Doug Copley presented on cybersecurity challenges in healthcare including threats, trends in healthcare, practical steps and building security without boundaries.
Nearly one in five healthcare CIOs have had a security breach within the past 12 months. Learn how TCS can help you keep sensitive patient data secure and protected.
Customer Spotlight:Deploying a Data Protection Program in less than 120 DaysDigital Guardian
Despite a limited budget, Jabil's small security team was under pressure from Senior Management to mature their security program - FAST! Michael Ring, IT Security Architect at Jabil shares how they deployed their solution to over 40,000 users in less than 120 days.
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment
Presenter: Sean McCloskey, Program Manager, Cyber Security Evaluations Program, DHS
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
Doug Copley presented on cybersecurity challenges in healthcare including threats, trends in healthcare, practical steps and building security without boundaries.
Nearly one in five healthcare CIOs have had a security breach within the past 12 months. Learn how TCS can help you keep sensitive patient data secure and protected.
Customer Spotlight:Deploying a Data Protection Program in less than 120 DaysDigital Guardian
Despite a limited budget, Jabil's small security team was under pressure from Senior Management to mature their security program - FAST! Michael Ring, IT Security Architect at Jabil shares how they deployed their solution to over 40,000 users in less than 120 days.
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment
Presenter: Sean McCloskey, Program Manager, Cyber Security Evaluations Program, DHS
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
Data Security: Why You Need Data Loss Prevention & How to Justify ItMarc Crudgington, MBA
With the increasing number of cyber-attacks and incidents seeming to occur weeks/months/years before discovery of breach, simply securing your perimeter is no longer enough to protect your most critical assets. Privacy breaches are averaging upwards of $200 per record and studies have shown at intellectual property infringement cost the average company $101.9 million in revenues.
Key points addressed include:
• The Impact of Cyber Crime on our Economy
• The Cost Companies are incurring due to Cyber Crime and Data Breaches
• Who are the threat actors?
• What makes up a Data Loss Prevention ecosystem?
• What does a Data Loss Prevention strategy do for me?
• Hidden Benefits of Data Loss Prevention
• Justifying a Data Loss Prevention Strategy
This webinar was hosted by Ignyte Assurance Platform and Federal Publication Seminars on 18 June 2021.
The Cybersecurity and Infrastructure Security Agency (CISA), under the Department of Homeland Security, launches a campaign to reduce the risk of ransomware. Following an executive order signed by President Biden on May 12, 2021, which aims to increase cybersecurity defenses and resiliency against nation-state data exfiltration and hold global criminals accountable for ransomware attacks.
As we’ve seen with the Solar Winds and Colonial Pipeline hacks, cybercrime isn’t limited to government organizations. In fact, both public and private sectors are vulnerable to an all-too-common type of cyber attack which exposed the gaps in U.S. cyber defenses. New standards such as Cybersecurity Maturity Model Certification (CMMC) are becoming required compliance and cyber hygiene minimum for all organizations involved in the federal supply chain.
This webinar is designed for federal contractors and companies that provide critical infrastructure or any type of software to the government. Our guests and leading data security and compliance experts will explain how both public and private sector organizations need to act now to protect global software supply chains that affect government and private sector computer systems.
Knowing exactly where your cybersecurity and compliance gaps are and the solutions needed to implement and fix them is central to your success. Early adopters demonstrating high security & compliance postures are positioned to win more business over laggards.
Learn from the experts! Tune into this webinar to hear Doug Copley, Deputy CISO/Security & Privacy Strategist for Forcepoint, talk about What It Takes to be a CISO in 2017: expectations, challenges, partnerships, the roadmap,critical activities and more.
PwC industry expert, Josh McKibben, helps us break down what a breach is truly comprised of, analyze key breaches as examples, and look for lessons you can bring back to your organization to avoid being the next headline.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
In the modern-day climate, more and more industries have had to increase IT security
expenses to provide a trusted system of security to all client/company PII from unauthorized users. The massive spike in IT security spending was brought on by the recent cyber breach on Equifax, in which millions of clients’ PII was accessed and distributed by an unauthorized user infiltrating the system. Like the Equifax attack, so many of these attacks require user-interaction to be activated or spread, so organizations must be on the forefront of understanding the internal threats of their own employees can impose.
