Presentation ncsl - mobile privacy enforcement 130502 (as presented)Jason Haislmaier
Â
Presentation to the National Conference of State Legislators (NCSL) Spring Conference in Denver, CO on May 2, 2013. Covering mobile app privacy policy and enforcement at the federal and state levels. Highlighting actions taken by the Attorney General of the State of California. Copyright 2013 Jason Haislmaier
Presentation - gener8tor - Data Privacy, Security, and Rights 130627Jason Haislmaier
Â
Data privacy, security and rights presentation given to the Gener8tor companies on June 27, 2013. Covering data privacy and data security rights issues relevant to startups and the evolution of the value of data.
Presentation ncsl - mobile privacy enforcement 130502 (as presented)Jason Haislmaier
Â
Presentation to the National Conference of State Legislators (NCSL) Spring Conference in Denver, CO on May 2, 2013. Covering mobile app privacy policy and enforcement at the federal and state levels. Highlighting actions taken by the Attorney General of the State of California. Copyright 2013 Jason Haislmaier
Presentation - gener8tor - Data Privacy, Security, and Rights 130627Jason Haislmaier
Â
Data privacy, security and rights presentation given to the Gener8tor companies on June 27, 2013. Covering data privacy and data security rights issues relevant to startups and the evolution of the value of data.
How to Maintain Biometric Privacy & Avoid Liability With ConfidenceEPAY Systems
Â
Do you or your company vendors use employee fingerprints and facial scans, or other private biometric information for systems access, property security, or record-keeping? Are you certain you are doing so correctly?
Biometric information privacy violations have launched hundreds of costly class actions against unsuspecting employers. Don’t get caught up in the storm!
This 60-min. presentation discussed:
• Biometrics and what biometric information privacy entails
• Compliance requirements for employers’ collection, use, and retention of employee biometric data
• Exploring legal and internal HR policies related to biometric information
• Examples of labor cost reductions, improved productivity, and compliance safeguards with biometric analytics
Enjoy!
From the FinTech Webinar Series. Explores:
1. Storage and Processing of Data in “the Cloud”
2. Mobile Devices and Mobile Apps
3. “Big Data”
4. Security and Privacy Issues in Third-Party Contracts
5. Data Security and Corporate Governance
6. International Privacy and Data Security
7. Data Security as a National Security Concern: Legislation and Executive Initiatives
Business Law Training: Pushing CCPA Compliance Over the Finish Line: New Deve...Quarles & Brady
Â
California’s passage of the California Consumer Privacy Act marks the first-of-its-kind comprehensive data privacy statute in the United States. Effective January 1, 2020, amendments are sitting on the Governor’s desk for signature, with new initiatives being discussed as we speak. What are the new developments? And at the end of the day, where do you need to be by December 31st? Join us for a lively discussion on the latest best practices for meeting the new data privacy requirements in California.
From the FinTech Webinar Series. Explores:
1. Recent Federal Cybersecurity Developments: Executive Order, NIST Standards, Information-Sharing, Legislation
2. Privacy and Security Issues in Cloud Computing Contracts
3. International Privacy and Transferring Data Across Borders
4. Mobile Devices and Mobile Apps
5. Workplace and Corporate Governance Developments
6. The FTC’s New Rules Concerning Children’s Privacy
This presentation talks about the Legal instrumentation in e-commerce industry in International market. It draws attention towards major legal issues in this industry and I have tried to find out the best solutions of some of them
Mobile Apps - Legal and Practical ConsiderationsJason Haislmaier
Â
Presentation by Jason Haislmaier and Matt McKinney at the 2014 Rock Mountain Intellectual Property and Technology Institute in Denver Colorado. Covering the legal and practical considerations involved with developing, releasing, and maintaining software applications for mobile devices.
Ethical, Social, and Political Issues in E-commerceNor Ayuzi Deraman
Â
Internet, like other technologies, can:
Enable new crimes
Affect environment
Threaten social values
Costs and benefits must be carefully considered, especially when there are no clear-cut legal or cultural guidelines
As the European Union (EU) has enacted the General Data Protection Regulation (GDPR), it is easy to perceive this regulation would apply to only multinational or European companies. GDPR will certainly impact businesses in EU; but it will extend its applicability for international businesses, even those based in the United States.
In this webinar, Daniel Cohen-Dumani and Anupam Goradia of Withum cover what exactly GDPR is and why it is important to your business. We also share practical tips and best practice on how to ensure your compliance.
Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2...Jason Haislmaier
Â
Presentation at the 2012 Rocky Mountain IP and Technology Institute. Covering the emerging rights in "data" and the sources for legal protection of data.
Explores:
1. Introduction to Privacy Regimes in the United States and Abroad
2. Mobile Applications and Devices
3. Lawful Collection and Use of “Big Data”
4. International Privacy and Cross-Border Data Transfers
5. Data Security Requirements and Data Breach Response
6. IT Outsourcing and the Cloud
7. Recent Developments and Emerging Issues
How to Maintain Biometric Privacy & Avoid Liability With ConfidenceEPAY Systems
Â
Do you or your company vendors use employee fingerprints and facial scans, or other private biometric information for systems access, property security, or record-keeping? Are you certain you are doing so correctly?
Biometric information privacy violations have launched hundreds of costly class actions against unsuspecting employers. Don’t get caught up in the storm!
This 60-min. presentation discussed:
• Biometrics and what biometric information privacy entails
• Compliance requirements for employers’ collection, use, and retention of employee biometric data
• Exploring legal and internal HR policies related to biometric information
• Examples of labor cost reductions, improved productivity, and compliance safeguards with biometric analytics
Enjoy!
From the FinTech Webinar Series. Explores:
1. Storage and Processing of Data in “the Cloud”
2. Mobile Devices and Mobile Apps
3. “Big Data”
4. Security and Privacy Issues in Third-Party Contracts
5. Data Security and Corporate Governance
6. International Privacy and Data Security
7. Data Security as a National Security Concern: Legislation and Executive Initiatives
Business Law Training: Pushing CCPA Compliance Over the Finish Line: New Deve...Quarles & Brady
Â
California’s passage of the California Consumer Privacy Act marks the first-of-its-kind comprehensive data privacy statute in the United States. Effective January 1, 2020, amendments are sitting on the Governor’s desk for signature, with new initiatives being discussed as we speak. What are the new developments? And at the end of the day, where do you need to be by December 31st? Join us for a lively discussion on the latest best practices for meeting the new data privacy requirements in California.
From the FinTech Webinar Series. Explores:
1. Recent Federal Cybersecurity Developments: Executive Order, NIST Standards, Information-Sharing, Legislation
2. Privacy and Security Issues in Cloud Computing Contracts
3. International Privacy and Transferring Data Across Borders
4. Mobile Devices and Mobile Apps
5. Workplace and Corporate Governance Developments
6. The FTC’s New Rules Concerning Children’s Privacy
This presentation talks about the Legal instrumentation in e-commerce industry in International market. It draws attention towards major legal issues in this industry and I have tried to find out the best solutions of some of them
Mobile Apps - Legal and Practical ConsiderationsJason Haislmaier
Â
Presentation by Jason Haislmaier and Matt McKinney at the 2014 Rock Mountain Intellectual Property and Technology Institute in Denver Colorado. Covering the legal and practical considerations involved with developing, releasing, and maintaining software applications for mobile devices.
Ethical, Social, and Political Issues in E-commerceNor Ayuzi Deraman
Â
Internet, like other technologies, can:
Enable new crimes
Affect environment
Threaten social values
Costs and benefits must be carefully considered, especially when there are no clear-cut legal or cultural guidelines
As the European Union (EU) has enacted the General Data Protection Regulation (GDPR), it is easy to perceive this regulation would apply to only multinational or European companies. GDPR will certainly impact businesses in EU; but it will extend its applicability for international businesses, even those based in the United States.
In this webinar, Daniel Cohen-Dumani and Anupam Goradia of Withum cover what exactly GDPR is and why it is important to your business. We also share practical tips and best practice on how to ensure your compliance.
Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2...Jason Haislmaier
Â
Presentation at the 2012 Rocky Mountain IP and Technology Institute. Covering the emerging rights in "data" and the sources for legal protection of data.
Explores:
1. Introduction to Privacy Regimes in the United States and Abroad
2. Mobile Applications and Devices
3. Lawful Collection and Use of “Big Data”
4. International Privacy and Cross-Border Data Transfers
5. Data Security Requirements and Data Breach Response
6. IT Outsourcing and the Cloud
7. Recent Developments and Emerging Issues
Seattle Tech4Good meetup: Data Security and PrivacySabra Goldick
Â
12/7/2016 - It's difficult to avoid news stories about hacks and misused databases. For our Q4 meetup, we will discuss what nonprofits can do to protect their systems and data. Each panelist will outline best practices for protecting your own data as well as constituent data.
