A Security hole in an application can cause not only major financial loss but also loss of customer confidence, trust and reputation severely impacting the business. This webinar looks at well-established industry practices to identify and secure applications from breaches while adhering with regulatory compliances.
This presentation from the NTXISSA June 2015 Lunch and Learn meeting covers: “Survival in an evolving threat landscape” and “How to talk security in the boardroom”
Symantec Cyber Security Solutions minimize the potential business impact of increasingly sophisticated and targeted attacks by reducing the time it takes to detect, assess and respond to security incidents.
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
The cybersecurity landscape is rapidly evolving, with new threats and threat actors emerging, and traditional security operations centers (SOCs) need to be augmented accordingly. This session will detail the journey of du in building and continually enhancing its SOC, physically and philosophically, to best deal with attack detection (offensively and defensively) and response.
(Source: RSA Conference USA 2017)
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
View ondemand webinar: https://securityintelligence.com/events/qradar-investment-2016/
Helping you stay ahead of cybercriminals means our work at IBM Security is never done. With data coming from every direction to collect, you need real time and historical analytics to discover anomalistic conditions that often provide the early warning signs of an attacker’s presence. Join us to hear about new features in IBM Security QRadar that can provide you with better visibility into what’s happening on your network and new integrations that will help you multiply your investment and help speed your remediation efforts.
Hide and seek - Attack Surface Management and continuous assessment.Eoin Keary
Attack surface management and visibility is key to maintaining a robust cyber security posture. Continuous assessment, accuracy and scale are key to enterprise security.
This presentation from the NTXISSA June 2015 Lunch and Learn meeting covers: “Survival in an evolving threat landscape” and “How to talk security in the boardroom”
Symantec Cyber Security Solutions minimize the potential business impact of increasingly sophisticated and targeted attacks by reducing the time it takes to detect, assess and respond to security incidents.
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
The cybersecurity landscape is rapidly evolving, with new threats and threat actors emerging, and traditional security operations centers (SOCs) need to be augmented accordingly. This session will detail the journey of du in building and continually enhancing its SOC, physically and philosophically, to best deal with attack detection (offensively and defensively) and response.
(Source: RSA Conference USA 2017)
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
View ondemand webinar: https://securityintelligence.com/events/qradar-investment-2016/
Helping you stay ahead of cybercriminals means our work at IBM Security is never done. With data coming from every direction to collect, you need real time and historical analytics to discover anomalistic conditions that often provide the early warning signs of an attacker’s presence. Join us to hear about new features in IBM Security QRadar that can provide you with better visibility into what’s happening on your network and new integrations that will help you multiply your investment and help speed your remediation efforts.
Hide and seek - Attack Surface Management and continuous assessment.Eoin Keary
Attack surface management and visibility is key to maintaining a robust cyber security posture. Continuous assessment, accuracy and scale are key to enterprise security.
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
Watch this on-demand webast to learn how to acheive security compliance with AlienVault Unified Security Management (USM): https://www.alienvault.com/resource-center/webcasts/how-to-solve-your-top-it-security-reporting-challenges-with-alienvault?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
Learn how you can take your on-premises and cloud security to the next level with a free online demo at: https://www.alienvault.com/products/usm-anywhere/demo?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products
With 73% of all cyber attacks happening on web applications* last year, there’s little doubt application layers and web-related attacks pose a significant risk to most organizations. However typical investment to protect common attack targets (content management systems and ecommerce platforms) don’t correspond.