Solutions.Information Security During Mergers & Acquisitions:
Issues, Safety Measures, and Need-to-Know Solutions.
Information security risks and threats connected with mergers and acquisitions, which can include months of often precarious IT migrations and legacy services left exposed; how Cloud computing affects information security risks and threats during merger and acquisition activities, as well as the positive opportunities that they can offer; why Information Security should be involved in the early phases of due diligence, including the phases during which the deal is structured and the acquisition model is defined; a simple framework and actionable material.
Cybersecurity 2014: The Impact of Policies and Regulations on Companies by Andrea Almeida from the First Semi-Annual Cyber Security Conference in Plano, Texas held September 26-27, 2014.
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
This webinar will provide more information on the importance of information security and how you can take security well beyond compliance, an approach on building strong information security, privacy and data governance programs, and the importance of strong data governance in relation to privacy and information security requirements.
The webinar covers
• Information Security
• Importance Of Information Security Today
• Taking Information Security Beyond A Compliance First
• Importance Of Data Governance In Information Security
• Privacy
• Changing And Evolving Privacy Requirements
• Importance Of Data Governance In Privacy
• Data Governance And Data Privacy
• Data Privacy - Data Processing Principles
Presenters:
Moji is a Senior Business Process Analyst working with GemaltoThales, a leading firm in the IT industry. Moji has over fifteen years of experience in leading projects to improve processes, create and implement processes leading to increased revenue generation and eliminate redundancies.
She has a zeal for adding value and increasing revenue for organizations. Moji is very passionate about Data Privacy and its application in business and consumer rights.
Hardeep Mehrotara has 20+ years of senior leadership experience in Information Technology and Cyber Security working for public and private organizations building security programs from the ground up. He has been featured on Canadian television as a cyber expert and provided advice to various communities on implementing cybersecurity strategy, best practices and controls. He has been a co-author on numerous leading industry security control frameworks, technical benchmarks and industry best practice standards.
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/aQcS5-RFIEY
Website link: https://pecb.com/
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Peter1020
-The Current Global Digital Threat Climate
-Cyber-Trends Against The U.S. Financial Service Sector
-Considerations Prior To Outsourcing
-Pitfalls In International Partnerships
-Communications, Connections, And Security Considerations Between Locations
-Dealing With Data Exposures
-5 Things You Can Do To Protect Your Existing Outsourcing Right Now
Session 2 10:30am-11:30am
-Technology Outsourcing Trends
-Secure Outsourcing Technologies
-Collaboration Methods With Remote Teams
-How To Connect People With The Right Information At The Right Time And The Right Place
-How To Connect People With Fellow Employees, Vendors, Partners Or Other External Contacts Outside Of the Organization
-Project Management Technology Of Remote Resources
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
Discussion of if and how you can secure payments in the cloud. Covers the issue, compliance considerations, regulatory changes and their impact, and provides a rationale for using a cloud to decouple your payments processes from your legacy infrastructure.
Presentation by Soumya Mondal, on "Information Security: Importance of having definded policy & process" at "Braindigit 9th National ICT Conference 2013" organized by Information Technology Society, Nepal at Alpha House, Kathmandu, Nepal on 26th January, 2013
Cloud Cybersecurity: Strategies for Managing Vendor RiskHealth Catalyst
As more organizations shift away from on-premise architectures toward the cloud or hybrid hosting models, critical cybersecurity concerns emerge. Organizations, especially health systems, should carefully examine the shared responsibility model in partnership with their cloud vendor.
Kevin Scharnhorst, Health Catalyst Chief Information Security Officer, shares perspectives on how your organization’s security program, through adherence to standards-based policy and procedures, can align with your cloud vendor on reduced organizational risk.
