Crimes that use computer networks or devices to advance other ends include: Fraud and identity theft (although this increasingly uses malware, hacking or phishing, making it an example of both "computer as target" and "computer as tool" crime) Information warfare. Phishing scams.
Cyberattacks are malicious actions taken by individuals, groups, or organizations against computer systems, networks, and digital devices with the intent to damage, steal or manipulate data, or disrupt normal operations. These attacks can target anyone, from individuals to governments and large corporations, and can cause severe damage to both personal and professional lives.
Crimes that use computer networks or devices to advance other ends include: Fraud and identity theft (although this increasingly uses malware, hacking or phishing, making it an example of both "computer as target" and "computer as tool" crime) Information warfare. Phishing scams.
Cyberattacks are malicious actions taken by individuals, groups, or organizations against computer systems, networks, and digital devices with the intent to damage, steal or manipulate data, or disrupt normal operations. These attacks can target anyone, from individuals to governments and large corporations, and can cause severe damage to both personal and professional lives.
Information security awareness is an essential part of your information security program (ISMS - Information Security Management System). You can find a comprehensive set of security policies and frameworks at https://templatesit.com.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
With each of the past 3 Ruby releases, YJIT has delivered higher and higher performance. However, we are seeing diminishing returns, because as JIT-compiled code becomes faster, it makes up less and less of the total execution time, which is now becoming dominated by C function calls. As such, it may appear like there is a fundamental limit to Ruby’s performance.
In the first half of the 20th century, some early airplane designers thought that the speed of sound was a fundamental limit on the speed reachable by airplanes, thus coining the term “sound barrier”. This limit was eventually overcome, as it became understood that airflow behaves differently at supersonic speeds.
In order to break the Ruby performance barrier, it will be necessary to reduce the dependency on C extensions, and start writing more gems in pure Ruby code. In this talk, I want to look at this problem more in depth, and explore how YJIT can help enable writing pure-Ruby software that delivers high performance levels.
More Related Content
Similar to CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1
Information security awareness is an essential part of your information security program (ISMS - Information Security Management System). You can find a comprehensive set of security policies and frameworks at https://templatesit.com.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
With each of the past 3 Ruby releases, YJIT has delivered higher and higher performance. However, we are seeing diminishing returns, because as JIT-compiled code becomes faster, it makes up less and less of the total execution time, which is now becoming dominated by C function calls. As such, it may appear like there is a fundamental limit to Ruby’s performance.
In the first half of the 20th century, some early airplane designers thought that the speed of sound was a fundamental limit on the speed reachable by airplanes, thus coining the term “sound barrier”. This limit was eventually overcome, as it became understood that airflow behaves differently at supersonic speeds.
In order to break the Ruby performance barrier, it will be necessary to reduce the dependency on C extensions, and start writing more gems in pure Ruby code. In this talk, I want to look at this problem more in depth, and explore how YJIT can help enable writing pure-Ruby software that delivers high performance levels.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
2. Causes of concern
Common Causes of Cyber attacks
Types of Cyber Attacks
OWASP Top 10 / Server Hardening /
Incident Reporting
Violation of Information Security
01
02
Introduction Cyber Security
Presentation
Contents
MHA Recommendations
03
04
05
06
07
08 News
3. Cyber Security
• The internet allows an attacker to work from anywhere on the planet.
• Cyber Security is the safeguarding of computer systems and networks against data leakage, theft, or
damage to their hardware, software, or electronic data, as well as disruption or misdirection of
services.
Why is Cyber Awareness Important?
• Cyber crime is a growing trend with advancement of technology
• Raise awareness of threats
• As with most crimes the police can’t tackle this problem alone
• To encourage reporting of Cyber Crime to enforcement agencies
• Cyber crime is massively under reported.
