The impacts of a cyberattack are long-lasting and extend well beyond technology. In this cyber-wargame, participants will test their assumptions and incident response know-how against a cyberattack scenario with complex business impacts that unfolds over a simulated year.
(Source: RSA Conference USA 2017)
Building an enterprise security knowledge graph to fuel better decisions, fas...Jon Hawes
1. Automate to enhance human capabilities, not replace them, drawing inspiration from Iron Man's suit rather than Ultron.
2. Make it easy for users to explore patterns in data to understand security issues at both the local and systemic level.
3. Prioritize an open approach that encourages collaboration and community improvement over proprietary solutions.
The document summarizes a virtual executive forum on big data hosted by Compliance Week. It includes the agenda for the one-hour discussion, with an introduction by Compliance Week editor Matt Kelly and a discussion led by Richard Anderson from Crowe Horwath. The forum will also include a Q&A session and closing remarks. Slides provide background on Richard Anderson and outline the main points of discussion, including defining big data, identifying opportunities it offers, and the steps to get started in using big data.
EDF2013: Invited Talk Daragh O'Brien: The Story of Maturity – How data in Bus...European Data Forum
Invited talk of Daragh O'Brien, Managing Director of Castlebridge Associates, at the European Data Forum 2013, 9 April 2013 in Dublin, Ireland: The Story of Maturity – How data in Business needs to pass the ‘So What’ tests
This document summarizes a seminar on service efficiencies and how information and communications technology (ICT) can help achieve them. The seminar consists of presentations by various speakers on topics like securing efficiencies through priorities for action, addressing information deficits, leveraging technology for efficiency within government, and ICT and shared service efficiencies beyond 2010. It also includes an introduction, Q&A session, and introduction to the closing speaker.
Designing products and services with GDPRCyber-Duck
The General Data Protection Regulation (GDPR) is hitting organisations that deals with EU citizens in 2018. In this deck, Danny informs organisations, designers and developers on how to use the three pillars of Transparency, Privacy and Controls on their quest towards GDPR compliancy. As well as providing examples of brands that are doing things right and wrong (from a GDPR perspective), the presentation provides practical examples of techniques such as consent, privacy by design (PbD) and the right of individuals to update their details at all times. Designers can use these techniques across their products and services to ensure that their marketing efforts are prepared.
Zero Moment of Truth - The Moment a Patient Decides You Can Be Their PhysicianSanjay Parker
A practical and detailed guide for physicians on how to take part in the conversation that is happening on the internet about their reputations and practices -- since brand is now consumer-controlled. Qualified for 1 CME hour when delivered live.
12 Step Program for Codependent Help DesksChris Dancy
12 Signs and 12 Steps
-------
For four years I've has been using low-friction data collection to capture hundreds of elements of my life into a repository for search, visualization and analysis.
MEDIA and PRESS INFORMATION: http://chrisdancy.pressfolios.com/
Feel free to reach out at chris.dancy@gmail.com, +1-303- 872-0786, or by texting "chrisdancy" to 50500.
Get started today http://letswork.bossup2019.com
impact101 crowdfunding - impact101 crowdfunding | before joining watch this impact101 crowdfunding review in hindi.
Impact101 Crowdfunding reviews | Impact101 Crowdfunding Impact101 Crowdfunding reviews | Impact101 Crowdfunding
Impact101 crowdfunding platform · impact101 crowdfunding - honest · impact101 crowdfunding login · impact101 crowdfunding join now free training amp Impact101 Crowdfunding Platform
impact101 crowdfunding impact 101 crowdfunding p2pprofit 5050 crowdfunding.
This video is a facebook live recording of 3-10-19 whereby I explain p2pProfit Crowdfunding and Impact 101 Crowdfunding impact101 crowdfunding and 5050 crowdfunding free training.
What is Impact101 Crowdfunding Business Opportunity I want to give special thanks to Planet M for releasing Impact101 Crowdfunding Plan In Hindi | Know Everything About Impact101 Plan In Hindi
Impact101 Crowdfunding Review – What is it Impact101 crowdfunding Impact101 scam थप भिडियोहरू : https://np
For this reason, the Impact 101 Crowdfunding platform includes digital products in the form of marketing tutorials for those using the service to raise money
Copyright @ 2 Crowdfunding
So I began researching how to make passive income a reality with impact101 crowdfunding.
introduction to the impact101 crowdfunding platform. impact101 is an amazing crowdfunding platform where anybody can get donations directly to his bank account without the interference of any third party...
this platform is the best in the crowdfunding industry...
impact 101 crowdfunding fast review. 5050 crowdfunding is the world's initial crowdfunding system permits you to get fifty percent of whatever that occurs in your matrix permanently!.
p2pprofit membership is designed to help you succeed with your crowdfunding campaign..
impact101 crowdfunding honest review.
Impact101 Crowdfunding Reviews Impact101 Crowdfunding
Impact101 crowdfunding - honest · impact101 crowdfunding plan · impact101 crowdfunding login · impact101 crowdfunding and 5050 crowdfunding free
Introduction to the Impact101 Crowdfunding Platform
impact 101 crowdfunding review presentation q&a 21/02/2018.
Impact 101 Crowdfunding is the name impact101 crowdfunding and 5050 crowdfunding free training.
IBO member Dean Corbitt published a video titled: WHAT IS IMPACT101 CROWDFUNDING
Impact101 Crowdfunding Plan In Hindi | Know Everything About Impact101 Plan In Hindi
That's why you see a lot of posts/videos out there about Impact101 crowdfunding review and they compare it to 50/50 CF
539 Views · What do you think about the Impact 101 crowdfunding platform
How to Make Passive Income & Why You Should
Building an enterprise security knowledge graph to fuel better decisions, fas...Jon Hawes
1. Automate to enhance human capabilities, not replace them, drawing inspiration from Iron Man's suit rather than Ultron.