Data Security: Why You Need Data Loss Prevention & How to Justify ItMarc Crudgington, MBA
With the increasing number of cyber-attacks and incidents seeming to occur weeks/months/years before discovery of breach, simply securing your perimeter is no longer enough to protect your most critical assets. Privacy breaches are averaging upwards of $200 per record and studies have shown at intellectual property infringement cost the average company $101.9 million in revenues.
Key points addressed include:
• The Impact of Cyber Crime on our Economy
• The Cost Companies are incurring due to Cyber Crime and Data Breaches
• Who are the threat actors?
• What makes up a Data Loss Prevention ecosystem?
• What does a Data Loss Prevention strategy do for me?
• Hidden Benefits of Data Loss Prevention
• Justifying a Data Loss Prevention Strategy
This webinar was hosted by Ignyte Assurance Platform and Federal Publication Seminars on 18 June 2021.
The Cybersecurity and Infrastructure Security Agency (CISA), under the Department of Homeland Security, launches a campaign to reduce the risk of ransomware. Following an executive order signed by President Biden on May 12, 2021, which aims to increase cybersecurity defenses and resiliency against nation-state data exfiltration and hold global criminals accountable for ransomware attacks.
As we’ve seen with the Solar Winds and Colonial Pipeline hacks, cybercrime isn’t limited to government organizations. In fact, both public and private sectors are vulnerable to an all-too-common type of cyber attack which exposed the gaps in U.S. cyber defenses. New standards such as Cybersecurity Maturity Model Certification (CMMC) are becoming required compliance and cyber hygiene minimum for all organizations involved in the federal supply chain.
This webinar is designed for federal contractors and companies that provide critical infrastructure or any type of software to the government. Our guests and leading data security and compliance experts will explain how both public and private sector organizations need to act now to protect global software supply chains that affect government and private sector computer systems.
Knowing exactly where your cybersecurity and compliance gaps are and the solutions needed to implement and fix them is central to your success. Early adopters demonstrating high security & compliance postures are positioned to win more business over laggards.
Learn from the experts! Tune into this webinar to hear Doug Copley, Deputy CISO/Security & Privacy Strategist for Forcepoint, talk about What It Takes to be a CISO in 2017: expectations, challenges, partnerships, the roadmap,critical activities and more.
PwC industry expert, Josh McKibben, helps us break down what a breach is truly comprised of, analyze key breaches as examples, and look for lessons you can bring back to your organization to avoid being the next headline.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
In the modern-day climate, more and more industries have had to increase IT security
expenses to provide a trusted system of security to all client/company PII from unauthorized users. The massive spike in IT security spending was brought on by the recent cyber breach on Equifax, in which millions of clients’ PII was accessed and distributed by an unauthorized user infiltrating the system. Like the Equifax attack, so many of these attacks require user-interaction to be activated or spread, so organizations must be on the forefront of understanding the internal threats of their own employees can impose.
Solutions.Information Security During Mergers & Acquisitions:
Issues, Safety Measures, and Need-to-Know Solutions.
Information security risks and threats connected with mergers and acquisitions, which can include months of often precarious IT migrations and legacy services left exposed; how Cloud computing affects information security risks and threats during merger and acquisition activities, as well as the positive opportunities that they can offer; why Information Security should be involved in the early phases of due diligence, including the phases during which the deal is structured and the acquisition model is defined; a simple framework and actionable material.
Cybersecurity 2014: The Impact of Policies and Regulations on Companies by Andrea Almeida from the First Semi-Annual Cyber Security Conference in Plano, Texas held September 26-27, 2014.
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
This webinar will provide more information on the importance of information security and how you can take security well beyond compliance, an approach on building strong information security, privacy and data governance programs, and the importance of strong data governance in relation to privacy and information security requirements.
