Slides of my presentation at the Medetel conference about how Open Source software, automated testing and agile development strategies can aid in the qualification and validation parts of software development processes.
Ubuntu 13.10 merupakan salah satu versi ubuntu yang dikeluarkan pada 17 Oktober 2013. Saucy Salamander diklaim mampu membawa sejumlah kinerja dan peningkatan kualitas tercepat dan paling visual saat itu. Rilis Ubuntu 13.10 SS ini menyertakan cukup banyak peningkatan di semua jajaran, termasuk sebuah desktop baru, Server dan fitur cloud. Walaupun demikian, tampilan visual desktop Saucy Salamander tidak menunjukkan perbedaan dramatis dibandingkan dengan pendahulunya.
Ubuntu 13.10 merupakan salah satu versi ubuntu yang dikeluarkan pada 17 Oktober 2013. Saucy Salamander diklaim mampu membawa sejumlah kinerja dan peningkatan kualitas tercepat dan paling visual saat itu. Rilis Ubuntu 13.10 SS ini menyertakan cukup banyak peningkatan di semua jajaran, termasuk sebuah desktop baru, Server dan fitur cloud. Walaupun demikian, tampilan visual desktop Saucy Salamander tidak menunjukkan perbedaan dramatis dibandingkan dengan pendahulunya.
A Primer for Your Next Data Science Proof of Concept on the CloudAlton Alexander
Learn how to quickly create a highly scalable solution using AWS. We introduce the benefits and challenges you may face. We discuss scope and establish realistic expectations, budgets, and constraints for these type of projects. Finally we end with a demo for website event tracking and analysis.
Workshop content to support a half day training session on threat modeling, specifically focusing on Hacker Stories / Rapid Threat Modeling / VAST / Misuse or Abuse Cases. This content is focused on orienting someone new to threat modeling, then subsequently how to get started with threat modeling in a devops world.
"Shift Lef Security" What the funk does that mean?
In the agile, lean, DevOps communities people talk about improving security by "shifting left". Patterns and tools are emerging, or re-emerging, that make security less of a pain in the development process while also making applications more secure.
Threat Modeling es el proceso sistemático de identificación, análisis y documentación de riesgos y amenazas sobre un sistema. En esta charla explicaremos cuáles son sus beneficios y cómo aplicarlo tanto en el desarrollo de aplicaciones como en el diseño de sistemas. La sesión es introductoria y abierta a diferentes perfiles.
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...Stratio
On November 6th, we got together at Google Campus to talk about Mesos and DC/OS.
Ignacio Mulas, Sparta & Spark Product Owner at Stratio, explained how to build an environment that can secure and govern its data for operational and analytical applications on top of DC/OS platform. He showed that analytical and machine learning pipelines can be combined with operational processes maintaining the security and providing governing tools to manage our data. He focused on the architecture and tools needed to achieve an ecosystem like this and we will show a demo of it. He also explained how we can develop our pipelines interactively with auto-discovered data catalogs and explore our results.
Find out more: https://www.stratio.com/events/discover-how-to-deploy-a-secure-big-data-pipeline-with-dcos/
HIS 2017 Paul Sherwood- towards trustable software jamieayre
Many of us in the technology industries are challenged to deliver increasingly complex systems at lower cost, under time pressure, while guaranteeing safety and security.
Inevitably this pressure leads to reliance on third-party software, both proprietary and FOSS. But most organisations are so busy with their own engineering that they struggle to track what's happening in their supply chains.
This talk will explore some systemic problems (commercial, practical and philosophical, as well as technical) that responsible organisations and technical leads face when combining multi-party code in environments where the whole target is expected to be safe, secure or both. An evidence-based approach to solutions will be presented, as a framework for 'trustable software engineering'.
Simplifying Security: Protecting Your Clients and Your CompanyDrew Gorton
Do you have the answers to your client's security questions? Do you know what questions you should be asking your clients to assess their security risk? During this session we’ll walk through how to have the “security conversation” with your clients, build a team and a process that gives you the confidence to take on larger and more complex projects which bring in additional revenue. Your reputation as an agency (and your client’s business) rely on a safe and secure site. By knowing the common pitfalls you can help navigate the treacherous waters of web security and lead your team to success and happy clients along the way.
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
Data security is rapidly gaining importance as the volume of data companies collect, analyze and monetize grows exponentially. New data processing tools and platforms are emerging at an increasing rate, as are the ways in which an organization consumes data. In this presentation Mukund Sarma and Feni Chawla talk about the unique technical and cultural challenges of running a data security program and share some practical solutions that have worked well at our company.