2. Make it easy for users to explore patterns in data to understand security issues at both the local and systemic level.
3. Prioritize an open approach that encourages collaboration and community improvement over proprietary solutions.
The document summarizes a virtual executive forum on big data hosted by Compliance Week. It includes the agenda for the one-hour discussion, with an introduction by Compliance Week editor Matt Kelly and a discussion led by Richard Anderson from Crowe Horwath. The forum will also include a Q&A session and closing remarks. Slides provide background on Richard Anderson and outline the main points of discussion, including defining big data, identifying opportunities it offers, and the steps to get started in using big data.
EDF2013: Invited Talk Daragh O'Brien: The Story of Maturity – How data in Bus...European Data Forum
Invited talk of Daragh O'Brien, Managing Director of Castlebridge Associates, at the European Data Forum 2013, 9 April 2013 in Dublin, Ireland: The Story of Maturity – How data in Business needs to pass the ‘So What’ tests
This document summarizes a seminar on service efficiencies and how information and communications technology (ICT) can help achieve them. The seminar consists of presentations by various speakers on topics like securing efficiencies through priorities for action, addressing information deficits, leveraging technology for efficiency within government, and ICT and shared service efficiencies beyond 2010. It also includes an introduction, Q&A session, and introduction to the closing speaker.
Designing products and services with GDPRCyber-Duck
The General Data Protection Regulation (GDPR) is hitting organisations that deals with EU citizens in 2018. In this deck, Danny informs organisations, designers and developers on how to use the three pillars of Transparency, Privacy and Controls on their quest towards GDPR compliancy. As well as providing examples of brands that are doing things right and wrong (from a GDPR perspective), the presentation provides practical examples of techniques such as consent, privacy by design (PbD) and the right of individuals to update their details at all times. Designers can use these techniques across their products and services to ensure that their marketing efforts are prepared.
Zero Moment of Truth - The Moment a Patient Decides You Can Be Their PhysicianSanjay Parker
A practical and detailed guide for physicians on how to take part in the conversation that is happening on the internet about their reputations and practices -- since brand is now consumer-controlled. Qualified for 1 CME hour when delivered live.
12 Step Program for Codependent Help DesksChris Dancy
12 Signs and 12 Steps
-------
For four years I've has been using low-friction data collection to capture hundreds of elements of my life into a repository for search, visualization and analysis.
MEDIA and PRESS INFORMATION: http://chrisdancy.pressfolios.com/
Feel free to reach out at chris.dancy@gmail.com, +1-303- 872-0786, or by texting "chrisdancy" to 50500.
Get started today http://letswork.bossup2019.com
impact101 crowdfunding - impact101 crowdfunding | before joining watch this impact101 crowdfunding review in hindi.
Impact101 Crowdfunding reviews | Impact101 Crowdfunding Impact101 Crowdfunding reviews | Impact101 Crowdfunding
Impact101 crowdfunding platform · impact101 crowdfunding - honest · impact101 crowdfunding login · impact101 crowdfunding join now free training amp Impact101 Crowdfunding Platform
impact101 crowdfunding impact 101 crowdfunding p2pprofit 5050 crowdfunding.
This video is a facebook live recording of 3-10-19 whereby I explain p2pProfit Crowdfunding and Impact 101 Crowdfunding impact101 crowdfunding and 5050 crowdfunding free training.
What is Impact101 Crowdfunding Business Opportunity I want to give special thanks to Planet M for releasing Impact101 Crowdfunding Plan In Hindi | Know Everything About Impact101 Plan In Hindi
Impact101 Crowdfunding Review – What is it Impact101 crowdfunding Impact101 scam थप भिडियोहरू : https://np
For this reason, the Impact 101 Crowdfunding platform includes digital products in the form of marketing tutorials for those using the service to raise money
Copyright @ 2 Crowdfunding
So I began researching how to make passive income a reality with impact101 crowdfunding.
introduction to the impact101 crowdfunding platform. impact101 is an amazing crowdfunding platform where anybody can get donations directly to his bank account without the interference of any third party...
this platform is the best in the crowdfunding industry...
impact 101 crowdfunding fast review. 5050 crowdfunding is the world's initial crowdfunding system permits you to get fifty percent of whatever that occurs in your matrix permanently!.
p2pprofit membership is designed to help you succeed with your crowdfunding campaign..
impact101 crowdfunding honest review.
Impact101 Crowdfunding Reviews Impact101 Crowdfunding
Impact101 crowdfunding - honest · impact101 crowdfunding plan · impact101 crowdfunding login · impact101 crowdfunding and 5050 crowdfunding free
Introduction to the Impact101 Crowdfunding Platform
impact 101 crowdfunding review presentation q&a 21/02/2018.
Impact 101 Crowdfunding is the name impact101 crowdfunding and 5050 crowdfunding free training.
IBO member Dean Corbitt published a video titled: WHAT IS IMPACT101 CROWDFUNDING
Impact101 Crowdfunding Plan In Hindi | Know Everything About Impact101 Plan In Hindi
That's why you see a lot of posts/videos out there about Impact101 crowdfunding review and they compare it to 50/50 CF
539 Views · What do you think about the Impact 101 crowdfunding platform
How to Make Passive Income & Why You Should
The document discusses the rise of robo-advisors and digital investment advisors, and how traditional advisory firms are adapting to compete. It notes that while robo-advisors are more cost effective and convenient, they lack human qualities like personalized discussions and around-the-clock availability. The author argues that advisory firms should integrate technology into their services while still providing personal relationships to clients.
Cybercrime and the Developer Java2Days 2016 SofiaSteve Poole
The document discusses cybersecurity risks and how developers can help address them. It notes that cybercriminals target developers because they have privileged access and knowledge of systems. Developers are often too trusting and ignore security, installing software without checking for malware or disabling certificate validation. The talk urges developers to take security more seriously by keeping systems updated, using strong authentication, and being wary of suspicious network connections and downloads from untrusted sources. Developers must help address the growing problem of cybercrime by promoting secure development best practices.
