't take care of their own financial position can't serve their
customers, just as an organization that doesn't understand its cybersecurity posture can't preserve
value for shareholders and deliver value for its customers.
Gardner: Dean, looking at this same benefit, what you do for cybersecurity benefits extend to
other business benefits, is there a return on investment (ROI) impact where you could measure
the investments made for extensive security but then leverage those capabilities in other ways
that offset the price. Has that been the case for you or are you aware of anyone that's done the
bean counting in such a fashion?
Weber: There absolutely is an ROI in security. In fact, there is actually a concept of return on
security investment (ROSI), but I would say generally that most people don't really understand
what those calculations mean.
Where the rubber hits the road is more along the lines of keeping the CEO and the CFO out of
jail when they have to sign off on things like Sarbanes–Oxley. Or the fact that you don't have to
make an SEC filing as a result of financial-systems breach that impacts your ability to keep
revenues that you may have already attained.
The real return on investment is less measured in savings than it is in -- as Sam likes to say --
keeping us off the front page of "The Wall Street Journal" above the fold, because the real impact
to these things traditionally is not in the court of law, but in the court of public opinion.
9. They tend to look at organizations that can't manage themselves well and end up in the news at
not managing themselves well, less favorably than they do for companies that do manage their
operations well.
Visner: What is a pound of cybersecurity worth? I'll put it to you this way. What is a pound of
stolen intellectual property worth? That that intellectual property means that somebody else is
stealing patient data, manufacturing your products, or undermining your power grid.
One way of thinking is that it's not the value of the cybersecurity so much, but the diminished
value of the assets that you would lose that you could no longer protect.
Measuring ROI
That’s as good a place as any to measure that ROI. If you do measure that ROI, the question is
not how much are you spending on cybersecurity. The question is what would you lose if you
didn’t make that spend. That’s where you see the positive return on investment for cybersecurity,
because for any organization, the spend on cybersecurity is almost insignificant compared to the
value that would be lost if you didn’t make that spend.
When you think about what it cost to bring to market a product, a new pharmaceutical, a new
aircraft design, a new jet engine, and what happens if somebody gets there first or undermines
your intellectual property, the value of that intellectual property towards what people are
prepared to spend and protect is worth it.
Gardner: As we take the lessons internally, can you offer some recommendations for how others
could proceed? Are there any aspects of what you've done with HP internally at CSC that maybe
provide some stepping stones? What would you recommend in terms of first steps, initial steps,
or lessons learned that others might benefit from in terms of what you've done?
Visner: The real question is not what we've done internally, but the internal process we used, for
example, in deciding to work with a specific strategic partner. We recognized early on that this is
not a one company problem.
This is a problem where we are dealing with weapons grade threats from nations-state. This is a
problem where we are dealing with weapons grade threats from organized criminals who have
vast resources at their disposal. This is a problem of intellect, and therefore, no one organization
is going to have sufficient intellect to be able to deal with this problem globally.
As a company, CSC tends to seek out partners to whom we can couple our intellect and get a
synergistic result. In this case, the process of making that relationship real when it flows through
defining our portfolio, defining the services that comprise the portfolio, managing the
development of those services through our offering lifecycle management process, and then
10. choosing companies whose technology provides the needed strength for each one of those
offerings, each one of the elements of that portfolio.
In this case, that process serves us well, because we're going to need a wide range of technology.
Nobody is in a position to confront this problem on their own -- absolutely nobody. Everybody
needs partners here. But the question is whom?
We have people show up on our doorstep with ideas and technologies and products every day.
But the real issue is, what is a good organizing principle? That organizing principle has two
components. One, you need a wide range of capabilities, and two, you need to choose from
among the wide range of technologies you need for that wide range of capabilities. You need a
process that’s disciplined and well-ordered.
Believe me, we have people show up and ask why it takes so long, why it's such an elaborated
process, and can't you see that our product is absolutely the right one.
The answer is that it's like a single hero going out onto the battlefield. They maybe a very
effective fighter, but they're not going to be able to master the entirety of the battlefield. That
can't be done. They're going to need partners. They're going to need mates in the field. They're
going to need to be working alongside other people they trust.