These slides were presented at the BSides Seattle 2024 conference.
Keeping your employees knowledge up to date and qualification managementhcderaad
Slides from my second presentation at this years Medetel conference in Luxembourg. I've spoken about how pharma and healthcare regulations (FDA) set requirements on employee competence management and what the different levels of training can be. Second I've looked at open source tooling which helps organizations fulfill these requirements in an open, reusable and interoperable manner.
Open source privacy respecting websites FTW Linux Days 2015 - Drupal and Piwikhcderaad
Slides from my presentation at #LinuxDays 2015 in Prague where I've spoken about why being in control of your platforms' analytics data is important. Not only from a functional but also from a legislative point of view. Especially since the end of Safe Harbour this has become an interesting legal minefield. But there are alternatives like #Piwik which are functionally on par (or even exceed) commercial SaaS offerings.
More Related Content
Similar to Data security, privacy and patient safety in the 21st century
A Primer for Your Next Data Science Proof of Concept on the CloudAlton Alexander
Learn how to quickly create a highly scalable solution using AWS. We introduce the benefits and challenges you may face. We discuss scope and establish realistic expectations, budgets, and constraints for these type of projects. Finally we end with a demo for website event tracking and analysis.
Workshop content to support a half day training session on threat modeling, specifically focusing on Hacker Stories / Rapid Threat Modeling / VAST / Misuse or Abuse Cases. This content is focused on orienting someone new to threat modeling, then subsequently how to get started with threat modeling in a devops world.
"Shift Lef Security" What the funk does that mean?
In the agile, lean, DevOps communities people talk about improving security by "shifting left". Patterns and tools are emerging, or re-emerging, that make security less of a pain in the development process while also making applications more secure.
Threat Modeling es el proceso sistemático de identificación, análisis y documentación de riesgos y amenazas sobre un sistema. En esta charla explicaremos cuáles son sus beneficios y cómo aplicarlo tanto en el desarrollo de aplicaciones como en el diseño de sistemas. La sesión es introductoria y abierta a diferentes perfiles.
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...Stratio
On November 6th, we got together at Google Campus to talk about Mesos and DC/OS.
Ignacio Mulas, Sparta & Spark Product Owner at Stratio, explained how to build an environment that can secure and govern its data for operational and analytical applications on top of DC/OS platform. He showed that analytical and machine learning pipelines can be combined with operational processes maintaining the security and providing governing tools to manage our data. He focused on the architecture and tools needed to achieve an ecosystem like this and we will show a demo of it. He also explained how we can develop our pipelines interactively with auto-discovered data catalogs and explore our results.
Find out more: https://www.stratio.com/events/discover-how-to-deploy-a-secure-big-data-pipeline-with-dcos/
HIS 2017 Paul Sherwood- towards trustable software jamieayre
Many of us in the technology industries are challenged to deliver increasingly complex systems at lower cost, under time pressure, while guaranteeing safety and security.
Inevitably this pressure leads to reliance on third-party software, both proprietary and FOSS. But most organisations are so busy with their own engineering that they struggle to track what's happening in their supply chains.
This talk will explore some systemic problems (commercial, practical and philosophical, as well as technical) that responsible organisations and technical leads face when combining multi-party code in environments where the whole target is expected to be safe, secure or both. An evidence-based approach to solutions will be presented, as a framework for 'trustable software engineering'.
Simplifying Security: Protecting Your Clients and Your CompanyDrew Gorton
Do you have the answers to your client's security questions? Do you know what questions you should be asking your clients to assess their security risk? During this session we’ll walk through how to have the “security conversation” with your clients, build a team and a process that gives you the confidence to take on larger and more complex projects which bring in additional revenue. Your reputation as an agency (and your client’s business) rely on a safe and secure site. By knowing the common pitfalls you can help navigate the treacherous waters of web security and lead your team to success and happy clients along the way.
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
Data security is rapidly gaining importance as the volume of data companies collect, analyze and monetize grows exponentially. New data processing tools and platforms are emerging at an increasing rate, as are the ways in which an organization consumes data. In this presentation Mukund Sarma and Feni Chawla talk about the unique technical and cultural challenges of running a data security program and share some practical solutions that have worked well at our company.
These slides were presented at the BSides Seattle 2024 conference.