This webinar examines the growth of applications in enterprise architecture and the risks associated with agile development, plus expert advice and real world examples on how to scope and build an successful application security program that will maximize coverage and optimize your limited resource
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Denim Group
HP Protect 2015 Presentation with Denim Group's John Dickson and HP's Bruce Jenkins - Software security historically has been a bolt-on afterthought, frequently a "nice to do" and not a "must do" activity in many organizations. Despite the obvious need to build security in from the outset, organizations continue to struggle to gain momentum and focus resources in support of a structured and measurable software security assurance program. How can organizations determine the best-fit activities and appropriate resource allocation levels to adequately address software risk? How can security leaders know what other organizations are doing to produce more secure software? This session provides an overview of the Open Software Assurance Maturity Model (OpenSAMM) framework and illustrates how organizations can use it to give their security program the edge necessary to stay competitive in today's DevOps world and need-for-speed go-to-market strategies. The session includes case studies on how organizations are using comparative data and OpenSAMM benchmarking to realize measurable software security improvement.
Originally shared here - https://sessioncatalog.hpglobalevents.com/go/agendabuilder.sessions/?l=19&sid=4026_2744&locale=en_US
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
The development of the Critical Security Controls is transforming the way companies measure and monitor the success of their security programs while drastically reducing the cost of security. Fifteen of the twenty controls can be automated, some at limited cost to the organization, and the data is readily available to be presented in conference rooms and board rooms. Upon implementing, hospitals will have the ability to measure compliance, track progress, and know when they’ve reached certain goals.
They were developed and agreed upon by a consortium including NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center as well as the top commercial forensics experts and pen testers serving the banking and critical infrastructure communities. Since the US State Department implemented these controls they have demonstrated “more than 80% reduction in ‘measured’ security risk through the rigorous automation and measurement of the Top 20 Controls.”
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay.
In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.
This presentation provides overview about the different threat modeling approach with examples from Automotive. This presentation was given in IEEE VTS Event on 4 Sep - "Safe and Secure Automotive" Workshop
Malware evolution and Endpoint Detection and Response Adrian Guthrie
As malware evolves into targeted Advance Persistent Threat the response has to change to more proactive security model.
Automated Prevention Block malware and exploits to prevent Automated Detection -Targeted and zero-day attack are block in real time
Automated Forensics - Forensic information for in-dept analysis of every attempted attack
Automated Remediation - Automated malware removal
all made possible by Big Data analytics and Collective Intelligence .
This jComply presentation provides an overview of the GRC platform and the modules available such as policy and procedure management, audit management, eLearning, accident and incident management and more..
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
Watch this on-demand webast to learn how to acheive security compliance with AlienVault Unified Security Management (USM): https://www.alienvault.com/resource-center/webcasts/how-to-solve-your-top-it-security-reporting-challenges-with-alienvault?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
Learn how you can take your on-premises and cloud security to the next level with a free online demo at: https://www.alienvault.com/products/usm-anywhere/demo?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products
With 73% of all cyber attacks happening on web applications* last year, there’s little doubt application layers and web-related attacks pose a significant risk to most organizations. However typical investment to protect common attack targets (content management systems and ecommerce platforms) don’t correspond.
This webinar examines the growth of applications in enterprise architecture and the risks associated with agile development, plus expert advice and real world examples on how to scope and build an successful application security program that will maximize coverage and optimize your limited resource
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Denim Group
HP Protect 2015 Presentation with Denim Group's John Dickson and HP's Bruce Jenkins - Software security historically has been a bolt-on afterthought, frequently a "nice to do" and not a "must do" activity in many organizations. Despite the obvious need to build security in from the outset, organizations continue to struggle to gain momentum and focus resources in support of a structured and measurable software security assurance program. How can organizations determine the best-fit activities and appropriate resource allocation levels to adequately address software risk? How can security leaders know what other organizations are doing to produce more secure software? This session provides an overview of the Open Software Assurance Maturity Model (OpenSAMM) framework and illustrates how organizations can use it to give their security program the edge necessary to stay competitive in today's DevOps world and need-for-speed go-to-market strategies. The session includes case studies on how organizations are using comparative data and OpenSAMM benchmarking to realize measurable software security improvement.