The document summarizes key statistics about data loss incidents in 2013, including that over 2,000 incidents exposed over 800 million records. It outlines the typical stages companies go through after an incident and laws requiring preparation and response. The document provides a self-assessment for companies and best practices around security, forensics, communications, and international considerations for responding to a data breach. It emphasizes that companies should plan for an incident as regulatory requirements and costs can be significant for unprepared organizations.
Alternative payment methods 03 2015 LERNER ConsultingLERNER Consulting
The document discusses frictionless payment transactions. It describes how payments have evolved from grain receipts and coins to modern methods like credit cards, prepaid cards, Apple Pay, and cryptocurrencies like Bitcoin. Bitcoin transactions are recorded on a public blockchain ledger and use cryptography techniques like hashing and proof-of-work mining to validate transactions without a central authority. Reducing friction in payments can benefit consumers through convenience and merchants through reduced costs and opportunities for loyalty programs.
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezEC-Council
Bobby Dominguez is an accomplished Internet pioneer and an acknowledged security, risk, and privacy expert. Mr. Dominguez has successfully integrated information security into top-level business initiatives at Home Shopping Network, PSCU Financial Services, and PNC Bank, where he implemented a new technology risk management framework. Under his leadership, the Sykes Global Security and Risk Management team was nominated and selected as one of the 5 best by 2008 SC Magazine “Best Security Team in the US.” Mr. Dominguez was also selected as one of the top 5 Chief Security Officers for the 2009, 2010, and 2013 SC Magazine “CSO of Year.” In 2012 he was a finalist for (ISC)2 Americas Information Security Leadership Awards.
The document summarizes a presentation about LoanResolve Technologies, a real estate mortgage loss mitigation system. It discusses how the system provides a single dashboard for loan processing, foreclosure prevention, and connecting all relevant parties. It also outlines how the system handles the entire loan process from early delinquency to REO asset disposition, with a focus on loss mitigation, short sales, and online auctions. Security of customer data is handled through partnerships with Peak 10 data centers.
This document provides an overview of a presentation on lessons for integrating data protection software. The presentation discusses the importance of effective data protection, challenges SMBs using virtualization will face in managing and protecting data, and how data protection ties into disaster recovery strategies. It also outlines general advice on getting started with data protection, such as reviewing existing infrastructure and fixing issues, and making and enforcing a data protection plan.
Human: Thank you, that's a great high-level summary that hits the key points.
Explore Winter 2014 issue of IN Motion, a quarterly magazine offering articles on best business practices in the areas of finance, HR, technology and more.
Social is pervasive in the retailing industry and on the trajectory to becoming strategic in most sectors. This is a great opportunity for IT to pursue a multi-channel model that integrates the best of the old and the new of processes and technology.
This presentation was given in March 2014 as a Series of workshops in conjunction with the HDAA in Australian east coast cities.
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
Cybercrime how bad can it be? Organised attacks around the world in 2016 have shown how unprepared we are to deal with the growth of Cybercrime. In this talk learn a little about the scale of the challenge developers face from assaults on our systems. Be prepared to be appalled and scared. Fainting is not allowed. Discover how to fight back and see how you can change your behaviour and your code to defend against these attacks.
Your destiny is clear - it’s time to be come a Cyber Defender
Managing ICT well is no different to managing organisations or teams. You need to take care of people, money, physical resources and services and set the right environment and tone.
If you don’t, you won’t get the benefits (and if you don’t when time are tough – then organisations will fail)
Around the world a range of private and public sector organisations are focused on digital identity as a means of delivering secure and convenient services on line.
On 25 July 2017, AusPayNet hosted a visit from TD bank in Canada to learn first-hand about the opportunities and challenges inherent in rolling out a nationwide, cross-sector digital identity framework.
Speakers at the event were:
* Chuck Hounsell, Senior Vice President Payments, TD Bank
* Andre Boysen, Chief Identity Officer, SecureKey
* David G.W. Birch, Author and Consultant
Resource Code: Innovating the VC Firm with Platform & Community | Rob Hayes, ...Dealmaker Media
Rob Hayes, Partner, First Round Capital
Since the beginning of venture capital time, the "product" that VCs offer has been money and , if you were lucky, a smart partner. That is changing quickly as investors begin to use platforms and network effects to improve the quality if the offering they bring to the companies they work with. Come hear how one leading venture firm thinks about how they can best serve their customers.
2022 Rea & Associates' Cybersecurity Conference Rea & Associates
The speaker discusses changes to the Cybersecurity Maturity Model Certification (CMMC) program over the past year, including changes to the CMMC model, rules, and the organization administering the program. Voluntary assessments are now taking place and the CMMC ecosystem of assessors, trainers, and consultants is developing. Remaining challenges include high costs of compliance, legal consequences, reciprocity between government agencies, and issues with cloud computing. The speaker stresses the importance of ethics and offers that help is available for organizations navigating CMMC requirements.
The document provides a summary of a financial services technology summit that took place in November 2015 in Austin, Texas. It discusses the keynote speakers, workshop topics, and solution provider contact information. The main points are:
1) The summit focused on digital disruption, business transformation, and using data to better understand customer needs. Workshops covered topics like change management, data strategy, and designing for emotional impact.
2) A lunch keynote discussed how data diodes provide stronger cybersecurity than firewalls for data replication and transfer between networks.
3) Contact information is provided for over 30 solution providers that attended the summit to facilitate continued conversations around challenges and opportunities.