Keeping your employees knowledge up to date and qualification managementhcderaad
Slides from my second presentation at this years Medetel conference in Luxembourg. I've spoken about how pharma and healthcare regulations (FDA) set requirements on employee competence management and what the different levels of training can be. Second I've looked at open source tooling which helps organizations fulfill these requirements in an open, reusable and interoperable manner.
Open source privacy respecting websites FTW Linux Days 2015 - Drupal and Piwikhcderaad
Slides from my presentation at #LinuxDays 2015 in Prague where I've spoken about why being in control of your platforms' analytics data is important. Not only from a functional but also from a legislative point of view. Especially since the end of Safe Harbour this has become an interesting legal minefield. But there are alternatives like #Piwik which are functionally on par (or even exceed) commercial SaaS offerings.
Secure and private collaboration - LinuxDays 2015 Kolab and Univentionhcderaad
Slides from my presentation at LinuxDays in October 2015 in Prague about open source, secure and private collaboration and communication with the Kolab Groupware solution and Univention server.
I've outlined 2 options on how to install and deploy Kolab, either through the Univention App image or on a vanilla server installation. Also I'm taking some time to explain why some considerations about backup strategy and high availability should be made before implementing the software.
A presentation delivered at the 11th ODFPlugfest in The Hague NL on the 15th of September 2015.
Topics were online collaborative document editing and how this feature has been under development at Kolab as Manticore.
Pleio is an intergovernmental social network which will be utilizing Manticore for their online document storage and editing capabilities.
DORS/CLUC How to setup Kolab and Seafile as your personal secure data bankhcderaad
Hosting your own servers for groupware and filestorage can be very compelling because of a number of reasons.
But doing it right can be quite a tedious job. This workshop, which was given at the DORS/CLUC conference in Zagreb will guide you through installing the Kolab groupware solution and integrate the Seafile filesyncing application with it, creating your own personal data bank!
DORS/CLUC Open source privacy respecting websites FTWhcderaad
How do the EU privacy regulations affect your website and what can you do with open source tools like Drupal and Piwik to offer your visitors a reliable and regulatory compliant website?
Local Advanced Lung Cancer: Artificial Intelligence, Synergetics, Complex Sys...Oleg Kshivets
Overall life span (LS) was 1671.7±1721.6 days and cumulative 5YS reached 62.4%, 10 years – 50.4%, 20 years – 44.6%. 94 LCP lived more than 5 years without cancer (LS=2958.6±1723.6 days), 22 – more than 10 years (LS=5571±1841.8 days). 67 LCP died because of LC (LS=471.9±344 days). AT significantly improved 5YS (68% vs. 53.7%) (P=0.028 by log-rank test). Cox modeling displayed that 5YS of LCP significantly depended on: N0-N12, T3-4, blood cell circuit, cell ratio factors (ratio between cancer cells-CC and blood cells subpopulations), LC cell dynamics, recalcification time, heparin tolerance, prothrombin index, protein, AT, procedure type (P=0.000-0.031). Neural networks, genetic algorithm selection and bootstrap simulation revealed relationships between 5YS and N0-12 (rank=1), thrombocytes/CC (rank=2), segmented neutrophils/CC (3), eosinophils/CC (4), erythrocytes/CC (5), healthy cells/CC (6), lymphocytes/CC (7), stick neutrophils/CC (8), leucocytes/CC (9), monocytes/CC (10). Correct prediction of 5YS was 100% by neural networks computing (error=0.000; area under ROC curve=1.0).
Title: Sense of Taste
Presenter: Dr. Faiza, Assistant Professor of Physiology
Qualifications:
MBBS (Best Graduate, AIMC Lahore)
FCPS Physiology
ICMT, CHPE, DHPE (STMU)
MPH (GC University, Faisalabad)
MBA (Virtual University of Pakistan)
Learning Objectives:
Describe the structure and function of taste buds.
Describe the relationship between the taste threshold and taste index of common substances.
Explain the chemical basis and signal transduction of taste perception for each type of primary taste sensation.
Recognize different abnormalities of taste perception and their causes.