Risks caused by poor security knowledge and practice
• Identity Theft
• Monetary Theft
• Legal Ramifications (for yourself and your organization)
• Departmental Action or termination as per the policies
4. Causes for Concern
University of North Dakota:
https://onlinedegrees.und.edu/blog/types-of-cyber-attacks/
On average, hackers attack every 39
seconds, 2,244 times a day.
Since 2014, security breaches have
increased by 67%.
68% of business leaders believe their
cyber security risks are increasing.
25% of breaches in 2019 were motivated
by espionage.
71% of breaches in 2019 were financially
motivated.
4.1 billion records were exposed by data
breaches in the first half of 2019.
5. Common Causes of Cyber attacks
• Weak or stolen usernames and passwords
• Application vulnerabilities
• Absence of Antivirus and latest patches
• Use of Pirated Operating Systems
• System and Network Firewalls disabled
• Social engineering (tricking people into breaking security protocols)
• Poor access control (Unauthorized users have access)
• Insider threats (System Password has not set)
• Improper configuration of WIFI devices and Hotspots
• Unnecessary Ports opened on Network for Backdoor Entry
7. Malware
Internet
Internet Service
Providers
Hackers &
Snoopers
Governments
Malware is intrusive software that is designed to damage and destroy application and computer
systems. Malware is a contraction for “malicious software.” Examples of common malware includes
viruses, worms, Trojan viruses, spyware, adware, and ransomware.
Salient Differences
1) Computer Virus:
• Needs a host file
• Copies itself
• Executable
2) Network Worm:
• No host (self-contained)
• Copies itself
• Executable
3) Trojan Horse:
• No host (self-contained)
• Does not copy itself
• Imposter Program
8. •Phishing: a ‘trustworthy entity’ asks via e-mail for sensitive information such as UID, credit card numbers, login IDs
or
passwords. It is a kind of social engineering attack where a person steals the sensitive information of user in a fraud
manner by disguising as a legitimate person.
•Spoofing is a kind of computer virus attack where a person steals the details of important a legitimate user and acts
as
another user. It is a kind of identity theft. Cyber criminals use spoofing to fool victims into giving up sensitive
information or money or downloading malware
• Ransomware is a new type of malware that encrypts documents, pictures and other files, making them unreadable.
The
attacker then holds the decryption key for ransom until you agree to pay money, usually through an untraceable
method
such as BitCoin or other digital currency.
Do:
• Always verify the sender of a message.
• Always hover over web page links (URLs) in email messages to see where they link to – beware URL
shortening services (like bit.ly) that may obscure the final web site destination.
• Be skeptical of messages with odd spelling/grammar, improper logos or that ask you to upgrade or verify
your account.
• Report suspicious emails to support@gov.in or NIC
• Take backups of important files to avoid ransomware
Don’t:
• Open an attachment from an unknown sender. Consider the source and whether or not the file was
expected.
• Click on a link from an unknown sender.
9. Social engineering manipulates people into performing actions or divulging confidential information. Similar
to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit
fraud, or access computer systems.
Phone Call:
This is John,
the System
Admin. What
is your
password?
Email:
ABC Bank has
noticed a
problem with
your account…
In Person:
What ethnicity
are you? Your
mother’s
maiden name?
and have
some
software
patches
I have come
to repair
your
machine…
10. Violation of Information Security
The classified official communication(i.e. in four categories TOP SECRET, SECRET, CONFIDENTIAL and RESTRICTED. ) on
public domain messaging platform like WhatsApp, Telegram, messenger etc. is a clear violation of information security
instructions as provided in Manual of Departmental Security Instructions (MoDSl) and National information Security Policy
Guidelines (NISPG).
According to NISPG, the Top Secret and Secret information shall be shared only in a closed network with leased line
connectivity where ScientificAnalysis Group - DRDO(SAG) grade encryption mechanism is deployed. However,
Confidential and Restricted information can be shared on internet through networks that have deployed commercial AES
256-bit encryption.
International Threat
Information shall be harvested by private companies owning
the platform as they control storage servers that are often
located outside the country.