Originally shared here - https://sessioncatalog.hpglobalevents.com/go/agendabuilder.sessions/?l=19&sid=4026_2744&locale=en_US
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
The development of the Critical Security Controls is transforming the way companies measure and monitor the success of their security programs while drastically reducing the cost of security. Fifteen of the twenty controls can be automated, some at limited cost to the organization, and the data is readily available to be presented in conference rooms and board rooms. Upon implementing, hospitals will have the ability to measure compliance, track progress, and know when they’ve reached certain goals.
They were developed and agreed upon by a consortium including NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center as well as the top commercial forensics experts and pen testers serving the banking and critical infrastructure communities. Since the US State Department implemented these controls they have demonstrated “more than 80% reduction in ‘measured’ security risk through the rigorous automation and measurement of the Top 20 Controls.”
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay.
In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.
This presentation provides overview about the different threat modeling approach with examples from Automotive. This presentation was given in IEEE VTS Event on 4 Sep - "Safe and Secure Automotive" Workshop
Malware evolution and Endpoint Detection and Response Adrian Guthrie
As malware evolves into targeted Advance Persistent Threat the response has to change to more proactive security model.
Automated Prevention Block malware and exploits to prevent Automated Detection -Targeted and zero-day attack are block in real time
Automated Forensics - Forensic information for in-dept analysis of every attempted attack
Automated Remediation - Automated malware removal
all made possible by Big Data analytics and Collective Intelligence .
This jComply presentation provides an overview of the GRC platform and the modules available such as policy and procedure management, audit management, eLearning, accident and incident management and more..
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...FulcrumWay
This Education Webinar presentation was to learn to Identify and Eliminate False Positives from your Segregation of Duty Audit Report. Segregation of Duties (SOD) controls over business transactions and sensitive data provide an effective safeguard against financial misstatement risks, fraud and operational losses. Big-4 Audit Firms include SOD testing in their audit plan, as well as many organizations have invested in internal SOD tools to provide continuous monitoring of application access controls. However, SOD Audit Reports contain many False Positive issues that can bog down ERP Applications, Finance and Internal Audit teams. Therefore, identifying and eliminating False Positives is a key step in the SOD risk management approach. In this educational webinar you will learn how to identify false positives that are generated due to the complexity of the Oracle EBS security model. We will provide a checklist of “known” False Positives as well as provide you an approach to identify “unknown” False Positives resulting from overriding securing attributes; for example, a “Buyer” Profile Option is required to Create Purchase Order entitlements in Oracle EBS. You will learn the latest techniques to eliminate False Positive violations using “filters” in the SOD tool and reports based on our recent client case studies. We will also share some examples of SOD Analytics Reports that can help you track your SOD Remediation Plan after you remove the False Positives. Introduction • Inherent False Positives in Oracle EBS Security Model • Checklist of Global False Positives • Systematic Approach for Identifying False Positives • SOD Analytics for Remediation Analysis • Case Study • Q&A Join us for this webinar if your role and responsibilities include: • Chief Security Officers • System Administrators • Oracle EBS Consultants • Oracle GRC Advanced Controls Administrator • Compliance (SOX) & Control Manager • Internal Auditors & External Auditors Our ERP advisors have 20+ years of experience in Oracle EBS, System Audits, SOX Compliance, Oracle GRC Implementations & IT Governance at Big-4, Oracle and/or NYSE/NASDAQ public co.
The presentation sheds light on the concept of GRC (Governance, Risk and Compliance). Features associated to GRC, such as - its history, its impact on businesses, types etc are covered here.
Here is the list of the topics covered:
1. How was GRC developed?
2. What exactly is GRC?
3. The role of GRC in ISMS
4. Impact of GRC
5. Types of GRC
6. The role IT-GRC in IT-RMC
7. IT-GRC Foundation
8. Why to deploy IT-GRC Management System?
Advantages and disadvantages of evaluation checklists and how to use them to improve evaluation practice. Presented at USF Center for Research, Evaluation, Assessment, and Measurement.