The webinar covers
• Information Security
• Importance Of Information Security Today
• Taking Information Security Beyond A Compliance First
• Importance Of Data Governance In Information Security
• Privacy
• Changing And Evolving Privacy Requirements
• Importance Of Data Governance In Privacy
• Data Governance And Data Privacy
• Data Privacy - Data Processing Principles
Presenters:
Moji is a Senior Business Process Analyst working with GemaltoThales, a leading firm in the IT industry. Moji has over fifteen years of experience in leading projects to improve processes, create and implement processes leading to increased revenue generation and eliminate redundancies.
She has a zeal for adding value and increasing revenue for organizations. Moji is very passionate about Data Privacy and its application in business and consumer rights.
Hardeep Mehrotara has 20+ years of senior leadership experience in Information Technology and Cyber Security working for public and private organizations building security programs from the ground up. He has been featured on Canadian television as a cyber expert and provided advice to various communities on implementing cybersecurity strategy, best practices and controls. He has been a co-author on numerous leading industry security control frameworks, technical benchmarks and industry best practice standards.
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/aQcS5-RFIEY
Website link: https://pecb.com/
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Peter1020
-The Current Global Digital Threat Climate
-Cyber-Trends Against The U.S. Financial Service Sector
-Considerations Prior To Outsourcing
-Pitfalls In International Partnerships
-Communications, Connections, And Security Considerations Between Locations
-Dealing With Data Exposures
-5 Things You Can Do To Protect Your Existing Outsourcing Right Now
Session 2 10:30am-11:30am
-Technology Outsourcing Trends
-Secure Outsourcing Technologies
-Collaboration Methods With Remote Teams
-How To Connect People With The Right Information At The Right Time And The Right Place
-How To Connect People With Fellow Employees, Vendors, Partners Or Other External Contacts Outside Of the Organization
-Project Management Technology Of Remote Resources
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
Discussion of if and how you can secure payments in the cloud. Covers the issue, compliance considerations, regulatory changes and their impact, and provides a rationale for using a cloud to decouple your payments processes from your legacy infrastructure.
Presentation by Soumya Mondal, on "Information Security: Importance of having definded policy & process" at "Braindigit 9th National ICT Conference 2013" organized by Information Technology Society, Nepal at Alpha House, Kathmandu, Nepal on 26th January, 2013
Cloud Cybersecurity: Strategies for Managing Vendor RiskHealth Catalyst
As more organizations shift away from on-premise architectures toward the cloud or hybrid hosting models, critical cybersecurity concerns emerge. Organizations, especially health systems, should carefully examine the shared responsibility model in partnership with their cloud vendor.
Kevin Scharnhorst, Health Catalyst Chief Information Security Officer, shares perspectives on how your organization’s security program, through adherence to standards-based policy and procedures, can align with your cloud vendor on reduced organizational risk.
PCI DSS Compliance and Security: Harmony or Discord?Lumension
An organization can be compliant and still experience a security breach – look no further than Heartland Payment Systems and RBS WorldPay. Both had achieved PCI DSS compliance, only to suffer massive data breaches that cost tens of millions of dollars. What is the difference between compliance and security? And how can organizations effectively move beyond PCI DSS compliance to ensure the security of personally identifiable information (PII)?
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
Since Syncsort's acquisition of security products from Cilasoft, Enforcive, Townsend Security and Trader's - we've been working hard to blend best-of-breed technology and create a powerful, integrated solution. We're happy to announce that the wait is almost over!
In just a few short weeks, Syncsort will announce the first release of this new security solution. We want partners like you on-board with all the latest information on how this great new product will meet your customers' needs to:
• Identify security vulnerabilities
• Pass audits for industry, state or governmental security regulations
• Detect and report on compliance deviations and security incidents
• Lock down access to systems and databases
• Ensure the privacy of sensitive data - both at rest and in motion
Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely
Multiple security regulations became effective across the globe in 2018, most notably the European Union’s General Data Protection Regulation (GDPR), and additional regulations are on their heels. The California Consumer Privacy Act, with its GDPR-like requirements, is just one of the regulations that requires planning and preparation today.
If you need to implement security policies for IBM i systems and data that will meet today’s compliance requirements and prepare you for those that are on the way, this webinar will help you get on the right track.