PANELISTS
* Mary Gardner, Chief Information Security Officer at Seattle Children's Hospital.
* Ralph Johnson, Chief Information Security and Privacy Officer, King County
* Peter Kittas, Web and IT Consultant, Revelate LLC
Cyber Security and Data Privacy: Views on Article III Standing LIVE WebcastThomas LaPointe
Â
As cyber security and data privacy concerns continue to evolve, security experts must keep themselves up to date to combat increasingly sophisticated threats to protect their firms and clients. In a two-hour LIVE webcast, a panel of distinguished professionals will address significant issues that will shape up cyber security and data privacy in 2014 along with practical guidance. Our speakers will address the following key issues:
Article III Standing
Latest theories of liability arising out of data breaches and claims of invasion of privacy
Issues surrounding cyber security and data privacy
Best practices to counteract cyber security and data privacy threats
Latest regulatory updates
To view the webcast go to this link: http://youtu.be/Kkyieu9njdw
To learn more about the webcast please visit our website: http://theknowledgegroup.org
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
Â
"Security, Privacy Data Protection and Perspectives to Counter Cybercrime" was presented at the CodeGate 2008 security conference in Seoul, Korea, April 2008.
http://www.codegate.org/
Office 365 security concerns, EU General Data Protection Regulation (GDPR) Sonja Madsen
Â
Office 365 provides access to information from different devices not only from secure office locations,
but also from just about any location in the world. Data security, governance and compliance are the biggest concerns.
This talk is about the robust security that is built into Office 365: data loss prevention,
mobile device management, password and multi-factor authentication, message encryption,
EU General Data Protection Regulation (GDPR) and Rights Management Service.
Presentation at the Silicon Flatirons Center at the University of Colorado School of Law. Providing an update on the latest issues and trends in data privacy and data security in the US. Focusing on recent actions of the FTC and state governments.
This course provides an overview of whistleblower protections for employees who blow the whistle on cybersecurity or data privacy concerns. And it offers practical tips and insights for practitioners on how to evaluate potential cybersecurity whistleblower claims and overlapping remedies to maximize damages. In addition, the course addresses the challenging issues that arise when a whistleblower simultaneously prosecutes both whistleblower retaliation and whistleblower rewards claims.
The trends continue to point upward for data incidents and 2013 is becoming a pace setter. The shifting regulatory landscape promises to add further complications for companies struggling to prepare for and respond to data privacy incidents.
This webinar will feature two leading data breach experts who have performed a two year trend analysis across hundreds of cases to offer a powerful and up-to-date perspective on what has happened and their predictions for the future. It will also cover how these factors are shaping regulations which are in turn influencing decision-making in the C-Suite.
Our featured speakers for this timely webinar will be:
-Bill Hardin, Director of Data Privacy Response & Investigations, Navigant
-Jennifer Coughlin, Privacy and Data Security Attorney, Nelson, Levine
-Gant Redmon, Esq. General Counsel and VP of Business Development, Co3 Systems
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
Â
No matter what kind of law practice you have, you need to comply with privacy laws generally and lawyers' ethical duties with respect to privacy, specifically. In this presentation, legal ethics counsel Sarah Banola (Cooper, White and Cooper, LLP) and employment and privacy attorney Diana Maier (Law Offices of Diana Maier) deliver a primer on privacy law and teach you the key areas of privacy law and associated ethical obligations.
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
Â
The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere.