What Every Developer And Tester Should Know About Software SecurityAnne Oikarinen
Software security is best built in. This presentation introduces three essential things to help you design more secure software. In order to have a secure foundation, you can create and select security requirements for your applications using evil user stories and utilizing existing material for example from OWASP.
Another useful skill is threat modeling which helps you to assess security already in the design phase. Threat modeling helps you deliver better software, prioritize your preventive security measures, and focus penetration testing to the most risky parts of the system. The presentation covers various methods, such as the STRIDE model, for finding security and privacy threats.
You will also learn what kind of security related testing you can do without having any infosec background.
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Decisions
On April 15, 2015, Scalar hosted our Security Roadshow in Toronto where we'll be focused on defence in three key areas - endpoint, application, and network. Led by our team of experts, these quick-fire, interactive sessions will arm you with the knowledge you need to improve your cyber security posture in some of the most common areas of vulnerability.
Defend the Endpoint with Bromium
Bromium is a new security protection tool for the host that relies on task-based virtualization. In this demo we'll look at how Bromium runs and protects the endpoint. We'll invite 0days from the audience and bring our own to show how the system really works. Much like how each virtual server is contained in a hypervisor, with Bromium each individual task on a host is contained in its own task-based virtual container. If you’ve ever looked at the Windows Task Manager, or the output of a Unix ‘ps’ process list, imagine if each group of processes, that makes up the task, was contained in its own hypervisor. That can be 40-50 tasks or more, each isolated in its own little hypervisor with no real access to the host.
Why is task virtualization helpful? By keeping each task in its own hypervisor, Bromium gives you a bottoms-up view of each individual task’s behaviour – without impacting system performance. If each process is contained in its own hypervisor, it’s easy to see when a process begins spawning other activities or creating any unusual traffic. Basically, it can very easily identify anything shifty. This is the most granular level of inspection you can get at a host level – Bromium is there at the very beginning when the virus begins to execute.
Defend the Application with WhiteHat
In this session we will look at a newer approach to application security and penetration testing, which combines persistent and automated testing processes to continuously monitor applications for vulnerabilities, as well as deep inspection of the business logic by trained specialists. This approach exceeds newer PCI 3 requirements and provides ongoing assurance that web application vulnerabilities are quickly detected and tracked to remediation.
We'll walk through the WhiteHat Security client management portal and discuss the WhiteHat methodology that can now be used, by you, to leverage the 150+ application specialists at WhiteHat to build a continuous application assessment process for your company's active web applications and software development teams.
Defend the Network with LogRhythm
As the security landscape changes, Security Information and Event Management (SIEM) tools that detect and investigate security breaches and threats have become increasingly complex to implement, integrate, and support. Inefficient solutions leave organizations slow to defend against and respond to complex attacks.
LogRhythm’s Security Intelligence Platform has removed the complexity from SIEM, while leveraging real-time threat intelligence with behavioural an
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24
In this webinar, our expert will discuss why CISOs must embrace unified cyber risk management for greater consolidation and simplification of business risk to build trust and maximize business resilience.
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
This presentation will bring insights into how the Zero Trust framework can help organizations improve their cybersecurity posture and resilience and what the organizational challenges are.
Learn how to overcome security challenges, such as: identity theft, spoofed transactions, DDoS business disruption, criminal extortion and more. You'll learn how a security strategy promotes confidence in the cloud.
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Knoldus Inc.
The protection of applications against cyber threats is paramount. With hackers becoming increasingly sophisticated, organizations must prioritize robust security testing practices. In this informative session, we will unveil a comprehensive security testing checklist designed to fortify your applications against potential vulnerabilities and attacks.
Breached! App Attacks, Application Protection and Incident ResponseResilient Systems
Software applications, like outward facing Web applications, are consistently ranked as one of the top threat vectors. For example, according to a recent report from Trustwave, SQL injection was the attack method for 26% of all reported breaches. Indeed despite being a decade-old, well understood vulnerability, SQL injection flaws remain present in 32% of applications.