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...acemindia
With the adoption of public cloud services, a large part of your network, system, applications, and data will move under third-party provider control.
For this :
What security controls must the customer provide over and above the controls inherent in the cloud platform, and
How must an enterprise’s security management tools and processes adapt to manage security in the cloud.
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
A quick summary of the current state of big data technology and data science approaches used in cyber / network defender security analytics including summary use cases, a walk through of a reference architecture and breakdown of the required skills. Focus is on the knowledge needed to run a proof of concept and establish a programme for early benefits. Will then also include a view on the future of extending the platforms and capabilities of security analytics to cover performance metrics and data-driven security management approaches.
As privacy and security professionals it's true: we simply can't get enough data on the costs of a data breach. This is primarily driven, of course, by our desire to quantify the risks associated with our profession in terms that organizations can understand and measure. Our quest is complicated, however, by the fact that breach cost data is so hard to come by.
This unique webinar will take data breach analysis to the next level. First we'll define our terms and review of some of the best known, publicly available data breach research. But then, we'll dive into a more detailed, exhaustive, quantitative review of breach data. This will include both case studies of a few seminal data breaches and statistical analysis of data breaches in the aggregate.
Our featured speaker for this timely webinar is Patrick Florer, Co-Founder & CTO of Risk Centric Security. Patrick, who is also a Fellow and Chief Research Analyst at the Ponemon Institute, has decades of experience in risk analysis and analytics and is considered an expert in data breach analysis.
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
Data leakage prevention is one of the key topics which we have been talking in present. Due to the organizations moving towards big data, financial systems.. which resides in cyber space, there is an increasing number of frauds associated with the technology revolution in the cyberspace.This post highlights the threats and the counter measures, so we can protect the sensitive personal data. I prefer the approach of “ Trust but verify model ”.
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
The GDPR requires organizations — both “data controllers” and “data processors” — to strengthen their data protection and security measures to protect the personally identifiable information (PII) of EU citizens, and to demonstrate their compliance at any time. See how Quest solutions can help make it easier to ensure that your customer on-premises, cloud or hybrid environment meets GDPR compliance requirements.
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
The following presentation slides were used during the 2014 Cyber Summit Panel Session on Cyber Critical Infrastructure Guidelines at the University of Alabama at Birmingham
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
The Department of Energy's Integrated Research Infrastructure (IRI)Globus
We will provide an overview of DOE’s IRI initiative as it moves into early implementation, what drives the IRI vision, and the role of DOE in the larger national research ecosystem.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Extending Globus into a Site-wide Automated Data Infrastructure.pdfGlobus
The Rosalind Franklin Institute hosts a variety of scientific instruments, which allow us to capture a multifaceted and multilevel view of biological systems, generating around 70 terabytes of data a month. Distributed solutions, such as Globus and Ceph, facilitates storage, access, and transfer of large amount of data. However, we still must deal with the heterogeneity of the file formats and directory structure at acquisition, which is optimised for fast recording, rather than for efficient storage and processing. Our data infrastructure includes local storage at the instruments and workstations, distributed object stores with POSIX and S3 access, remote storage on HPCs, and taped backup. This can pose a challenge in ensuring fast, secure, and efficient data transfer. Globus allows us to handle this heterogeneity, while its Python SDK allows us to automate our data infrastructure using Globus microservices integrated with our data access models. Our data management workflows are becoming increasingly complex and heterogenous, including desktop PCs, virtual machines, and offsite HPCs, as well as several open-source software tools with different computing and data structure requirements. This complexity commands that data is annotated with enough details about the experiments and the analysis to ensure efficient and reproducible workflows. This talk explores how we extend Globus into different parts of our data lifecycle to create a secure, scalable, and high performing automated data infrastructure that can provide FAIR[1,2] data for all our science.