Key Topics:
Significance of Taste Sensation:
Differentiation between pleasant and harmful food
Influence on behavior
Selection of food based on metabolic needs
Receptors of Taste:
Taste buds on the tongue
Influence of sense of smell, texture of food, and pain stimulation (e.g., by pepper)
Primary and Secondary Taste Sensations:
Primary taste sensations: Sweet, Sour, Salty, Bitter, Umami
Chemical basis and signal transduction mechanisms for each taste
Taste Threshold and Index:
Taste threshold values for Sweet (sucrose), Salty (NaCl), Sour (HCl), and Bitter (Quinine)
Taste index relationship: Inversely proportional to taste threshold
Taste Blindness:
Inability to taste certain substances, particularly thiourea compounds
Example: Phenylthiocarbamide
Structure and Function of Taste Buds:
Composition: Epithelial cells, Sustentacular/Supporting cells, Taste cells, Basal cells
Features: Taste pores, Taste hairs/microvilli, and Taste nerve fibers
Location of Taste Buds:
Found in papillae of the tongue (Fungiform, Circumvallate, Foliate)
Also present on the palate, tonsillar pillars, epiglottis, and proximal esophagus
Mechanism of Taste Stimulation:
Interaction of taste substances with receptors on microvilli
Signal transduction pathways for Umami, Sweet, Bitter, Sour, and Salty tastes
Taste Sensitivity and Adaptation:
Decrease in sensitivity with age
Rapid adaptation of taste sensation
Role of Saliva in Taste:
Dissolution of tastants to reach receptors
Washing away the stimulus
Taste Preferences and Aversions:
Mechanisms behind taste preference and aversion
Influence of receptors and neural pathways
Impact of Sensory Nerve Damage:
Degeneration of taste buds if the sensory nerve fiber is cut
Abnormalities of Taste Detection:
Conditions: Ageusia, Hypogeusia, Dysgeusia (parageusia)
Causes: Nerve damage, neurological disorders, infections, poor oral hygiene, adverse drug effects, deficiencies, aging, tobacco use, altered neurotransmitter levels
Neurotransmitters and Taste Threshold:
Effects of serotonin (5-HT) and norepinephrine (NE) on taste sensitivity
Supertasters:
25% of the population with heightened sensitivity to taste, especially bitterness
Increased number of fungiform papillae
Recomendações da OMS sobre cuidados maternos e neonatais para uma experiência pós-natal positiva.
Em consonância com os ODS – Objetivos do Desenvolvimento Sustentável e a Estratégia Global para a Saúde das Mulheres, Crianças e Adolescentes, e aplicando uma abordagem baseada nos direitos humanos, os esforços de cuidados pós-natais devem expandir-se para além da cobertura e da simples sobrevivência, de modo a incluir cuidados de qualidade.
Estas diretrizes visam melhorar a qualidade dos cuidados pós-natais essenciais e de rotina prestados às mulheres e aos recém-nascidos, com o objetivo final de melhorar a saúde e o bem-estar materno e neonatal.
Uma “experiência pós-natal positiva” é um resultado importante para todas as mulheres que dão à luz e para os seus recém-nascidos, estabelecendo as bases para a melhoria da saúde e do bem-estar a curto e longo prazo. Uma experiência pós-natal positiva é definida como aquela em que as mulheres, pessoas que gestam, os recém-nascidos, os casais, os pais, os cuidadores e as famílias recebem informação consistente, garantia e apoio de profissionais de saúde motivados; e onde um sistema de saúde flexível e com recursos reconheça as necessidades das mulheres e dos bebês e respeite o seu contexto cultural.
Estas diretrizes consolidadas apresentam algumas recomendações novas e já bem fundamentadas sobre cuidados pós-natais de rotina para mulheres e neonatos que recebem cuidados no pós-parto em unidades de saúde ou na comunidade, independentemente dos recursos disponíveis.
É fornecido um conjunto abrangente de recomendações para cuidados durante o período puerperal, com ênfase nos cuidados essenciais que todas as mulheres e recém-nascidos devem receber, e com a devida atenção à qualidade dos cuidados; isto é, a entrega e a experiência do cuidado recebido. Estas diretrizes atualizam e ampliam as recomendações da OMS de 2014 sobre cuidados pós-natais da mãe e do recém-nascido e complementam as atuais diretrizes da OMS sobre a gestão de complicações pós-natais.
O estabelecimento da amamentação e o manejo das principais intercorrências é contemplada.
Recomendamos muito.
Vamos discutir essas recomendações no nosso curso de pós-graduação em Aleitamento no Instituto Ciclos.
Esta publicação só está disponível em inglês até o momento.