The webinar will cover:
Global trends in privacy legislations
Some commonalities between privacy laws
Compliance requirements which can affect your organization
Recorded webinar > https://www.youtube.com/watch?v=BKWf6GTlgAM&feature=youtu.be
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...​
https://pecb.com/en/education-and-cer...​
Webinars: https://pecb.com/webinars​
Article: https://pecb.com/article​
Whitepaper: https://pecb.com/whitepaper​
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/​
LinkedIn: https://www.linkedin.com/company/pecb/​
Facebook: https://www.facebook.com/PECBInternat...​
Slideshare: http://www.slideshare.net/PECBCERTIFI...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
Â
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-us-privacy-and-data-security-regulations-and-requirements-2021/
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
Â
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
Part of the webinar series: CYBERSECURITY & DATA PRIVACY 2022
See more at https://www.financialpoise.com/webinars/
Trending Topics in Data Collection & Targeted MarketingcdasLLP
Â
Slideshow to accompany co-sponsored panel from IAB Ad Lab and Cowan, DeBaets, Abrahams & Sheppard LLP. Participants: Joshua B. Sessler, Eleanor M. Lackman, Sarah Hudgins. For more entertainment and digital media law analysis, go to: http://cdas.com/legal/
Online Behavioral Advertising (OBA) Legal & Regulatory ComplianceAdler Law Group
Â
Behavioral or targeted marketing and advertising is one of the fastest growing areas for advertising and marketing professionals. New technologies driving behavioral and contextual advertising are challenging the established methods. Many realize that limiting targeted marketing may lead to undesired and potentially disruptive consequences, including undermining the implicit bargain that drives the Internet: the exchange of value between consumers and content providers. However, legislators, regulators, and industry trade groups have expressed concerns over perceived abuses of the collection and use of personal data of online users that involve privacy issues that “go well beyond behavioral advertising.” With every technological development and opportunity, new legal and business risks present themselves. Understanding and minimizing these risks will help you maximize the opportunities. Attendees will learn 1) the current state of behavioral and contextual advertising, 2) risks and pitfalls with targeted advertising, and 3) trends in legislation and regulatory compliance.
USA and Europe (EU) do have a different way of looking into privacy. This PPT is about who is responsible and what kind of rules are in place. This is a A Medved Consultants LLC Presentation. This may not be considered as a legal advice.
Privacy & Data Breach: 2012 Recap, 2013 PredictionsResilient Systems
Â
It's been a particularly tough year for data breaches. So far this year, datalossdb.org has tracked over 1,300 breaches which sets an all-time record, beating last year's figure by more than 20%. This year we've witnessed multiple breaches at the same organization, botched response efforts, and large class action lawsuits. The regulatory environment presented challenges as well. Texas and California continued to "innovate," other states had incremental updates, and SEC guidance on data breaches continues to loom on the horizon.
Were 2012 breach levels an anomaly? What might California have up its sleeve for next year? This webinar will review the highlights and lowlights of 2012 and make predictions about what's in store for 2013.
Our featured speakers for this timely webinar are:
-Andrew Serwin, Esq. - Partner, Foley & Lardner LLP. Andy is a well-known, highly regarded figure in the privacy and security realms. His many accomplishments include authoring definitive privacy books, "Information Security and Privacy: A Guide to Federal and State Law and Compliance," and "Information Security and Privacy: A Guide to International Law and Compliance."
-Gant Redmon, Esq. (CIPP/US) - General Counsel & Vice President of Business Development, Co3 Systems. Gant has practiced law for nineteen years; fifteen of those years as in-house counsel for security software companies including: Arbor Networks, Authentica and AXENT. In 1997, Gant was appointed membership on the President Clinton’s Export Counsel Subcommittee on Encryption (PECSENC).
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
Â
This presentation focused on cyber security protections for businesses and other law firm clients. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
Lawyers are required to enact 'reasonable' safeguards when storing client files. They must also deal with an ever-increasing number of new privacy regulations imposed on them and their clients. When handling sensitive client data, lawyers need to balance issues of confidentiality and privacy against building productive workflows. Failure to keep client information secure can lead to a potential waiver of privilege, malpractice claims, and even fines from various government agencies. Law firms need rigorous security, no matter their firm’s size or practice area.
A law firm’s security plan must include three components: user training and access controls, secure technology, and a recovery plan.
Join Clio’s lawyer in residence, Joshua Lenon, as he shows you how to enact a security plan for your law firm with guest Chris Wiesinger of CloudMask, an encryption service provider for cloud-based technologies.
In this free, CLE-accredited presentation1, attendees will learn:
The difference between confidentiality and privacy for law firms
The regulations that apply to all law firms, as well as those for specific practice areas
The security planning tips you can use to assess and protect your law firm
The tools to improve your law firm’s security profile
The Countdown is on: Key Things to Know About the GDPRCase IQ
Â
The EU’s General Data Protection Regulation (GDPR) comes into effect on May 25th. This powerful legislation strengthens data privacy laws in Europe and has implications for companies all over the world that store, process or transfer the information of the EU’s citizens.
Failure to comply with the regulation can expose a company to fines based on global revenue and reputation damage, yet many companies are struggling to comply in time.