1. https://doi.org/10.1038/sdata.2016.18
2. https://www.go-fair.org/fair-principles
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Globus Compute with Integrated Research Infrastructure (IRI) workflowsGlobus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and I will give a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Reactive Documents and Computational Pipelines - Bridging the GapGlobus
As scientific discovery and experimentation become increasingly reliant on computational methods, the static nature of traditional publications renders them progressively fragmented and unreproducible. How can workflow automation tools, such as Globus, be leveraged to address these issues and potentially create a new, higher-value form of publication? LivePublication leverages Globus’s custom Action Provider integrations and Compute nodes to capture semantic and provenance information during distributed flow executions. This information is then embedded within an RO-crate and interfaced with a programmatic document, creating a seamless pipeline from instruments, to computation, to publication.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Free Complete Python - A step towards Data Science
Enabling Science with Trust and Security – Guest Keynote
1. Enabling Science with Trust and Security
Tom Barton
Sr Consultant for Cybersecurity & Data Privacy
UChicago & Internet2
GlobusWorld 2019
2. What I’ll tell you
• Security is all about enabling the mission by reducing risk to it
• There are security programs designed to reduce risk to research
• Trust frameworks reduce risk across complex cyberinfrastructure (CI)
ecosystems
• Trust frameworks & security enable scientific CI by reducing risk to it
• Some practical ways to engage with these
2
3. The simplest case
Human subjects research is perhaps the simplest example of security
enabling science.
Not that it’s easy!
3
5. Liability incurred by contracts and regulation
• Sensitive data provided under contract by external agencies
• Variety of security obligations in Data Use Agreements
• HIPAA Business Associate Agreements
• Government contracts with DFARS flow down requirements
• Federal security standards, focused on data confidentiality
• Also subject to state regulations protecting personal information
• Worst case: existential threat to associated research programs
5
6. Institutional strategy for secure research data
• Research Computing, Research Administration, Legal, IT partnership to
reduce risk to affected research
• Provide security as a service to PIs so they don’t have to figure it out
• Elements
• Risk assessment in grants & contracts processes
• Secure research computing service
• Dean and VP Research level policy governance
• Broad-based operational governance
• Federal security standards: NIST SP 800-53/800-171/CUI
• UChicago and many others have one or are moving in that direction
6
8. Benefits and dividends
• On-going close coordination between research computing and central IT
• Identity & access management
• Security operations, incident response and risk assessment
• Network engineering
• Storage/recovery
• Systems administration
• Central IT learned how to support other sensitive computing needs
• Re-usable building blocks of secure computing technologies and procedures
• Total institutional cost is reduced with each re-use
8
9. Can CISOs and Research Computing
Directors get along?
• Yes!
• "Enabling Trustworthy Campus Cyberinfrastructure for Science“
• Workshop by TrustedCI and InCommon, funded by NSF, September 2018
• Chief Information Security Officer and Research Computing Director teams from ~15
universities
• Secure research computing needs drive successful partnerships among
CISOs, RC Directors, Legal Counsel, Research Administration
• Regardless of where RC Director and CISO report, large or small
institution, centralized or decentralized
9
10. Review of the simplest case
The scientific CI is in one organization, which makes feasible:
• Close, on-going operational collaboration between research
computing, central IT, information security
• Implementation of Federal/NIST security standards
Enables human subjects research programs by providing the help
needed to address onerous security obligations
10
11. Security and risk
Must it always be about complying with Federal/NIST security
standards?
11
12. Security Defined by Merriam Webster
1: freedom from danger (safety), freedom from fear or anxiety
4: measures taken to guard against espionage or sabotage,
crime, attack, or escape
https://www.merriam-webster.com/dictionary/security
We should emphasize definition #1, but security practice is
traditionally focused on #4
12
slide credit: Von Welch
13. Data lost
System
unavailable
Data altered
Private data
exposed
Enforced
shutdown
Ransomware
Cyber espionage
Weaponization
Hactivism
Identity theft
Mal intent
Protective and
responsive measures
Prevent negative
impact
Extended
disruption
Cybersecurity – traditional view
13
CI system in designed state
14. Protective and
responsive measures
Data lost
System
unavailable
Data altered
Private data
exposed
Enforced
shutdown
Ransomware
Cyber espionage
Weaponization
Misconfiguration
Flaw in 3rd party component
system
Overlooked ancillary functions
remain active
System restored to unplanned
state
Uncaught data transport error
Inadequate incident response
capability
Lack of operational coordination
leaves system in unplanned stateHactivism
Identity theft
Mal intent Deltas to CI system design state Negative impact
Extended
disruption
Cyber Risk – it’s not just about bad actors
14
15. Federal security standards address some IT risks
15
IT risk Federal security
controls?