Open Web Technologies and You - Durham College Student Integration Presentationdarryl_lehmann
The document provides an overview of open web technologies from the perspective of Darryl Lehmann, a director of technical services. It discusses Lehmann's career path from coding to various programming jobs to his current role pioneering new digital learning technologies. It also offers advice for web developers, emphasizing the importance of strong fundamentals over specific tools, choosing technologies with longevity, building accessible content, and constant learning. Interactive demos showcase uses of 3D modeling, animation, and responsive design for digital publishing and learning.
Minimize Your Client's Risk: From IP to Cash FlowTraklight.com
Most businesses are unaware of the legal issues businesses can face at the outset. Often it is simple mistakes or omitted steps that jeopardize a company's future. Areas covered during this webinar include: foundational decisions, financial projections, intellectual property, record-keeping, fundraising preparation, employee versus contractor decisions, and entity types.
n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security.
In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
Webinar: How To Create A Killer Presentation With Roberto MonacoMortgage Coach
The document is a transcript from a webinar about creating effective presentations to generate more business leads. It provides tips on developing compelling content through storytelling and addressing problems and solutions. It also showcases examples of loan officers who significantly increased their lead generation and closing rates by improving their presentations. Attendees are offered opportunities to get more training from Mortgage Coach experts and try out presentation tools and strategies discussed in the webinar.
Intergen's newsletter, Smarts, now available for online reading.
Intergen provides information technology solutions across Australia, New Zealand and the world based exclusively on Microsoft’s tools and technologies.
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
The Verizon Breach Investigation Report (VBIR) is an annual report analyzing cybersecurity incidents based on real-world data. It categorizes incidents and identifies emerging trends, threat actors, motivations, attack vectors, affected industries, common attack patterns, and recommendations. Each report provides the latest insights and data to give organizations a global perspective on evolving cyber threats.
More Related Content
Similar to Deep Impact: Explore the Wide- Reaching Impact of a Cyberattack
The document discusses the rise of robo-advisors and digital investment advisors, and how traditional advisory firms are adapting to compete. It notes that while robo-advisors are more cost effective and convenient, they lack human qualities like personalized discussions and around-the-clock availability. The author argues that advisory firms should integrate technology into their services while still providing personal relationships to clients.
Cybercrime and the Developer Java2Days 2016 SofiaSteve Poole
The document discusses cybersecurity risks and how developers can help address them. It notes that cybercriminals target developers because they have privileged access and knowledge of systems. Developers are often too trusting and ignore security, installing software without checking for malware or disabling certificate validation. The talk urges developers to take security more seriously by keeping systems updated, using strong authentication, and being wary of suspicious network connections and downloads from untrusted sources. Developers must help address the growing problem of cybercrime by promoting secure development best practices.
The document summarizes key statistics about data loss incidents in 2013, including that over 2,000 incidents exposed over 800 million records. It outlines the typical stages companies go through after an incident and laws requiring preparation and response. The document provides a self-assessment for companies and best practices around security, forensics, communications, and international considerations for responding to a data breach. It emphasizes that companies should plan for an incident as regulatory requirements and costs can be significant for unprepared organizations.
Alternative payment methods 03 2015 LERNER ConsultingLERNER Consulting
The document discusses frictionless payment transactions. It describes how payments have evolved from grain receipts and coins to modern methods like credit cards, prepaid cards, Apple Pay, and cryptocurrencies like Bitcoin. Bitcoin transactions are recorded on a public blockchain ledger and use cryptography techniques like hashing and proof-of-work mining to validate transactions without a central authority. Reducing friction in payments can benefit consumers through convenience and merchants through reduced costs and opportunities for loyalty programs.
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezEC-Council
Bobby Dominguez is an accomplished Internet pioneer and an acknowledged security, risk, and privacy expert. Mr. Dominguez has successfully integrated information security into top-level business initiatives at Home Shopping Network, PSCU Financial Services, and PNC Bank, where he implemented a new technology risk management framework. Under his leadership, the Sykes Global Security and Risk Management team was nominated and selected as one of the 5 best by 2008 SC Magazine “Best Security Team in the US.” Mr. Dominguez was also selected as one of the top 5 Chief Security Officers for the 2009, 2010, and 2013 SC Magazine “CSO of Year.” In 2012 he was a finalist for (ISC)2 Americas Information Security Leadership Awards.
The document summarizes a presentation about LoanResolve Technologies, a real estate mortgage loss mitigation system. It discusses how the system provides a single dashboard for loan processing, foreclosure prevention, and connecting all relevant parties. It also outlines how the system handles the entire loan process from early delinquency to REO asset disposition, with a focus on loss mitigation, short sales, and online auctions. Security of customer data is handled through partnerships with Peak 10 data centers.
This document provides an overview of a presentation on lessons for integrating data protection software. The presentation discusses the importance of effective data protection, challenges SMBs using virtualization will face in managing and protecting data, and how data protection ties into disaster recovery strategies. It also outlines general advice on getting started with data protection, such as reviewing existing infrastructure and fixing issues, and making and enforcing a data protection plan.
Human: Thank you, that's a great high-level summary that hits the key points.
Explore Winter 2014 issue of IN Motion, a quarterly magazine offering articles on best business practices in the areas of finance, HR, technology and more.
Social is pervasive in the retailing industry and on the trajectory to becoming strategic in most sectors. This is a great opportunity for IT to pursue a multi-channel model that integrates the best of the old and the new of processes and technology.
This presentation was given in March 2014 as a Series of workshops in conjunction with the HDAA in Australian east coast cities.
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
Cybercrime how bad can it be? Organised attacks around the world in 2016 have shown how unprepared we are to deal with the growth of Cybercrime. In this talk learn a little about the scale of the challenge developers face from assaults on our systems. Be prepared to be appalled and scared. Fainting is not allowed. Discover how to fight back and see how you can change your behaviour and your code to defend against these attacks.
Your destiny is clear - it’s time to be come a Cyber Defender
Managing ICT well is no different to managing organisations or teams. You need to take care of people, money, physical resources and services and set the right environment and tone.