This webinar will first explain software application vulnerabilities and define their various types. It will also present recent research findings about the prevalence of these vulnerabilities and their impact. From there it will discuss what organizations can do to harden their applications. Finally, the webinar will cover best practices for responding to a successful application attack.
Our featured speaker for this timely webinar is Chris Wysopal, Co-Founder, CTO & Chief Information Security Officer at Veracode.
Are you new to Black Duck or open source security? Do you need a refresher? Understanding the fundamentals of open source security is critical to keeping your data and organization safe. During this session, we'll share best practices from the world's leading experts to help you establish a foundation for success.
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersDenim Group
Far too often application security decisions are made in an ad hoc manner and based on little or no data. This leads to an inefficient allocation of scarce resources. To move beyond fear, uncertainty and doubt, organizations must adopt an approach to application risk management based on a structured process and quantitative data. This presentation outlines such an approach for organizations to enumerate all the applications in their portfolio. It then goes through background information to collect for each application to support further decision-making. In addition, the presentation lays out an application risk-ranking framework allowing security analysts to quantitatively categorize their application assets and then plan for assessment activities based on available budgets. This provides the knowledge and tools required for them to use the approach on the applications they are responsible for in their organization. Please email dan _at_ denimgroup dot com for a template spreadsheet and a how-to guide.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Key Trends Shaping the Future of Infrastructure.pdf
Enterprise under attack dealing with security threats and compliance
1. 1
Enterprises under Attack: Dealing with
security threats and compliance
Sponsored by: SPAN Systems Corporation
Produced and Presented by: The Outsourcing Institute
2. 2
The Outsourcing Institute
• Located at outsourcing.com – Over 70,000 Executive Members Globally
• Trends, Best Practices, Case Studies
• Training Through OI University
• Specialize in Low Cost Alternatives for Outsourcing Buyers Needing
Assistance with RFP Development and/or Vendor Selection:
– Outsourcing RFP Builder Software
– Matchmaker Service
• Qualified Demand Generation Programs
• Outsourcing Jobs Opportunities and Recruiting Services Through CMS Inc.
• Local, Intimate and Interactive Outsourcing Road Show
• Sponsorship and New Business Development Opportunities & Programs
For more information contact us at:
info@outsourcing.com or 516-279-6850 ext. 712
4. 4
Topics
Enterprise Security Stature
Enterprise Security Landscape
Value of Enterprise Security
Dealing with Security Threats and Compliances
Application Security
Infrastructure Security
Compliances Validation
Budgeting for Security
5. 5
Enterprise Security Stature
Source: 2013 INFORMATION SECURITY BREACHES SURVEY - Published by The Department for Business, Innovation and Skills (BIS), UK
• Human Errors and systems glitches caused nearly two-thirds of data breaches globally in 2012
• Malicious or criminal attacks are the most costly threats at an average of $157 per compromised record
Source: 2013 Cost of a Data Breach: Global Analysis, Ponemon Institute and Symantec, June 2013
• Through 2016, the financial impact of cybercrime will grow 10% per year, due to the continuing discovery of new vulnerabilities
• By 2016, 40% of enterprises will make proof of independent security testing a precondition for using any type of cloud service
Source: Gartner Top Predictions for 2012: Control Slips Away, Gartner, December 2011
Security is an ever moving Target
63%
23%
15%
9%
41%
15%
7%
4%
Attacked by an
unauthorized outsider
Hit by denial-of-service
attacks
Network penetration by
outsiders
IP and Confidential Data
Theft
Security Breach Statistics – Small Organizations
2012 2011
78%
39%
20%
14%
73%
30%
15% 12%
Attacked by an unauthorized
outsider
Hit by denial-of-service
attacks
Network penetration by
outsiders
IP and Confidential Data
Theft
Security Breach Statistics - Large Organizations
2012 2011
6. 6
Enterprise Security Landscape
Application Security
Enterprises must address Security Threats in order to conduct the business safely
• Injection
• Broken Authentication and Session
Management
• Cross-Site Scripting (XSS)
• Insecure Direct Object References
• Security Misconfiguration
• Sensitive Data Exposure
• Missing Function Level Access Control
• Cross-Site Request Forgery (CSRF)
• Using Components with Known Vulnerabilities
• Unvalidated Redirects and Forwards
Firewall Web server Firewall Application
Server
Database
Server
• Router
• Firewall
• Switch
Host Security
• Patches and Updates
• Services
• Protocols
• Accounts
• Files and Directories
• Shares
• Ports
• Registry
• Auditing and Logging
Network Security
Infrastructure Security
7. 7
Dealing with Security Threats and Compliances
Security is a not a product, but a process.
