The document discusses preparing organizations for compliance with the EU General Data Protection Regulation (GDPR). It provides an overview of key GDPR requirements, such as obtaining consent for personal data use, implementing privacy by design, and responding to data breaches. The document recommends developing a GDPR action plan that includes conducting privacy impact assessments and audits. Overall, the summary emphasizes the need for organizations to understand how they use personal data and ensure they can meet GDPR requirements for data protection.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
GDPR The New Data Protection Law coming into effect May 2018. What does it me...eHealth Forum
GDPR The New Data Protection Law coming into effect May 2018. What does it mean for hospitals?
Anthe Papageorgiou, Compliance Officer & Data Protection Officer at Henry Dunant Hospital Center
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
GDPR The New Data Protection Law coming into effect May 2018. What does it me...eHealth Forum
GDPR The New Data Protection Law coming into effect May 2018. What does it mean for hospitals?
Anthe Papageorgiou, Compliance Officer & Data Protection Officer at Henry Dunant Hospital Center
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
GDPR From Implementation to OpportunityDean Sappey
GDPR presents new challenges for law firms across Europe. This presentation explains the implications of GDPR and simple strategies to ensure firms are compliant for its launch in May 2018
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?Join this webinar to learn:
• Case study and legal/regulatory impact to GDPR• Security Metrics• Oversight of third parties• How to measure cybersecurity preparedness
Presenters : Ulf Mattsson, David Morris, Ian West. and Khizar Sheikh
Date & Time : Aug 17 2017 5:00 pm
Timezone : United States - New York
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
Presentation slides from an NCVO webinar which took place on 18 October 2017.
Presentation by Gary Shipsey from Protecture, find out more about Protecture: https://www.protecture.org.uk/
View the webinar recording: https://youtu.be/D7wuDS4QZgQ
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
Key highlights of the General Data Protection Regulation (GDPR), which organisations will need to consider when preparing for its coming into force on 25 May 2018.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
The General Data Protection Regulation and the DAMA DMBOK – Tools you can use for Compliance
Abstract: The General Data Protection Regulation will be the law governing data privacy in Europe in 2018. Surveys show that less than 50% of organisations are aware of the changes within the legislation, and even fewer have any plan for achieving compliance. In this session, Daragh O Brien takes us on a high level overview of the GDPR and how the disciplines of the DMBOK can help compliance.
Notes: DMBOK is an abbreviation for the "Data Management Book of Knowledge" which is published by DAMA International (The Data Management Association)
EU General Data Protection Regulation - Update 2017Cliff Ashcroft
This free Lasa webinar looks at why data protection is important in a digital world, and what practical things charities and civil society organisations can do to prepare for when the EU General Data Protection Regulations come into force in May 2018.
It is vital charities use the next 12 months to understand their new responsibilities and put the required processes in place.
Our webinar gives you the opportunity to ensure you are prepared for what’s to come by putting your #GDPR questions to our data protection expert and published author, Paul Ticher.
Lasa does lots more charity tech help and advice - find out more at: Twitter: @lasaict
Acknowledgements:
Lasa actively promotes and supports the Way Ahead – Civil Society at the Heart of London. See www.citybridgetrust.org.uk/publications/way-ahead/
This webinar is supported by the City of London Corporation's charity, City Bridge Trust. www.citybridgetrust.org.uk
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere.
The webinar will cover:
Global trends in privacy legislations
Some commonalities between privacy laws
Compliance requirements which can affect your organization
Recorded webinar > https://www.youtube.com/watch?v=BKWf6GTlgAM&feature=youtu.be
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
https://pecb.com/en/education-and-cer...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
Be careful what you wish for! How the GDPR even now it has been finalised may not solve the key problems of rthe tech community of what is personal data and what is anonymised/pseudonymous.
Date: 15th November 2017
Location: AI Lab Theatre
Time: 16:30 - 17:00
Speaker: Elisabeth Olafsdottir / Santiago Castro
Organisation: Microsoft / Keyrus
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
GDPR From Implementation to OpportunityDean Sappey
GDPR presents new challenges for law firms across Europe. This presentation explains the implications of GDPR and simple strategies to ensure firms are compliant for its launch in May 2018
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?Join this webinar to learn:
• Case study and legal/regulatory impact to GDPR• Security Metrics• Oversight of third parties• How to measure cybersecurity preparedness
Presenters : Ulf Mattsson, David Morris, Ian West. and Khizar Sheikh
Date & Time : Aug 17 2017 5:00 pm
Timezone : United States - New York
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
Presentation slides from an NCVO webinar which took place on 18 October 2017.