Misconfiguration Yes
Flaw in 3rd party component system Yes
Overlooked ancillary functions remain active Yes
System restored to unplanned state Yes
Lack of operational coordination leaves system in
unplanned state
No
Uncaught data transport error No
Inadequate incident response capability Yes
16. Will Federal security frameworks assimilate all
US scientific CI?
Yes
Appropriate, probably
unavoidable, for some
secure research
Some aspects well suited
to both open science and
secure research
No
Needs common executive management, hence
hard to apply across organizations
Some critical IT risks aren’t addressed
TrustedCI is developing alternatives for open
science
• Open Science Cyber Risk Profile
• Guide to Developing Cybersecurity Programs
for NSF Science and Engineering Projects
16
17. Lack of operational coordination
leaves system in unplanned state
Please hold this thought in mind for a few minutes….
17
18. A complex case
Trust Frameworks and Federation reduce risk in complex, multi-
organizational circumstances
18
19. 19
Since 2015, thirteen ESFRI Research Infrastructures from the field of BioMedical Science
(BMS RI) joined their scientific capabilities and services to transform the understanding of
biological mechanisms and accelerate its translation into medical care.
• biobanking & biomolecular
resources
•curated databases
•marine model organisms
•systems biology
•translational research
•functional genomics
•screening & medicinal
chemistry
•microorganisms
•clinical trials
•structural biology
•biological/medical imaging•plant phenotyping
•highly pathogenic
microorganisms
Slide credit:
Mikael Linden
20. Increasing complexity of scientific CI
• Bigger data & bigger teams need bigger CI
• Beyond the scale a single organization can achieve on its own
• Not-bigger funding motivates the concentration of CI investments
• Federating or centralizing HPC centers, cloud
• Size brings complexity
• Federated user access, federated resources
• Access management
• Data, cache, and network management
20
As scientific CIs integrate more components and organizations, it’s
harder to manage, debug, and ascertain the state of the entire system
21. Federated user access – a global infrastucture
faculty, students, staff
data sets
intellectual property
specialized instruments
specialized computing
68 countries (March 2019)
> 16,700 entities (25% InCommon)
> 10,000,000 users
connected by global research
networks and federation
21
22. 22
Get collaboration ready
Release “Research & Scholarship” attributes
Basic security for Identity Provider
Accurate & complete metdata for good user experience
Standard MFA request/response
Identity assurance info
Enable
basic collaboration
Support
high value resources
Protect
collaboration resources Reduce risk
Identity
Providers
implement
Academic
Service
Providers
implement
Each item in the bottom two tiers is associated with a trust framework,
as is the federation itself
24. 24
InCommon’s Baseline Expectations program
Dimensions
❏ Security
❏ Privacy
❏ Transparency/Accountability
❏ User Experience
Participation Agreement
requires everyone to adhere
to Baseline Expectations
Processes
❏ Community Consensus
❏ Community Dispute Resolution
Mostly, it consists of tons of communication and help
25. Baseline Roadmap (under development)
25
1Q18 2Q18 3Q18 4Q18 1Q19 2Q19 3Q19 4Q19 1Q20 2Q20 3Q20 4Q20 1Q21 2Q21 3Q21 4Q21
Create BE processes, redo
contracts, metadata quality.
errorURL. SIRTFI all entities.
R&S and REFEDS MFA for
academic OS IdPs.
IdPs must use collaboration-
ready software/services.