Pre-Production
Security Testing
Application
Security Tests
Enterprise Security – Approach
Post-Production
Security Testing
Infrastructure
Security Tests
Periodic Security Audits
Compliance Validations
Managed Security
Monitoring and Operations
Establish Enterprise Security Baseline
• Applications Security Testing
• Infrastructure Security Testing
• Compliance Validations
Maintain Baseline Security Stature
• Security Validation across SDLC
• Security Monitoring and Operational Security
• Periodic Security Audits and Compliance Validations
9. 9
Infrastructure Security
The Department of Homeland Security released this map showing the locations of 7,200 key industrial control
systems that appear to be directly linked to the Internet and vulnerable to attack.
http://money.cnn.com/2013/01/09/technology/security/infrastructure-cyberattacks/
http://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_Oct-Dec2012.pdf
10. 10
Infrastructure Security
• Plan to secure the infrastructure (Network, Servers, Desktops and Mobile)
• Perform Attack Surface Analysis and design a Secure Architecture
• Consider both Internal and External Penetration tests to address internal abuse and external intrusion
• Plan for Operational Security through Managed Security Services such as Unified Threat Management
Elicitate
Security
Requirements
Threat
Modeling and
Attack Surface
Analysis
Vulnerability
Assessment
Penetration
Testing
Ethical
Hacking
Enterprise Network Security
z
Operations Security & Monitoring
Threat
Management
Incident
Management
Log
Management
Security breaches lead directly to financial fraud, identity theft, regulatory fines, brand damage,
lawsuits, downtime, malware propagation and loss of customers.
11. 11
Application Security
About 90% of the applications tested by SPAN revealed at least one HIGH RISK vulnerability
(Source: SPAN Security Testing Metrics)
(Source: SPAN Security Testing Metrics)
Applications Vulnerability Distribution - OWASP Top 10
Vulnerabilities
12. 12
Application Security
• Assess the required Security Level for the application based on the
data sensitivity and threat exposure
• Employ vulnerability management and plan to preempt the
vulnerabilities from occurring. Left Shift from detection to prevention
• Plan for application Security for every release.
• Plan for required level of security verification for the release based
on the quantum and criticality of the change in code
• Ensure that the Security Team has qualified Ethical Hackers, Secure
Programmers and Security Architects
• Ensure to follow methodologies widely accepted by industry such as OWASP
Application Security Verification Standards
• Ensure to plan for testing all the components with identified rigor.
• There is no tool in the industry that can identify all the vulnerabilities.