Join information security expert and CEO/Founder of AsTech Consulting, Greg Reber, as he walks participants through a plan for GDPR compliance.
Data has emerged as one of the most important resources of today's world. However, there does not exist clear rules on how to make use of this resource. There are spillover effects and negative externalities in the form of privacy breaches while exploiting this resource. In such a situation, what should be the legal remedy?
The law should find a balance between the interests of the customers and the corporations. The customers want safety and privacy, whereas corporations want commercial use of data which risks the customer's interests.
When Past Performance May Be Indicative of Future Results - The Legal Implica...Jason Haislmaier
Â
Presentation to the ABA Cyberspace Law Committee 2014 Winter Meeting in Denver, CO. Bruce Antley and Jason Haislmaier. Covering legal issues in location based services and the use of predictive analytics.
Presentation - Mobile Medical Applications Guidance for Industry and Food and...Jason Haislmaier
Â
Presentation to PrIME Health Collaborative at Galvanize in Denver, Colorado on October 29, 2013 covering an overview of the FDA "Mobile Medical Applications Guidance for Industry and Food and Drug Administration Staff."
"Crash Course" on Open Source Silicon Flatirons Center (2012) Jason Haislmaier
Â
2012 "crash course" presentation to the Silicon Flatirons Center at the University of Colorado School of Law. Covering an overview of legal issues involving open source software
2011 presentation on open source software provided through the University of Colorado Silicon Flatirons Center for Law and Technology "Crash Course" series.
2011 Silicon Flatirons IP (Crash Course) For EntrepreneurersJason Haislmaier
Â
Intellectual Property Crash Course for Entrepreneurs (February 22, 2011) presentation at the Wolf Law Building at the University of Colorado (Boulder, CO)
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Â
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
Â
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
Â
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Â
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
Â
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Â
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview​
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Â
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
Â
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Â
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Â
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Â
Data Security and Privacy Landscape 2012 (September 2012)
1. Copyright 2012 Bryan Cave
September 20, 2012
Jason D. Haislmaier
jason.haislmaier@bryancave.com
@haislmaier
Changes in the Data Security andChanges in the Data Security and
Privacy Landscape - 2012Privacy Landscape - 2012
7. Copyright 2012 Bryan Cave
No specific comprehensive
data privacy or security legislation
(in the US)
8. Copyright 2012 Bryan Cave
• EU Data Protection Directive (95/46/EC)
• Regulates the processing of personal data of EU subjects
– Broad scope of “personal data”
– Restricts processing unless stated conditions are met
– Prohibits transfer to countries not offering adequate levels of protection
• US Department of Commerce-negotiated “Safe Harbor Principles” enable
transfers to US companies
– Self-certification regime
– Allows US companies to register as compliant
– FTC oversight
• Proposed overhaul in the works (announced Jan. 25, 2012)
Longstanding EU Regulations
Legal Landscape
9. Copyright 2012 Bryan Cave
• State consumer protection statutes
– All 50 states
– Prohibitions on “unfair or deceptive” trade practices
• Data breach notification statutes
– At least 46 states (DC and various US territories)
– Notification of state residents (and perhaps regulators) affected by unauthorized
access to sensitive personal information
• Data safeguards statutes
– (Significant) minority of states
– Safeguards to secure consumer information from unauthorized access
• Data privacy statutes
– Requirements for online privacy policies covering use and sharing of consumer
information
– Requirements on use of personal information for direct marketing purposes
Growing Array of Relevant State Laws
Legal Landscape
10. Copyright 2012 Bryan Cave
• Consumer credit - Fair Credit Reporting Act (FCRA)
• Financial services - Gramm Leach Bliley Act (GLBA)
• Healthcare providers - Health Insurance Portability and Accountability Act
(HIPAA)
• Children (under 13) - Children’s Online Privacy Protection Act (COPPA)
• Video content - Video Privacy Protection Act
• Others statutes covering education, payment processing, etc.