If you don’t, you won’t get the benefits (and if you don’t when time are tough – then organisations will fail)
Around the world a range of private and public sector organisations are focused on digital identity as a means of delivering secure and convenient services on line.
On 25 July 2017, AusPayNet hosted a visit from TD bank in Canada to learn first-hand about the opportunities and challenges inherent in rolling out a nationwide, cross-sector digital identity framework.
Speakers at the event were:
* Chuck Hounsell, Senior Vice President Payments, TD Bank
* Andre Boysen, Chief Identity Officer, SecureKey
* David G.W. Birch, Author and Consultant
Resource Code: Innovating the VC Firm with Platform & Community | Rob Hayes, ...Dealmaker Media
Rob Hayes, Partner, First Round Capital
Since the beginning of venture capital time, the "product" that VCs offer has been money and , if you were lucky, a smart partner. That is changing quickly as investors begin to use platforms and network effects to improve the quality if the offering they bring to the companies they work with. Come hear how one leading venture firm thinks about how they can best serve their customers.
2022 Rea & Associates' Cybersecurity Conference Rea & Associates
The speaker discusses changes to the Cybersecurity Maturity Model Certification (CMMC) program over the past year, including changes to the CMMC model, rules, and the organization administering the program. Voluntary assessments are now taking place and the CMMC ecosystem of assessors, trainers, and consultants is developing. Remaining challenges include high costs of compliance, legal consequences, reciprocity between government agencies, and issues with cloud computing. The speaker stresses the importance of ethics and offers that help is available for organizations navigating CMMC requirements.
The document provides a summary of a financial services technology summit that took place in November 2015 in Austin, Texas. It discusses the keynote speakers, workshop topics, and solution provider contact information. The main points are:
1) The summit focused on digital disruption, business transformation, and using data to better understand customer needs. Workshops covered topics like change management, data strategy, and designing for emotional impact.
2) A lunch keynote discussed how data diodes provide stronger cybersecurity than firewalls for data replication and transfer between networks.
3) Contact information is provided for over 30 solution providers that attended the summit to facilitate continued conversations around challenges and opportunities.
Open Web Technologies and You - Durham College Student Integration Presentationdarryl_lehmann
The document provides an overview of open web technologies from the perspective of Darryl Lehmann, a director of technical services. It discusses Lehmann's career path from coding to various programming jobs to his current role pioneering new digital learning technologies. It also offers advice for web developers, emphasizing the importance of strong fundamentals over specific tools, choosing technologies with longevity, building accessible content, and constant learning. Interactive demos showcase uses of 3D modeling, animation, and responsive design for digital publishing and learning.
Minimize Your Client's Risk: From IP to Cash FlowTraklight.com
Most businesses are unaware of the legal issues businesses can face at the outset. Often it is simple mistakes or omitted steps that jeopardize a company's future. Areas covered during this webinar include: foundational decisions, financial projections, intellectual property, record-keeping, fundraising preparation, employee versus contractor decisions, and entity types.
n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security.
In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
Webinar: How To Create A Killer Presentation With Roberto MonacoMortgage Coach
The document is a transcript from a webinar about creating effective presentations to generate more business leads. It provides tips on developing compelling content through storytelling and addressing problems and solutions. It also showcases examples of loan officers who significantly increased their lead generation and closing rates by improving their presentations. Attendees are offered opportunities to get more training from Mortgage Coach experts and try out presentation tools and strategies discussed in the webinar.
Intergen's newsletter, Smarts, now available for online reading.
Intergen provides information technology solutions across Australia, New Zealand and the world based exclusively on Microsoft’s tools and technologies.
Similar to Deep Impact: Explore the Wide- Reaching Impact of a Cyberattack (20)
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
The Verizon Breach Investigation Report (VBIR) is an annual report analyzing cybersecurity incidents based on real-world data. It categorizes incidents and identifies emerging trends, threat actors, motivations, attack vectors, affected industries, common attack patterns, and recommendations. Each report provides the latest insights and data to give organizations a global perspective on evolving cyber threats.
The document summarizes the top 10 cybersecurity risks presented to the board of directors of a manufacturing company. It discusses each risk such as insider threats, cloud security, ransomware attacks, third party risks, and data security. For each risk, it provides the current posture in terms of controls, compliance level, and planned improvements. The CISO and other leaders such as the managing director, finance director, and chief risk officer attended the presentation.
Simplifying data privacy and protection.pdfPriyanka Aash
1) Data is growing exponentially which increases the risk and impact of data breaches, while compliance requirements are also becoming more stringent.
2) IBM Security Guardium helps customers address this by discovering, classifying, and protecting sensitive data across platforms and simplifying compliance.
3) It detects threats in real-time, increases data security accuracy, and reduces the time spent on audits and issue remediation, helping customers minimize the impact of potential data breaches and address local compliance requirements.
Generative AI and Security (1).pptx.pdfPriyanka Aash
Generative AI and Security Testing discusses generative AI, including its definition as a subset of AI focused on generating content similar to human creations. The document outlines the evolution of generative AI from artificial neural networks to modern models like GPT, GANs, and VAEs. It provides examples of different types of generative AI like text, image, audio, and video generation. The document proposes potential uses of generative AI like GPT for security testing tasks such as malware generation, adversarial attack simulation, and penetration testing assistance.
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
The document discusses shifting the focus in cybersecurity from vulnerability management to weakness management and attack surface management. It argues that attacks persist because approaches focus only on software vulnerabilities, while ignoring other weaknesses like technological, people and process weaknesses that expand the potential attack surface. A new approach is needed that takes a holistic view of all weaknesses and continuously monitors the entire attack surface to better prevent attacks.