Strategic partner
So in working with HP and the ArcSight tool as our security information and management
player of our global logical SOC, our global logical managed cybersecurity service, and in
working with HP Fortify we chose a partner we thought -- and we think correctly -- is a strong
long-term strategic partner.
It's somebody with whom we can work. HP recognizes that we do. They're not going to solve this
problem on their own. What one company is going to solve a problem on their own when they
are up against the global environment of nation-state and trade actors? We all need these
partnerships.
Our company is unique in that we've always looked to our partner relations for key technologies
to enable offerings in our portfolio.
We've always believed that you go to market and you serve your customers with strategic
partners, because we've always believed that every problem that had to be solved would require
not only our abilities as an integrator, but the abilities of our partners to help in the development
of some of this technology. That’s what makes the most sense.
For a company like CSC that is largely technology-independent, it gives us access to a wide
range of technology partners. But as a company, we're smart about the partners that we choose
because of the technologies that we have. Although there's a wide range of potential partners, we
11. work with companies that we think are going to be long-term strategic partners against high-
value problems and challenges -- in this case HP and cybersecurity respectively.
Gardner: Last word to you, Dean. Just based on your experiences, as the Chief Technical
Officer increasing and improving your security posture, are there any lessons learned that you
could share for others that are seeking the same path?
Weber: I'll leave you with two thoughts. One is again the value proposition of doing business
with a global business MSSP. We do have those processes and processes in our background
where we are trying to bring the best price-performance products to market.
There maybe higher-priced solutions that are fit for purpose in a very small scale, or there may
be some very low-price solutions which are fit for purpose in a very large scale, but don't solve
for the top-end problems. The juggling act that we do internally is something that the customer
doesn't have to do, whether that’s the CSC internal account or any of our outside paying
customers.
The second thing is the rigor with which we apply the evaluation process through an offering
lifecycle or product lifecycle management program is really part and parcel of the strength of our
ability to bring the correct product to market in the correct timeframe and with the right amount
of background to deliver that at a level of maturity that an organization can consume well.
Gardner: Well, great. I'm afraid we'll have to leave it there. We've been exploring how IT
leaders are improving security and reducing risks as they adapt to the new and often harsh
realities of doing business online and we've been learning through the example of CSC itself.
I’d like to offer a huge thanks to our guests. We've been here with Dean Weber, the Chief
Technology Officer for CSC Global Cybersecurity. Thank you, Dean.
Weber: Thank you.
Gardner: And also Sam Visner, the Vice President and General Manager for CSC Global
Cybersecurity. Thank you so much, Sam.
Visner: It's been a pleasure. Thank you for having us.
Gardner: And you can gain more insights and information on the best of IT performance
management at www.hp.com/go/discoverperformance. And you can always access this and other
episodes of our HP Discover Performance podcast series on iTunes under BriefingsDirect.
I'm Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator for this
ongoing discussion of IT innovation and how it's making an impact on people’s lives. Thanks
again for listening, and come back next time.
Listen to the podcast. Find it on iTunes. Sponsor: HP
12. Transcript of a BriefingDirect podcast on the growing need for cybersecurity as an important
organizational goal for businesses and government agencies. Copyright Interarbor Solutions,
LLC, 2005-2013. All rights reserved.
You may also be interested in:
• HP Vertica General Manager Sets Sights on Next Generation of Anywhere Analytics
Platforms
• HP Vertica Architecture Gives Massive Performance Boost to Toughest BI Queries for
Infinity Insurance
• HP-Fueled Application Delivery Transformation Pays Ongoing Dividends for McKesson
• Podcast recap: HP Experts analyze and explain the HAVEn big data news from HP
Discover
• HP's Project HAVEn rationalizes HP's portfolio while giving businesses a path to total
data analysis
• Insurance leader AIG drives business transformation and IT service performance through
center of excellence model
• HP BSM software newly harnesses big-data analysis to better predict, prevent, and
respond to IT issues