Industry-specific Federal Statutes
Legal Landscape
12. Copyright 2012 Bryan Cave
Federal Trade Commission Act (FTCA)
(15 U.S.C. 41, et seq)
Legal Landscape
13. Copyright 2012 Bryan Cave
“Unfair or deceptive acts or practices”
Legal Landscape
14. Copyright 2012 Bryan Cave
• No specific privacy or security requirements
– Broad prohibition on “unfair or deceptive acts or practices in or affecting
commerce” (Section 5)
• Failures to implement “reasonable and appropriate” data security measures
• Deceptive data privacy policies and promises
– Constituting unfair or deceptive acts or practices
• Increasingly active enforcement
– More than 39 actions to date
• 25 in the last 6 years
• Many more investigated but not brought
– Covering largely electronically stored data and information
– Targeting security breaches as well as privacy violations
Federal Trade Commission Act (FTCA)
Legal Landscape
16. Copyright 2012 Bryan Cave
• 20 year term
• Cease misrepresentations regarding practices for information security,
privacy, confidentiality, and integrity
• Conduct assessment of reasonably-foreseeable, material security risks
• Establish comprehensive written information security and privacy program
• Designate employee(s) to coordinate and be accountable for the program
• Implement employee training
• Conduct biannual independent third party audits to assess security and
privacy practices
• Implement multiple record-keeping requirements
• Implement regular testing, monitoring, and assessment
• Undergo periodic reporting and compliance requirements
• Impose requirements on service providers
Emerging Model for Settlement and Compliance
Compliance
18. Copyright 2012 Bryan Cave
Jon Leibowitz
Chairman of the FTC
Speaking on the settlement
“Facebook is obligated to keep the promises
about privacy that it makes to its hundreds
of millions of users.”
Compliance
19. Copyright 2012 Bryan Cave
Jon Leibowitz
Chairman of the FTC
Speaking on the settlement
“Innovation does not have to come at the
expense of consumer privacy.”
Compliance
20. Copyright 2012 Bryan Cave
Speaking on the settlement
“We've made a bunch of mistakes.”
Mark Zuckerberg
CEO of Facebook
Compliance
25. Copyright 2012 Bryan Cave
• States have defined “sensitive information” to include SSN, drivers license
number, and financial account information
• FTC has broadened this definition to include
– Health information
– Information regarding children
– Geo-location information
• Trend is toward more activity in these areas
• Practical considerations
– Know when/where you collect sensitive information
– Consider seeking consent when using sensitive data for marketing purposes
– Ensure that WISPs appropriately protect sensitive information
• Note that these categories of sensitive information may not trigger a data
breach notification requirement under state laws
Sensitive Information
Compliance
27. Copyright 2012 Bryan Cave
• The “Safeguards Rule” under GLBA requires implementation of “written
information security plans” (WISPs)
– Describing the company’s program to protect customer information
– Appropriate to the company, nature and scope activities, and level of sensitivity
of information
• FTC consent orders now generally impose similar requirements
– Implementation comprehensive information security program
– Fully documented in writing
– Reasonably designed to protect the security and privacy of covered information
– Containing controls and procedures appropriate to the
• Size and complexity of the business
• Nature and scope of activities
• Sensitivity of the covered information
• Mass. state regs. also now require written information security policies for
companies handling personal information about Mass. residents
WISPs
Compliance
29. Copyright 2012 Bryan Cave
U.S. v. RockYou, Inc.
(N.D. Cal. Mar. 26, 2012)
Compliance
30. Copyright 2012 Bryan Cave
• RockYou is an online social gaming service
• Created an application for social networking sites allowing users to upload
photos and music to create a slide show
• When users registered for the app they were asked to provide email
address and password – app also collected birth date, gender, etc.
• RockYou represented that it used “commercially reasonable” security
measures
• All information actually stored only in plaint text (unencrypted)
• RockYou was hacked in December 2009
• 32 million accounts affected, including information about 179,000 children
• FTC settled for $250,000 and 20 year injunction that imposes standard
requirements (biannual third party risk assessments, etc.)
U.S. v. RockYou
Compliance
31. Copyright 2012 Bryan Cave
In the Matter of UPromise, Inc.
(FTC File No. 102 3116, Jan. 5, 2012)
Compliance
32. Copyright 2012 Bryan Cave
• UPromise is a membership reward service for saving for college
• Provided toolbar application purporting to track user online activity and
“provide college savings opportunities tailored to you”
• App collected not only the web sites visited but information entered on
some web pages
• Information included user names, passwords, credit cards and expiration
dates, financial account information, SSNs, etc.
• All of this information was transmitted to UPromise unencrypted, despite
statements that information was “automatically” encrypted
• Over 150,000 consumers participated
• FTC settled for 20 year consent decree requiring standard requirements
(biannual third party risk assessments, etc.)