Leverage on Skilled exploratory testing by ethical hackers along
with the power and speed of the tools
Need is for more secure software, NOT more Security software
Elicitate
Security
Requirements
(Evil Stories)
Threat
Modeling and
Attack Surface
Analysis
Security
Code Review
Vulnerability
Assessment
Penetration
Testing
Ethical
Hacking
Requirements Design Development Deployment
Post-Deployment
Application Security
13. 13
• Establish Compliance Requirements – Regulatory,
Standards and Legal
• Plan for Pre - Audits
• Establish Compliance Metrics Dashboard and keep track
• Perform a Statistical Analysis and Implement Lessons
Learned
Compliance Validation
Example Security Compliance Dashboard
Enterprise Security
Compliances
Physical
Security
• Access
Control &
Management
Application
Security
• Secure Design
• Secure
Development
• Vulnerability
Management
• Periodic
Penetration
Testing
Infrastructure
Security
Process
Security
• Secured Data
Centers
• Threat
Management
• Events and Log
Management
• Incident
Management
• Periodic
Penetration
Testing
• Change Control
Management
• Policies and
Procedures
Source: http://www.isaca.org/
14. 14
Enterprise Security
Security Test Methodology Penetration Testing
Information Gathering
Threat Modeling and
Attack Surface Analysis
Vulnerability Analysis
Exploitation
Advancing
Exploitation
Reporting
Application/System
Security
Network Security
Identity and Access
Control
Physical Security Threat Management
Logs and Event
Management
Incident Management
Requirements
Gathering
Threat ProfilingSecurity Testing
Periodic Testing
Compliance
Validation
It is far preferable to do something NOW to avert and minimize harm before disaster strikes
17. 17
Security Verification Level Selection
The sensitivity of the application is identified based on the sensitivity of the data processed by the application and the
impact on the business by the application.
Identify what is BEST for you; all best practices are contextual
Category Highly Sensitive Moderately Sensitive Low Sensitive
Application exposed over
internet for public
• Threat Modeling & Attack Surface Analysis
• Static Code Analysis
• Security Code Review
• Vulnerability Assessment
• Application Penetration Testing
• Static Code Analysis
• Security Code Review
• Vulnerability Assessment
• Application Penetration Testing
• Static Code Analysis
• Security Code Review
• Vulnerability Assessment
• Application Penetration
Testing
Application exposed to
legitimate users over Intranet
or Dedicated Channels
• Threat Modeling & Attack Surface Analysis
• Static Code Analysis
• Security Code Review
• Application Penetration Testing
• Static Code Analysis
• Security Code Review
• Vulnerability Assessment
• Application Penetration Testing
• Static Code Analysis
• Vulnerability Assessment
19. 19
Budgeting for Security
Source: 2013 INFORMATION SECURITY BREACHES SURVEY - Published by The Department for Business, Innovation and Skills (BIS), UK
Enterprises must plan to protect the brand, attain compliance and avert costly breaches
Protecting other assets (e.g. Cash) from theft
Improving efficiency /cost reduction
Enabling business opportunities
Protecting intellectual property
Business continuity in a disaster situation
Protecting customer information
Preventing downtime and outages
Complying with laws/regulations
Protecting the organisation’s reputation
Maintaining data integrity
Information Security ExpenditureBusiness Drivers for Information Security Expenditure
10%
of IT budget is spent on an average on security
(up from 8% a year ago)
16%
of IT budget is spent on an average on
security, where security is a very high priority
(up from 11% a year ago)
92%
of respondents expect to spend at least the
same on security next year (and 47% expect to
spend more)
20. 20
Value of Enterprise Security
Protect the brand, attain compliance and avert costly breaches.
Save Money and Business
• Avoid the potential penalties due to non-conformance to security compliances
• Avoid the losses due to financial fraud, identity theft, regulatory fines
G
Better Protection of Assets and Business
• Proactively respond to the real world security threats
• Comply to different standards and regulatory compliances
Gain competitive advantage
• Increased TRUST of users and customer
• Avoid Brand Damage, downtime and loss of customer
%
21. 21
Summary
Enterprises are under attack due to continuous discovery of vulnerabilities
Enterprises can deal with security threats and meet the regulatory compliance demands
by employing
• Plan for securing assets
• Assess gaps and establish a baseline security
• Maintain security by employing Application Security, Infrastructure Security and Operations Security measures
• Achieve Compliance by Pre-Audits and continuous management of trend
Protect Business, Save Money and Gain Competitive Advantage by ensuring
Enterprise Security
22. 22Copyright: SPAN Systems Corporation www.spansystems.com 22
SPAN Systems Corporation
U.S. ‘C’ Corporation 1993 incorporated
Wholly owned by EVRY (www.evry.com), a $2.3 Billion Nordic company
Ranked #7 Best IT Places to Work For in India; Historically low attrition
CMMI5, ISO 9001 and ISO 27001 certifications
Strong Relationship Management
Customers range from Fortune 5 to SMEs
23. 23
Poll Questions
Copyright: SPAN Systems Corporation www.spansystems.com
How important is security testing for you
Critical
Very Important
Important
Not Important
Can’t say
Do you have a security solution in place for your enterprise if not would like to
implement one?