Information Tampering
Disrupt digital operations or damage information of the
plans and projects yet to be formalized
Individual Information leakage
Personal information of an individual is used for adversaries
or can be monetised for gains.
11. 1) Use E-Office for official communication: The product is developed
by National Informatics Centre (NIC) and aims to usher in more
efficient, effective and transparent inter-government and intra-
government transactions and processes. it may be advised that the
Ministry/Department may deploy proper firewalls and white-listing of
lP addresses. The eOffice service may be accessed through a Virtual
Private Network (VPN) for enhanced security. The Top Secret & Secret
information shall be shared over the e-Office system only with leased
line closed network and SAG grade encryption mechanism.
Benefits of eOffice :
• Enhance transparency
• Increase accountability
• Assure data security and data integrity
• Promote innovation by releasing staff energy and time from
unproductive procedures
• Transform the government work culture and ethics
MHA Recommendations to maintain Cyber Security
12. 2) Use Government Email (NIC Email) for official communication: NlC email
facility or Government instant Messaging Platforms (such as CDAC's Samvad,
NIC's Sandesh, etc.) is recommended in the Ministry/Departments for the
communication of Confidential and Restricted information. However, utmost
care should be taken during the classification of information and before the
communication of the same over internet (i.e. an information which may
deserve a Top Secret & Secret classification shall not be downgraded to
Confidential/Restricted for the purpose of sharing the information over the
internet).
• Features…
• Email platform is supported by 2-level authentication factor i.e. KAVACH
which enables extra security.
• The feature of BRIEFCASE which is used to store the personalize
data similar to google drive
• NIC never asks…
•… for your credentials via email or over the phone.
• … to follow a link to clean a virus from your email mailbox,
upgrade or reactivate your account.
•… you to update or increase your email quota.
When in doubt, forward suspicious emails to support@gov.in or NIC Division of
Ministry
MHA Recommendations to maintain Cyber Security(Cont.)
13. 3) Use only Government Video Conferencing solutions: The VC
platforms offered by CDAC, CDOT and NIC (BharatVC, VidyoConnect,
Studio based) may be used. The meeting lD and password shall be
shared only with authorized participants. To ensure better security,
the 'Waiting Room' facility and prior registration of the participants
may be used. However, Top Secret and Secret information shall not be
shared during the VC.
Benefits of Government VC solutions :
• Due to secure network transmission which assures data security
and data integrity
• Data recordings and sharing rights are confined within
government organizations like CDAC, CDOT and NIC.
• It prohibits the trespassers from breaching into the system as
communication happens within dedicated government network
and servers.
MHA Recommendations to maintain Cyber Security(Cont.)
14. 4) Avoid Digital Assistant devices: While discussing official information
avoid usage of digital assistant devices like Amazon's Echo, Apple's
HomePod, Google Home, etc. and may not be kept in office. Further,
Digital Assistants (such as Alexa, Siri, etc.) should be turned off in the
smart phones/watches used by the employee. Smart phones may be
deposited outside the meeting room during discussion on classified
issues.
Benefits of avoiding digital assistant devices:
• Decrease the chances of incident that results in unauthorized
access to information.
• Increase accountability
MHA Recommendations to maintain Cyber Security(Cont.)
15. The Open Web Application Security Project (OWASP) Top 10 is a standard
awareness document for developers and web application security. It represents
a broad consensus about the most critical security risks to web applications.
OWASP Top 10 / Server Hardening / Incident Reporting
Server hardening is a set of disciplines and techniques which improve the
security of an server. Hardening is the changes made in configuration, access
control, network settings and server environment, including applications, in
order to improve the server security and overall security of an organization’s
IT infrastructure.
CERT-In is functional organization under MEitY with the objective of securing India cyber space and respond to cyber attacks.
incident@cert-in.org.in is the email address to report any incident of cyber attack.
For closing of Fake / clone websites and applications FIR copy is mandatory for necessary actions.