In the Matter of UPromise
Compliance
33. Copyright 2012 Bryan Cave
• RockYou and UPromise settlements provide guidance on what is
not reasonable or appropriate
– Collecting PII from consumers unnecessarily
– Failing to test applications to ensure they are not collecting PII
– Not training employees about security risks
– Transmitting or storing sensitive information in unencrypted form
– Failing to segment servers
– Leaving systems susceptible to hacking (e.g., SQL injection attacks)
– Failing to ensure that service providers or third-party developers employ
reasonable and appropriate security
• Other settlements add additional considerations
• Practical Considerations
– Draft WISPs to prohibit these practices
– Review for these practices in audits and risk assessments
Reasonable and Appropriate Security
Compliance
35. Copyright 2012 Bryan Cave
• FTC settlements require contractual restrictions on third party
service providers
Requirements for Service Providers
In the Matter of Google, Inc. (FTC File No. 102-3136, March 30, 2011)
Compliance
36. Copyright 2012 Bryan Cave
• FTC settlements require contractual restrictions on third party
service providers
• Parallel newly effective Mass. regulation (201 CMR 17.03)
– Requiring companies providing service providers with personal information
about Mass. residents to contractually require the providers to “implement and
maintain . . . appropriate security measures”
– Went into full effect on March 1, 2012
• Practical implications
– Maintain a WISP with applicable policies
• Storage, access, and transportation of information
• Employees and downstream service providers
• Disciplinary measures for violations
– Conduct risk assessments, employee training, and security reviews
– Investigate incidents and document follow-up action
Requirements for Service Providers
Compliance
40. Copyright 2012 Bryan Cave
• Based on a yearlong series of privacy roundtables held by the FTC
• Extensive comment period (more than 450 comments received)
• Provides best practices for the protection of consumer privacy
• Applicable to both traditional (offline) and online businesses
• Intended to assist Congress as it considers privacy legislation
• Not intended to serve as a template for law enforcement actions
(but what about plaintiffs attorneys?)
Background
FTC Report
41. Copyright 2012 Bryan Cave
Privacy Framework
FTC Report
• Proposed framework is based on several core concepts
– Simplified consumer choice
42. Copyright 2012 Bryan Cave
FTC Report
• Proposed framework is based on several core concepts
– Simplified consumer choice
– Transparency
Privacy Framework
43. Copyright 2012 Bryan Cave
• Proposed framework is based on several core concepts
– Simplified consumer choice
– Transparency
– Privacy by design
Privacy Framework
FTC Report
44. Copyright 2012 Bryan Cave
• Continued expansion of “personal information”
• Codification of the definitions used in FTC settlements
• Shades of the definition in the EU Data Protection Directive
• Blurring of the line between PII and non-PII
• When is information not PII?
Scope of Personal Information
FTC Report
45. Copyright 2012 Bryan Cave
• Data is not PII if it is not reasonably linkable to a specific consumer,
computer or other device
• Breaking the link
– Take reasonable measures to ensure that data is de-identified
– Publicly commit to not try to re-identify
– Contractually prohibit downstream recipients from trying to re-identify
– Take measures to silo de-identified data from PII
• Cannot remove concerns by simply envisioning the sharing of only
“de-identified” or anonymous data
• Must actually follow FTC guidance
– Prohibitions in privacy policies against re-identification
– Provisions in vendor contracts regarding re-identification
– Systems designed to silo off de-identified data
De-Identification of Personal Information
FTC Report
46. Copyright 2012 Bryan Cave
• Historically, divergent privacy policies and practices regarding information
sharing with corporate affiliates and subsidiaries
• FTC Report views affiliates as “third parties” unless the affiliate
relationship is “clear to consumers”
• Common branding is cited as sufficient to make a relationship clear
• Uncertainty remains
• Practical implications
– Disclose affiliate sharing in privacy policy
– Consider opt-in for sharing sensitive information with affiliates
– Opt-out for non-sensitive information
Requirements for Affiliates and Subsidiaries
FTC Report
49. Copyright 2012 Bryan Cave
• Combined effort of the White House, Department of Commerce, and
the FTC
• Provides a framework for consumer privacy protections
• Establishes 7 principles covering personal data
– Transparency - Easily understandable policies and practices
– Respect for Context - Collection and use consistent with context
– Security - Secure and responsible handling
– Access and Accuracy – Ability to access and correct
– Focused Collection - Reasonable limits on collection and retention
– Accountability - Appropriate measures to ensure compliance
• Similarities to the principles adopted by economic organizations in Europe
and Asia as well
Consumer Privacy Bill of Rights
White House Privacy Framework
50. Copyright 2012 Bryan Cave
• Industry codes of conduct
– Voluntary privacy and security “codes of conduct”
– Commerce Department National Telecommunications and Information
Administration (NTIA) to facilitate creation in “select” industries
– Other federal agencies may also convene industry stakeholders
– Industries can also convene stakeholders absent NTIA
• Encourages inclusive and transparent process
• Enforcement authority
– FTC to enforce codes of conduct
– Violation constitutes a deceptive practice under Section 5 of the FTC Act
– Adherence to codes to be looked upon “favorably” in FTC investigations
• No immediate changes, but. . .