Have NO security solution and want to implement immediately
Have a reasonable security solution and want to look at options to strengthen the
solution
Have a very secure solution would not want to make any changes
Have NO security solution and do not want to implement any security measures
24. 24
Thank you for joining
Enterprises under Attack: Dealing with
security threats and compliance
This webinar was sponsored by SPAN Systems Corporation in conjunction with The Outsourcing Institute.
Amit singh,
Partner
Avasant
Vinay Ambekar,
Senior Vice President,
Engineering,
Lavante Inc.
Pramod Grama,
Co-founder and
Executive Vice President,
SPAN Infotech (India) Pvt. Ltd.
Lakshminarasimha
Manjunatha Mohan,
Solution Architect,
SPAN Infotech (India) Pvt. Ltd.
Editor's Notes
Webinar Starts at 10:30 PM IST
OI to enter the local start time
00:00 hrs
David and/or Amit to initiate
00:00 hrs + 2 minutes
Key word for next slide = “Next we talk about the speakers…”
00:00 hrs + 4 minutes
Key word for next slide = “Next we talk about the Topics for Discussion…”
00:00 hrs + 6 minutes
Indication for Pramod to take over from David/Amit
Key word for slide change = “I would now ask Pramod to introduce us to Enterprise Security…”
00:00 hrs + 9 minutes
Indication for slide change = “Next we will talk about the Security Landscape
00:00 hrs + 14 minutes
Indication for slide change = “I will now ask LN to take us into the Security Aspects for Enterprises …”
Time for first polling question
00:00 hrs + 18 minutes
Indication for slide change = “Now we can look into the Infrastructure Data Breach data…”
00:00 hrs + 21 minutes
Indication for slide change = “A birds eye view of vulnerability map depicted by Homeland Security …”
00:00 hrs + 22 minutes
Indication for slide change = “Lets now talk about Infrastructure Security…”
00:00 hrs + 25 minutes
Indication for slide change = “Lets now talk about Application Security…”
00:00 hrs + 26 minutes
Indication for slide change = “Coming to Application Security Landscape…”
00:00 hrs + 31 minutes
Indication for slide change = “Coming to compliances…”
00:00 hrs + 34 minutes
Indication for slide change = “The components of Enterprise Security…”
00:00 hrs + 39 minutes
Indication for slide change = “Planning for Security…”
Seeded Question: At our organization we use a commercial tool to do all the vulnerability scanning, is it not enough to secure the enterprise?
00:00 hrs + 41 minutes
Indication for slide change = “Levels of Security …”
00:00 hrs + 43 minutes
Indication for slide change = “Operation View of Security …”
00:00 hrs + 44 minutes
Indication for slide change = “I now request Vinay to talk about The budgets and Value for securing IT assets…”
Time for second polling question
00:00 hrs + 46 minutes
Indication for slide change = “Coming to the value of security testing…”
00:00 hrs + 49 minutes
Indication for slide change = “Pramod will now conclude with a summary of the discussion…”
00:00 hrs + 50 minutes
Indication for slide change = “We are now onto Q & A…”
David / Amit to take over. They can talk about the results of the poll responses.