Presentation by Gary Shipsey from Protecture, find out more about Protecture: https://www.protecture.org.uk/
View the webinar recording: https://youtu.be/D7wuDS4QZgQ
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
Key highlights of the General Data Protection Regulation (GDPR), which organisations will need to consider when preparing for its coming into force on 25 May 2018.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
The General Data Protection Regulation and the DAMA DMBOK – Tools you can use for Compliance
Abstract: The General Data Protection Regulation will be the law governing data privacy in Europe in 2018. Surveys show that less than 50% of organisations are aware of the changes within the legislation, and even fewer have any plan for achieving compliance. In this session, Daragh O Brien takes us on a high level overview of the GDPR and how the disciplines of the DMBOK can help compliance.
Notes: DMBOK is an abbreviation for the "Data Management Book of Knowledge" which is published by DAMA International (The Data Management Association)
EU General Data Protection Regulation - Update 2017Cliff Ashcroft
This free Lasa webinar looks at why data protection is important in a digital world, and what practical things charities and civil society organisations can do to prepare for when the EU General Data Protection Regulations come into force in May 2018.
It is vital charities use the next 12 months to understand their new responsibilities and put the required processes in place.
Our webinar gives you the opportunity to ensure you are prepared for what’s to come by putting your #GDPR questions to our data protection expert and published author, Paul Ticher.
Lasa does lots more charity tech help and advice - find out more at: Twitter: @lasaict
Acknowledgements:
Lasa actively promotes and supports the Way Ahead – Civil Society at the Heart of London. See www.citybridgetrust.org.uk/publications/way-ahead/
This webinar is supported by the City of London Corporation's charity, City Bridge Trust. www.citybridgetrust.org.uk
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere.
The webinar will cover:
Global trends in privacy legislations
Some commonalities between privacy laws
Compliance requirements which can affect your organization
Recorded webinar > https://www.youtube.com/watch?v=BKWf6GTlgAM&feature=youtu.be
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
https://pecb.com/en/education-and-cer...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
Be careful what you wish for! How the GDPR even now it has been finalised may not solve the key problems of rthe tech community of what is personal data and what is anonymised/pseudonymous.
Date: 15th November 2017
Location: AI Lab Theatre
Time: 16:30 - 17:00
Speaker: Elisabeth Olafsdottir / Santiago Castro
Organisation: Microsoft / Keyrus
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers.
The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value.
This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
• Learn New Application and Data Protection Strategies
• Learn Advancements in Machine Learning
• Learn how to develop a roadmap for EU GDPR compliance
• Learn Data-centric Security for Digital Business
• Learn Where Data Security and Value of Data Meet in the Cloud
• Learn Data Protection On-premises, and in Public and Private Clouds
• Learn about Emerging Application and Data Protection for Multi-cloud
• Learn about Emerging Data Privacy and Security for Cloud
• Learn about New Enterprise Application and Data Security Challenges
• Learn about Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation
Παρουσίαση του κ. Κώστα Γκρίτση στην εκδήλωση που πραγματοποίησε ο Κύκλος Ιδεών για την Εθνική Ανασυγκρότηση σε συνεργασία με το Ίδρυμα Διεθνών Νομικών Μελετών- Καθηγητού Ηλία Κρίσπη και με την υποστήριξη της Ελληνοαμερικανικής Ένωσης, με θέμα:
«Προστασία Προσωπικών Δεδομένων - Ηλεκτρονική Ταυτοποίηση»
Διαχείριση Προσωπικών Δεδομένων μετά την υιοθέτηση του νέου Γενικού Κανονισμού (GDPR) και Ηλεκτρονική Ταυτοποίηση με τη χρήση του δικτύου eIDAS (eID_EU): Επιχειρησιακές, τεχνικές και θεσμικές συνέπειες
την Τετάρτη 14 Μαρτίου 2018, στο Θέατρο της Ελληνοαμερικανικής Ένωσης
Στη συζήτηση συμμετείχαν:
Λίλιαν Μήτρου, Πανεπιστήμιο Αιγαίου - Πολυτεχνική Σχολή
Κωνσταντίνος Χριστοδούλου, Πανεπιστήμιο Αθηνών - Νομική Σχολή
Αντώνης Στασής, Υπουργείο Διοικητικής Ανασυγκρότησης - Διεύθυνση Ηλεκτρονικής Διακυβέρνησης
Χρυσούλα Μιχαηλίδου, ΕΕΤΤ, Νομική Υπηρεσία
Γιώργος Παπασταματίου, FORTH-CRS
Κώστας Γκρίτσης, MICROSOFT
Φερενίκη Παναγοπούλου-Κουτνατζή, Πάντειο Πανεπιστήμιο – Σχολή Δημόσια Διοίκησης
Συντόνισε ο Πέτρος Καβάσαλης, Πανεπιστήμιο Αιγαίου - Πολυτεχνική Σχολή & Κύκλος Ιδεών για την Εθνική Ανασυγκρότηση
https://ekyklos.gr/ev/581-14-3-2018-prostasia-dedomenon-ilektroniki-taftopoiisi.html
The GDPR and its requirements for implementing data protection impact assessm...IT Governance Ltd
This webinar covers:
-The GDPR’s impact and the benefits of conducting a DPIA
-The legal requirements for a DPIA under the GDPR
-High-risk DPIAs and prior consultation with the supervisory authority
-DPIAs and their links to an organisation’s risk management framework
-The practical steps to conduct a DPIA
You can watch the webinar here https://www.youtube.com/watch?v=fm9Ysg4LUQg&t=640s
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprUlf Mattsson
Do you have a GDPR Roadmap?