26. Research & Scholarship attribute release
• Name, email, affiliation, persistent identifier
• Common need for “research and scholarship” services
• Those service providers are “tagged” by their national federation
operators as “R&S”
• Identity Providers automatically release the R&S attributes to R&S tagged
services
• Such Identity Providers are also tagged as “R&S” so that services can elect
to require R&S attributes in order to provide service
• The R&S program contributes to good privacy practice under the
European General Data Protection Regulation (GDPR)
[ 26 ]
27. SIRTFI - security incident response trust
framework for federated identity
27
Be willing to collaborate in
responding to a federated security
incident.
Apply basic operational security
protections to your federated
entities
in line with your organization’s
priorities.
Self-assert SIRTFI “tag” so that
others will know to trust this
about you.
28. REFEDS Assurance Framework
28
Identity Assurance Authentication Strength
Authentication
Single-factor
authentication (SFA)
Multi-factor
authentication (MFA)
Attributes
Affiliation freshness
1 day
Affiliation freshness
1 month
ID Proofing
Medium
(eg postal credential
delivery)
Low
(self-asserted)
High
(eg F2F)
Identifiers
ID is unique, personal
and traceable
ePPN is unique,
personal and
traceable
Defines a standard means for service providers to receive information about identity
assurance practice and request and receive information about strength of credentials
29. Review of the complex case & trust frameworks
A trust framework is
• A standard of behavior that applies to participants and/or components in
large, complex, even global systems
• Developed in response to identified needs of research and scholarly
activities
We trust that trust framework adopters reasonably observe the standard of
behavior because of our shared mission in Research & Education
Federations and other organizations enable and monitor trust framework
participation and may operate processes to verify or compel adoption
29
30. Lack of operational coordination
leaves system in unplanned state
Systems that integrate components across many organizations can use
trust frameworks to reduce the risk posed by intrinsic inability to
coordinate operationally
30
31. Reducing risk to scientific CI
Some services and programs you can take advantage of.
Some things you might think about doing.
31
32. ResearchSOC
ResearchSOC helps make scientific computing resilient to cyberattacks and
capable of supporting trustworthy, productive research.
• NSF funded center
• Indiana University, Duke University, Pittsburgh Supercomputing Center, University of
California San Diego
• Security Operations Center
• Vulnerability scanning and threat intelligence sharing
• Training information security professionals to address challenges of
securing research
32
33. TrustedCI and Internet2
• Direct engagements or partnerships to review or solve problems
• Security programs for NSF funded activities
• Facility/Site Identity & Access Management
• Federated user access
• Cloud use
• Campus Champions / CaRRC
• Science Gateways Community Institute
• Hope to translate experience with user federation into resource
federation space
33
34. Globus Connect/High Assurance
• Enhanced Connect Server/Personal to meet the security needs of
protected environments for secure research
• Only authorized identities
• Audit trails
• Session timeouts
• More…
• Enhanced Transfer & Auth services backend in AWS
• Meets Federal/NIST security standards
• Suited to HIPAA and other sensitive research data
34
35. You – campus research computing staff
• Add federated user access tooling to your environment
• CILogon, Globus Auth, COmanage, Grouper, others
• Help your CISO become your partner
• Support Federal security standards for high risk projects, sensible
security for low (eg, Open Science Cyber Risk Profile)
• Stay abreast of prototype resource federation efforts
• Help TrustedCI/Internet2 understand your researchers’ problems and
give guidance on good solutions
35
36. You – platform & gateway developers
• Use federated user access tooling
• Deep water, don’t roll your own user management!!
• Help your information security people to help you
• Bake sensible security into your dev and operational processes
• Provide sensible security functionality to deployers
• Your platforms are sometime implemented in very exposed Science
DMZs – focus on securing system integrity, make it hard for bad guys
to re-purposed as weapons
36
37. You - PIs
• Involve research computing staff as early as possible in grant
formulation process to optimize proposed data processing workflow
• If sensitive research data is involved, early engagement will minimize
hurdles & hoops, ensure satisfactory proposed data security plan
• Demand sensible security – make the IT and security powers that be
know that it matters and you need them for it
37