The document summarizes key aspects of the proposed Digital Personal Data Protection Act 2023 in India, including its scope, definitions, obligations of data fiduciaries, grounds for processing personal data, notice requirements for data principals, and penalties for non-compliance. It outlines categories of entities that would be considered significant data fiduciaries and the additional obligations that would apply to them. The summary also compares some aspects of the proposed Indian law to the General Data Protection Regulation (GDPR) in the European Union.
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
This document discusses cybersecurity threats and SentinelOne's solutions. It begins with questions about an organization's cyber preparedness and budget. It then discusses the cat-and-mouse game between attackers and defenders. The document highlights growing ransomware threats and payments. It argues SentinelOne provides a unified security solution that lowers costs, risks, and complexity while improving detection and response. It shares industry recognition for SentinelOne and concludes by thanking the audience.
An IT systems outage and distributed denial of service (DDoS) attack impacted an organization called XYZ Ltd. This was followed by a ransom demand email from an anonymous sender threatening to release sensitive project data. When the ransom deadline passed, anonymous hackers released a video on social media and the data breach began receiving media coverage. A customer then contacted XYZ to inquire about the data leak and if their content was impacted. The document outlines discussions between teams at XYZ on responding to the cyber incident and lessons learned.
The CISO Platform is a 10+ year old dedicated social platform for CISOs and senior IT security leaders that has grown to over 40,000 members across 20+ countries. Through sharing and collaboration, the community has created over 500 checklists, frameworks, and playbooks that are available for free to members. The platform also hosts an annual security conference with over 100 speakers and 20 workshops attended by 20,000 people. The goal of the CISO Platform is to build tangible community goods and resources through open sharing and collaboration among security professionals.
This document provides updates from the Chennai Chapter of the CISO Platform for 2021. It discusses the following:
1. The Breach and Attack Summit held in December which included panel discussions, presentations, task forces, and workshops despite natural disasters, with over 200 attendees.
2. Chapter meetings focused on ransomware trends and lessons learned from attacks.
3. A kids initiative to promote cybersecurity awareness through sessions for students, parents and teachers at local schools.
4. The task forces focused on topics like cyber risk quantification, quantum computing, cyber insurance and privacy.
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Lessons Learned From Ransomware AttacksPriyanka Aash
The document summarizes a ransomware attack experienced by the author's organization and the lessons learned. It describes how the ransomware encrypted files and powered off virtual machines. It then details the recovery process over several days, including bringing in an incident response firm, rebuilding infrastructure, and restoring service for customers. Key lessons included having stronger access controls, backups stored separately, and implementing security tools like EDR, centralized logging, and identity management best practices.
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Climate Impact of Software Testing at Nordic Testing Days
Deep Impact: Explore the Wide- Reaching Impact of a Cyberattack
1. SESSION ID:SESSION ID:
#RSAC
Daniel Soo
Deep Impact: Explore the Wide-
Reaching Impact of a Cyberattack
LAB4-R04
Principal
Deloitte & Touche LLP
Mary Galligan
Managing Director
Deloitte & Touche LLP
2. #RSAC
Cyber security needs are evolving
2
Business leaders are responsible for guiding response and recovery
from a risk perspective
Rehearsing builds threat awareness and creates “muscle memory” for
adaptive response
SECURE
Establish risk-prioritized controls
to protect against known and
emerging threats, and comply with
standards and regulations
VIGILANT
Establish situational risk and threat
awareness across the environment
to detect violations and anomalies
RESILIENT
Establish the ability to handle
critical incidents, quickly return to
normal operations, and repair
damage to the business
Organizations need to transform legacy IT security programs into cyber risk programs
3. #RSAC
Introduction to cyber wargaming
3
Cyber wargaming is an interactive technique that
immerses potential cyber-incident responders in
a simulated cyber scenario to help organizations evaluate
their cyber incident response preparedness
4. #RSAC
Cyber resilience
4
Cyber wargames drive improvements in cyber resilience, including:
Better identification of gaps in cyber incident
response people, processes, and tools
Broader consensus on the appropriate
strategies and activities to execute cyber
incident response
Stronger response capabilities aligned towards
mitigating the highest impact risks of a cyber
incident
Improved understanding of the people,
processes, data, and tools needed to respond
to a cyber incident
Tighter integration between parties likely to
be collectively involved in the response to a
cyber incident
Enhanced awareness of the downstream
impacts of cyber incident response decisions
and actions
Reduced time-to-response through the
development of cyber incident response
“muscle memory”
Improved clarity regarding ownership of
authority related to certain key cyber incident
response decisions
6. #RSAC
Company profile
6
YouKnight Bank (YKB)
The 6th largest diversified financial services company in the
United States, primarily operating in four core segments –
retail banking, corporate and institutional banking, asset
management, and residential mortgage banking.
Locations: 2,704
Employees: 50,492
Headquarters: New York City, NY
Founded: April 2, 1923
7. #RSAC
Company profile (cont’d)
7
Technology environment
Employees perform daily computing with traditional desktops and
laptops
Cloud computing has not been widely deployed – plans for the
capability have been proposed
Marketing and supply chain systems are managed by third parties
Transaction monitoring and the IT customer service help desk
have been outsourced to India
8. #RSAC
Participant roles
8
Players will assume the following roles within YouKnight Bank:
Chief Executive Officer
Chief Financial Officer
Chief Operating Officer
Chief Information Officer
General Counsel
Head of Communications & Public
Relations
Chief Risk Officer
Chief Security Officer
Chief Customer Experience Officer
9. #RSAC
Objectives
9
Understand the role of executive leadership in cyber incident
response
Identify the types of information, tools, and capabilities
needed to effectively support cyber incident response
Explore the interaction model for third parties (e.g., law
enforcement, regulators)
10. #RSAC
How to play
10
Review injects.
Review inject content in its entirety
Determine actions you will take and / or decisions you will make
Make decisions.
Describe your thought process, including your assumptions, out loud
Articulate how the decision will be executed
Consult others.