- How to measure Cybersecurity Preparedness
- Oversight of Third Parties
- Related International Standards
- Killing Cloud Quickly?
Technology aspects:
- International/EU PII Customer Case Studies
- Available Data Protection Options
- How to Integrate Security into Application Development
- Security Metrics
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
Learn if your organization will be impacted by the GDPR as well as what data processing tactics trigger compulsory requirements.
To watch this webinar on demand click here https://symc.ly/2GYzBjD.
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
A major challenge that many organizations faces, is how to address data privacy regulations such as CCPA, GDPR and other emerging regulations around the world, including data residency controls as well as enable data sharing in a secure and private fashion. We will present solutions that can reduce and remove the legal, risk and compliance processes normally associated with data sharing projects by allowing organizations to collaborate across divisions, with other organizations and across jurisdictions where data cannot be relocated or shared.
We will discuss secure multi-party computation where organizations want to securely share sensitive data without revealing their private inputs. We will review solutions that are driving faster time to insight by the use of different techniques for privacy-preserving computing including homomorphic encryption, k-anonymity and differential privacy. We will present best practices and how to control privacy and security throughout the data life cycle. We will also review industry standards, implementations, policy management and case studies for hybrid cloud and on-premises.
Legal Issues Associated with Third-Party Cyber RiskShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma delivered the presentation Legal Issues Associated with Third-Party Risk at the ISACA CSX 2017 North America conference in Washington, DC.
Protecting data privacy in analytics and machine learning ISACA London UKUlf Mattsson
ISACA London Chapter webinar, Feb 16th 2021
Topic: “Protecting Data Privacy in Analytics and Machine Learning”
Abstract:
In this session, we will discuss a range of new emerging technologies for privacy and confidentiality in machine learning and data analytics. We will discuss how to put these technologies to work for databases and other data sources.
When we think about developing AI responsibly, there’s many different activities that we need to think about.
This session also discusses international standards and emerging privacy-enhanced computation techniques, secure multiparty computation, zero trust, cloud and trusted execution environments. We will discuss the “why, what, and how” of techniques for privacy preserving computing.
We will review how different industries are taking opportunity of these privacy preserving techniques. A retail company used secure multi-party computation to be able to respect user privacy and specific regulations and allow the retailer to gain insights while protecting the organization’s IP. Secure data-sharing is used by a healthcare organization to protect the privacy of individuals and they also store and search on encrypted medical data in cloud.
We will also review the benefits of secure data-sharing for financial institutions including a large bank that wanted to broaden access to its data lake without compromising data privacy but preserving the data’s analytical quality for machine learning purposes.
CyNation: 7 Things You Should Know about EU GDPRIryna Chekanava
An overview of EU GDPR key characteristics, its origins and legal implications of non-compliance. It also provides the initial steps that an organisation needs to follow to operate in compliance with new cyber security regulatory landscape.
New regulations and the evolving cybersecurity technology landscapeUlf Mattsson
As the cyber threat landscape continues to evolve, organizations worldwide are increasing their spend on cybersecurity technology. We have a transition from 3rd party security providers into native cloud security services. The challenge of securing enterprise data assets is increasing. What’s needed to control Cyber Risk and stay Compliant in this evolving landscape?