Consumer Privacy Bill of Rights
White House Privacy Framework
51. Copyright 2012 Bryan Cave
Legislative Proposals
White House Privacy Framework
• Provide FTC with direct authority to enforce some variant of the Consumer
Privacy Bill of Rights
– Potentially significant increase in FTC enforcement authority
– Misrepresentations or unfair practices would no longer be required
• Provide FTC with rulemaking authority to design a system for review and
approval of codes of conduct
– Review period (180 days)
– Open public comments
– Approve or reject
• Companies encouraged to create and comply with codes of conduct
– Obtain greater clarity concerning the rules to which they will be held
– Safe harbor status for compliance with an approved code
55. Copyright 2012 Bryan Cave
• FTC report on Children’s Mobile App’s and Privacy (Feb. 16, 2012)
– Large number of apps (75%) targeted at children (under 13)
– Apps did not provide good privacy disclosures
– Will conduct additional COPPA compliance reviews over the next 6 months
• FCRA Warning letters (Feb. 2012)
– FTC sent letters to marketers of 6 mobile apps
– Warned that apps may violate Fair Credit Reporting Act (FCRA)
– If apps provide a consumer report, must comply with FCRA requirements
• FTC Dot Com Disclosures Workshop (May 30, 2012)
– New guidance for advertisers on disclosures in the online and mobile
environment
– Focus on advancements and developments since the FTC issued its “Dot Com
Disclosures” guidelines for online advertising disclosure (released in 2000)
– Emphasis on the notion that consumer protection laws apply equally to online
and mobile marketers
Additional Activity
Mobile Applications
57. Copyright 2012 Bryan Cave
• Released September 5, 2012
• Reiterates that the mobile market is not different from the Internet
• General “guidelines” or “principles” for mobile app developers
– Tell the Truth About What Your App Can Do
– Disclose Key Information Clearly and Conspicuously
– Build Privacy Considerations in From the Start
– Offer Choices that are Easy to Find and Easy to Use
– Honor Your Privacy Promises
– Protect Kids’ Privacy
– Collect Sensitive Information Only with Consent
– Keep User Data Secure
• Acknowledges there can be no “one-size-fits-all” approach
• But also states that the laws apply to all companies
FTC Guide To Marketing Mobile Apps
Mobile Applications
58. Copyright 2012 Bryan Cave
• Expect more activity – discussion and enforcement
• Particularly involving mobile apps directed at children
• Review existing mobile applications for legal compliance
Additional Activity
Mobile Applications
65. Copyright 2012 Bryan Cave
• Increasing value means increasing scrutiny
• Enforcement will continue (and may increase)
– Actual security breaches are not required (nor dispositive)
– Focus is on reasonable and appropriate measures
– Companies held to privacy-related promises
– Scope of personal information is growing
• Enforcement actions are influencing and defining industry expectations
(consumer expectations too?)
• Premium on increased transparency into data practices
• Your enforcement issue may not come from the FTC, but from a
potential customer, financing source, or acquirer
Lessons Learned
Conclusion
66. Copyright 2012 Bryan Cave
• Institute procedures to secure sensitive information
• Implement “privacy by design” concepts
• Know your data, particularly sensitive data
• Minimize the data collected
– Collect only as needed
– Hold only as long as needed
• Map data collection, usage, and sharing
• Prepare and adopt a written information security plan (WISP)
– Address known risks
– Prepare for a breach
• Educate employees regarding the WISP
• Manage vendors and contractors
– Contractual provisions covering data transfer
– Compliance monitoring
Best Practices
Conclusion
67. Thank You.Thank You.
Jason Haislmaier
jason.haislmaier@bryancave.com
@haislmaier
http://www.linkedin.com/in/haislmaier