Engage directly with other players
Inform the facilitator if you want to speak to a non-player
11. #RSAC
Leading practices
11
Act decisively – have a clear, ongoing decision-making process
Focus on the emerging crisis over the symptoms of the incident
Prioritize decision-making based on impact
1
2
3
22. Heads up – XChange has now been offline for 2 hours. Until it comes back up, interbank transaction clearing and settlement
will not be functional across the bank.
We have all hands on deck investigating the cause, but haven’t found anything yet. Per our continuity plan, the incident
response team has been invoked; but it’s really not clear what we should be doing. Like many of our other systems, XChange
appears to be operating within parameters – except that it’s not working…
As you know, XChange is a Tier-1 application and we need it to complete our end-of-day transactions. But, given how
everything looks, I am looking for your input on how to proceed. Should we:
Continue our investigations and hope that we find the cause of the outage and a solution; or
Initiate disaster recovery right away. If we go down this path, we should be back online in 36 hours, but most critical
systems would be offline until then (we have to fail over everything at the same time, we can’t do it in pieces).
Also, as you know, we haven’t been able to renew our incident response retainer due to the vendor’s push for indemnification.
Still, we need more skilled resources to perform detailed technical investigation... Can we push through ASAP?
Tyler
Search all messages…<Ctrl+K>
Logout
COO
youknightbank.com
This message was sent with High importance.i
File Edit View Go Message Tools Help
Get Mail Write Tag
Inbox
Drafts
Sent
Follow Up
All Documents
Junk
Trash
Views
Folders
Archive
Tools
Other Mail
Reply Reply To All Forward Mark As More
From: Rice, Tyler (Director, Enterprise Applications) To: Chief Operations Officer
Subject: URGENT: XChange offline Cc:
Sender Subject Date Size
Diana Carter Lunch today? Thurs 04/20/2017 7:45AM 1K
Tyler Rice URGENT: FastFill offline Thurs 04/20/2017 8:15AM 2K
23. It is now 10:00 AM on April 20thMoving forward 1 hour…
24. Secure Sign-in
Save Online ID Security & Help
Forgot ID Forgot Passcode Enroll
Online ID Passcode Sign In
Lose more than just your
interest payments when you
accept a loan from YouKnight…
YouKnight Bank bet on your American Dream and won. They profited billions
on the subprime mortgages they sold to their NINJA customers, and what
did you get? You got EVICTED.
Open an Account Español
YouKnight
Bank
Retail / Personal Corporate Asset Management Mortgage
We gave you a chance, you didn’t take it. Now you’ve been served. Repent or more will come.
YouKnight.com/ YouKnight Bank
#Hackme
Get a loan, lose a house!
MORAL FAILURE
25. It is now 12:00 PM on April 20thMoving forward 2 hours…
28. It is now 6:00 PM on April 20thMoving forward 6 hours…
29. Valued employee,
At approximately 5:00 p.m. today, there was a water main break near your location. Because the water main break is so close
to power gridlines, access to your location will be prohibited until further notice.
We will provide further instructions when access to the building is reinstated.
Thank you for your patience and cooperation.
- Physical Security
Search all messages…<Ctrl+K>
Logout
All Personnel
youknightbank.com
This message was sent with High importance.i
File Edit View Go Message Tools Help
Get Mail Write Tag
Inbox
Drafts
Sent
Follow Up
All Documents
Junk
Trash
Views
Folders
Archive
Tools
Other Mail
Reply Reply To All Forward Mark As More
From: Physical Security To: All Personnel
Subject: URGENT: Location closed due to water main breakage Cc:
Public Relations Marketing campaign update Thurs 04/20/2017 8:15AM 3K
Physical Security URGENT: Location closed due to water main breakage Thurs 04/20/2017 5:30PM 2K
Sender Subject Date Size
30. It is now 11:00 AM on April 21stMoving forward to the next day…
31. Home About Photos Events More
Company
Invite friends to subscribe
450,916 people have been here
What are you saving up for? A new car? A summer vacation? Stop by today to learn
how you could be earning more on your savings! #moneyinthebank #savingisgaining
20 hrs Edited
+357,937 votes
79,526 Reshares
Roberta Landry How can you provide tips when your employees don’t
even bother to show up and you can’t open your stores? #YouNotThere
+21 votes Comments 19,203 1 hrs
Dave Hestle I’m saving for a new house since they took mine!
You’re better off not being able to get in… #YouKnightYouNever
YouKnight
YouKnight YouKnight Home
Sign Up
57,821 people commented
Connectin
Shop Now
Vote
Message
Watch videoSubscribe
351,102 people subscribed to this
Search for posts on this Page
..
ouKnight Bank
ouKnight Bank
ouKnight Bank
32. 1642 new hollers
New to CHATNHOLLER?
Sign up now to get your own
personalized timeline!