We will discuss evolving industry standards, how to keep track of your data assets, protect your sensitive data and maintain compliance to new regulations.
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
Digital Transformation and the opportunities to use data in Analytics and Machine Learning are growing exponentially, but so too are the business and financial risks in Data Privacy. The increasing number of privacy incidents and data breaches are destroying brands and customer trust, and we will discuss how business prioritization can be benefit from a finance-based data risk assessment (FinDRA).
More than 60 countries have introduced privacy laws and by 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations. We will discuss use cases in financial services that are finding a balance between new technology impact, regulatory compliance, and commercial business opportunity. Several privacy-preserving and privacy-enhanced techniques can provide practical security for data in use and data sharing, but none universally cover all use cases. We will discuss what tools can we use mitigate business risks caused by security threats, data residency and privacy issues. We will discuss how technologies like pseudonymization, anonymization, tokenization, encryption, masking and privacy preservation in analytics and business intelligence are used in Analytics and Machine Learning.
Organizations are increasingly concerned about data security in processing personal information in external environments, such as the cloud; and information sharing. Data is spreading across hybrid IT infrastructure on-premises and multi-cloud services and we will discuss how to enforce consistent and holistic data security and privacy policies. Increasing numbers of data security, privacy and identity access management products are in use, but they do not integrate, do not share common policies, and we will discuss use cases in financial services of different techniques to protect and manage data security and privacy.
General Data Protection Regulation (GDPR) Complianceaccenture
Whether you are at the beginning of your journey, or are already mid-way through, this document presents the key GDPR themes, priority areas, and business opportunities, which we feel are important considerations for any GDPR programme.
Jun 29 new privacy technologies for unicode and international data standards ...Ulf Mattsson
Protecting the increasing use International Unicode characters is required by a growing number of Privacy Laws in many countries and general Privacy Concerns with private data. Current approaches to protect International Unicode characters will increase the size and change the data formats. This will break many applications and slow down business operations. The current approach is also randomly returning data in new and unexpected languages. New approach with significantly higher performance and a memory footprint can be customizable and fit on small IoT devices.
We will discuss new approaches to achieve portability, security, performance, small memory footprint and language preservation for privacy protecting of Unicode data. These new approaches provide granular protection for all Unicode languages and customizable alphabets and byte length preserving protection of privacy protected characters.
Old Approaches
Major Issues
Protecting the increasing use International Unicode characters is required by a growing number of Privacy Laws in many countries and general Privacy Concerns with private data.
Old approaches to protect International Unicode characters will typically increase the size and change the data formats.
This will break many applications and slow down business operations. This is an example of an old approach that is also randomly returning data in new and unexpected languages
Book about
Quantum Computing Blockchain Reversable Protection Privacy by Design, Applications and APIs Privacy, Risks, and Threats Machine Learning and Analytics Non-Reversable Protection International Unicode Secure Multi-party Computing Computing on Encrypted Data Internet of Things II. Data Confidentiality and Integrity Standards and Regulations IV. Applications VI. Summary Best Practices, Roadmap, and Vision Trends, Innovation, and Evolution Hybrid Cloud , CASB and SASE Appendix A B C D E I. Introduction and Vision Section Access Control Zero Trust Architecture Trusted Execution Environments III. Users and Authorization Governance, Guidance, and Frameworks V. Platforms Data User App Innovation 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Chapter Discovery and Search Glossary
qubit-conference-new-york-2021: https://nyc.qubitconference.com/
Cybersecurity: Get ready for the unpredictable
Create a sound cybersecurity strategy based on the right technology & budgetary insights, proven practices, and processes for SMEs.
This virtual event will equip CxOs and cybersecurity teams with the right intel to create a sound cybersecurity strategy based on the right technology & budgetary insights, proven practices, and processes specially tailored for SMEs.
Find out how to bring the smart design of cybersecurity architecture and processes, what to automate & how to properly set up internal and external ownership.
The proven cybersecurity strategy fit for your environment can go a long way. Know what to do in-house, what to outsource, set up your budgets right, and get help from the right cybersecurity specialists.