Prof. Marcus Renato de Carvalho
www.agostodourado.com
ABDOMINAL TRAUMA in pediatrics part one.drhasanrajab
Abdominal trauma in pediatrics refers to injuries or damage to the abdominal organs in children. It can occur due to various causes such as falls, motor vehicle accidents, sports-related injuries, and physical abuse. Children are more vulnerable to abdominal trauma due to their unique anatomical and physiological characteristics. Signs and symptoms include abdominal pain, tenderness, distension, vomiting, and signs of shock. Diagnosis involves physical examination, imaging studies, and laboratory tests. Management depends on the severity and may involve conservative treatment or surgical intervention. Prevention is crucial in reducing the incidence of abdominal trauma in children.
3. info@hcderaad.nl
www.hcderaad.nl
Security === open source
● Would you run a security testing tool you
wouldn't be able to inspect yourself?
● Security testing is not just for finding
vulnerabilities, it's about solving them
– Without proper insight in the issue, that isn't
possible
5. info@hcderaad.nl
www.hcderaad.nl
From V-model to Agile
● Largescale waterfall types of development are
replaced by iterative development processes
–
From Vto vvvvvvvvv
● These new models introduce opportunities and
challenges
– Release early, release
often
– But how about validation?
6. info@hcderaad.nl
www.hcderaad.nl
Risk based (security) testing
approach
● Secure development?
– Why is this suddenly important and who feels they
have something to say about that?
● Testing and development strategies
– What are TDD and BDD and how do they apply on
security?
7. info@hcderaad.nl
www.hcderaad.nl
Risk based (security) testing
approach
● Testing tools
– What tools are available, what do they do and
how/when to use them?
● Integrating testing tools in development
processes / CI
– How to integrate these tools
into the daily working
environment?
8. info@hcderaad.nl
www.hcderaad.nl
Secure development (frameworks
and standards)
● Quite a lot of separate initiatives, guidelines
and standards are available.
– ISO 27001 / 27002, OWASP, CIP SSD, OSSTMM,
ENISA procurement guidelines, etc, etc.
● Applicability depends on business domain and
level of security required.
– What kind of information is
processed by an application
/ process?
9. info@hcderaad.nl
www.hcderaad.nl
Secure development (frameworks
and standards)
● It is becoming more mainstream to require
security certifications/quality assurances in
procurement processes.
– Both in government and
enterprise.
– Cyber liability insurances
often require them as well
10. info@hcderaad.nl
www.hcderaad.nl
OSSTMM
● Open Source Security Testing Methodology Manual
– A guideline for conducting security analysis for operational
security.
– Aims to provide a scientifically sound and reproducable
method for security testing.
– Aims for “perfect security”, that is both cost effective and
sufficient risk coverage with regards to the value of the
information in the system/the role of the system.
– Based on securing the interactions of objects with their
surrounding environment (relationships).
● By itself objects (systems/buildings/etc) can be “black boxes”.
11. info@hcderaad.nl
www.hcderaad.nl
Testing and development strategies
● Test Driven Development: Definition:
– Test-driven development (TDD) is a software
development process that relies on the repetition of
a very short development cycle: first the developer
writes an (initially failing) automated test case that
defines a desired improvement or new function,
then produces the minimum amount of code to
pass that test, and finally refactors the new code to
acceptable standards.
13. info@hcderaad.nl
www.hcderaad.nl
Behavior Driven Development
● Evolution of TDD, focussed on application
workflows/functionality rather than
programming code/objects.
● Test cases are written in human readable
language (Gherkin)
– As a [User], When I [activate function], Then
[Result]
– Close relation to agile user stories.
18. info@hcderaad.nl
www.hcderaad.nl
Benefits
● By employing these strategies in your development cycle
you can prevent regressions
● Test a very broad spectrum of input options without
manually having to resort to slave-labour
● In general, everything that you can repeatedly and reliably
test is a good thing.
● But, be aware of pitfalls:
– False sense of security when coverage is incomplete
– Always have a second opinion on the test cases
● Don't “mark your own paper” (or in Dutch the “WC-eend” syndrome)
19. info@hcderaad.nl
www.hcderaad.nl
Continuous integration
● Release early, release often means integrate
often
● Source code management, branching strategies
– Feature development branches, integrate as soon as
possible.
● On integration (merging), perform tests
– Optimal regression prevention. Security issues often
originate from regression issues.
21. info@hcderaad.nl
www.hcderaad.nl
Embed into validation processes
● GAMP (and ISO 17025, etc) require strict (re)validation
of software systems
– IQ, OQ, PQ
– User acceptance testing, etc
● By embedding automated testing into the development
cycle, more focus can go to actual user process testing
– Regression testing can be performed through automated
testing
– Automated testing can be performed on each change