Sign up
#YouNotYouKnighted MarcoCHATNHOLLER
Top Live Accounts Photos Videos More options
Trends
Venus Williams
115K Hollers
#SCOTUS
305K Hollers
#MyOneWordDistraction
Just started trending
#GilmoreGirls
89K Hollers
#OITNB
264K Hollers
Katie Lane @musicmantra_KL89 • 8m
Glad you decided to give yourself a “holiday,” but I cant afford a vacation cuz you still haven’t processed
the check I deposited DAYS ago! @YouKnight, get back to work! #YouNotYouKnighted #YouClosed
Polo Echo Heart Expand
James Arden @Arden_James • 29m
Hey, @YouKnight whether you cash my paychecks or not, I still have to pay rent. Waive the fee for
overdrawing on my account or I’m taking my money elsewhere! #YouPay #YouNotYouKnighted
Polo Echo Heart Expand
Ben Lee @bikerben003 • 42m
OMG some guy is going irate at YouKnight Bank right now – only one lady working the front desk and a
line almost out the door. Guy’s at the back obvi. #YouLast #YouWait #YouMad #YouNotYouKnighted
Polo Echo Heart Expand
Jeremy Jones MD @DrJeremyJones• 55m
Technology outage, crashing applications, website defacement… You about to go knight knight forever if
you don’t get your ducks in a row. #YouFailing #YouNotYouKnighted #ClosingTime
Polo Echo Heart Expand
Whitney Swift @Witty_Whitney82 • 1h
If you can’t keep your site safe, why should I believe you can keep my money safe!? These days, if the
hackers aren’t stealing from you, the banks are. #KnightInTinfoil #YouNoHero #YouNotYouKnighted
Polo Echo Heart Expand
Jacob Andrews @J_Andrew92 • 2h
@YouKnight - I understand that you may be experiencing “technical difficulties” but there is no excuse
for treating your customers poorly #YouRude #YouNotYouKnighted #PoorCustomerService
Polo Echo Heart Expand
33. It is now 1:00 PM on April 21stMoving forward 2 hours…
34. Greeting Voicemail Edit
Doug Dominose
New York City, New York
April 21, 2017 at 1:00 PM
Jane Finley
work
Tuesday
0:33
Richard Gilmore
home
Monday
0:48
George Stephens
home
04/14/17
0:21
+1 (347) 634-2012
New York City, NY
04/11/17
0:12
+1 (872) 657-8929
Chicago, IL
11/29/16
0:12
i
Call BackSpeaker Delete
CM&H LTE
i
i
i
i
i
0:03 -0:20
1
1:00 PM
“This is Special Agent Doug Dominose
with the FBI. I’m headed to YouKnight
headquarters now - should arrive within
the hour. Can you see to it that
someone is available to meet with me?”
35. It is now 4:00 PM on April 21stMoving forward 3 hours…
36. As you are likely aware, the media is reporting that YouKnight Bank has experienced a widespread technology outage rendering
it unable to accurately and securely perform transactional duties within the interbank network. Due to the far reaching
implications of the outage on members of the financial community, we will be monitoring the situation and conducting an
investigation to determine if certain penalties may apply.
Please provide your any input you feel will be valuable to our discovery efforts. I’ll be available at +1 (212) 555-3464 if you
would like to speak by phone.
Thanks,
Kevin Sumner
Senior Bank Examiner - Federal Reserve Bank
Search all messages…<Ctrl+K>
Logout
CFO
youknightbank.com
This message was sent with High importance.i
File Edit View Go Message Tools Help
Get Mail Write Tag
Inbox
Drafts
Sent
Follow Up
All Documents
Junk
Trash
Views
Folders
Archive
Tools
Other Mail
Reply Reply To All Forward Mark As More
From: Sumner, Kevin (Federal Reserve Bank) To: Chief Financial Officer
Subject: URGENT: Outage & Interbank Impact Cc:
Jan Finkle Status Update Fri 04/21/2017 3:45PM 1K
Kevin Sumner URGENT: Outage & Interbank Impact Fri 04/21/2017 4:00PM 1K
Sender Subject Date Size
39. #RSAC
Cyber wargaming lessons learned
39
Cyber events have an accelerated rate of escalation and
unfold more ambiguously than traditional crises
Impacts resulting from actions and decisions during
cyber incident response, even at a low level, are
greater and broader than those of a traditional incident
The scope of incident responders expands well
beyond technology during cyber incident response
1
2
3
40. #RSAC
Cyber Incident Response Success
40
Simulate realistic incidents regularly. By exercising the
plan, organizations can build “muscle memory” and
respond more effectively and consistently.
Organizations should embrace
technologies that enable operational
resiliency and proactive detection and
response capabilities.
Simple, flexible and distributed plans
provide guidance to responsible parties
throughout the organization. Understand
where external help is needed and have
contracts and capabilities in place
beforehand.
Determining legal, regulatory, and compliance
issues in the midst of a crisis is a bad place to be.
Prepare ahead and incorporate these
considerations into the CIR plan.
Educate executives on crisis communication
plans and their associated responsibilities.
Setting tone at the top of organizational
hierarchies has cascading impacts.
Prevent your plans from becoming “shelf
ware” by training your CIR team
periodically.
Carefully select CIR team members and
confirm they have the requisite skills and
experience to perform responsibilities
outlined in the plan.
Involve business operations in cyber Incident Response
planning so that mission critical processes and systems are
available when crises occur.
Cyber
Incident
Response
Legal, Risk, &
Compliance
The Plan
Supported by
Technology
Simulate the
Event
Operations
Cyber
Education
Cyber
Response
Team
Executive
Management
41. #RSAC
Effective cyber wargame exercises leverage a
carefully selected combination of high-fidelity
injects designed to mimic the real world.
Injects are revealed based upon player
actions and decisions, typically via:
Players will respond more realistically to
realistic injects – leading to improved
identification of strengths and weaknesses.
RELEVANCE TO THE BUSINESS READINESS TO EMBRACE CHALLENGES
Effective cyber wargame exercises are built
from the ground up to reflect an
organization’s specific business context,
organizational structure, operating
procedures, systems, data, etc.
Exercises should be designed so that
outcomes will impact how the business will
make decisions moving forward.
REALISM FOR THE PLAYERS+ +
Effective cyber wargame exercises involve
participants that are excited to embrace cyber
challenges and ready to remediate identified
weaknesses. Common outcomes include the
need to improve capabilities related to:
Designing an effective cyber wargame
41
Paper contentLive phone calls
Pre-recorded video The Facilitator
Delivery
Scenario
Audience
Objectives
Debrief
Business context
Report
Briefed actorsPre-recorded audio
IS risk
assessment
Cyber incident
response
Core security
services
Threat
Intelligence
Technical
resilience
Cyber
forensics
User ID
management
Business
engagement