Secure analytics and machine learning in cloud use casesUlf Mattsson
Table of Contents:
Secure Analytics and Machine Learning in Cloud ......................................................................................... 2
Use case #1 in Financial Industry .............................................................................................................. 2
Data Flow .............................................................................................................................................. 2
The approach can be used for other Use-cases .................................................................................... 2
Homomorphic Encryption for Secure Machine Learning in Cloud ............................................................... 3
Evolving Homomorphic Encryption .......................................................................................................... 3
Performance Examples – HE, RSA and AES ........................................................................................... 3
Performance Examples – FHE, NTRU, ECC, RSA and AES ...................................................................... 3
Some popular HE schemes .................................................................................................................... 4
Examples of HE Libraries used by IBM, Duality, and Microsoft ............................................................ 4
Fast Homomorphic Encryption for Secure Analytics in Cloud ...................................................................... 4
Use case #2 in Health Care ........................................................................................................................ 5
Provable security for untrusted environments ..................................................................................... 5
Comparison to multiparty computation and trusted execution environments ................................... 5
Time and memory requirements of HE ................................................................................................ 5
Managing Data Security in Hybrid Cloud ...................................................................................................... 8
Data Security Policy and Zero Trust Architecture ..................................................................................... 8
The future of encryption will change in the Post-Quantum Era: .............................................................. 8
Managing Data Security in a Hybrid World ................................................................................................... 9
Evolving Privacy Regulations ....................................................................................................................... 10
New Ruling in GDPR under "Schrems II" ................................................................................................. 10
The new California Privacy Rights Act (CPRA)
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
We will discuss the Evolving International Privacy Regulations. Cross Border Data Transfer for GDPR under Schrems II is now ruled by an EU court that defined what is required. This ruling can be far reaching for many businesses.
Data encryption and tokenization for international unicodeUlf Mattsson
Unicode is an information technology standard for the consistent encoding, representation, and handling of text expressed in most of the world's writing systems. The standard is maintained by the Unicode Consortium, and as of March 2020, it has a total of 143,859 characters, with Unicode 13.0 (these characters consist of 143,696 graphic characters and 163 format characters) covering 154 modern and historic scripts, as well as multiple symbol sets and emoji. The character repertoire of the Unicode Standard is synchronized with ISO/IEC 10646, each being code-for-code identical with the other.
The Unicode Standard consists of a set of code charts for visual reference, an encoding method and set of standard character encodings, a set of reference data files, and a number of related items, such as character properties, rules for normalization, decomposition, collation, rendering, and bidirectional text display order (for the correct display of text containing both right-to-left scripts, such as Arabic and Hebrew, and left-to-right scripts). Unicode's success at unifying character sets has led to its widespread and predominant use in the internationalization and localization of computer software. The standard has been implemented in many recent technologies, including modern operating systems, XML, Java (and other programming languages), and the .NET Framework.
Unicode can be implemented by different character encodings. The Unicode standard defines Unicode Transformation Formats (UTF) UTF-8, UTF-16, and UTF-32, and several other encodings. The most commonly used encodings are UTF-8, UTF-16, and UCS-2 (a precursor of UTF-16 without full support for Unicode)
The future of data security and blockchainUlf Mattsson
Discussion of Post-Quantum Cryptography and other technologies:
Data Security Techniques
Secure Multi-Party Computation (SMPC)
Homomorphic encryption (HE)
Differential Privacy (DP) and K-Anonymity
Pseudonymization and Anonymization
Synthetic Data
Zero trust architecture (ZTA)
Zero-knowledge proofs (ZKP)
Private Set Intersection (PSI)
Trusted execution environments (TEE)
Post-Quantum Cryptography
Blockchain
Regulations and Standards in Data Privacy
GDPR and evolving international privacy regulationsUlf Mattsson
Convergence of data privacy principles, standards and regulations
General Data Protection Regulation (GDPR)
GDPR and California Consumer Privacy Act (CCPA)
What role does technologies play in compliance
Use Cases
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
In the shadow of the global pandemic and the associated economic downturn, organizations are focused on cost optimization, which often leads to impulsive decisions to deprioritize compliance with all nonrevenue programs.
Regulators have evolved to adapt with the notable increase in data subject complaints and are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine while Equifax agreed to pay a minimum of $575 million for its breach. The US Federal Trade Commission, the US Consumer Financial Protection Bureau (CFPB), and all 50 U.S. states and territories sued over the company’s failure to take “reasonable steps” to secure its sensitive personal data.
Privacy and data protection are enforced by a growing number of regulations around the world and people are actively demanding privacy protection — and legislators are reacting. More than 60 countries have introduced privacy laws in response to citizens’ cry for transparency and control. By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today, according to Gartner. There is a convergence of data privacy principles, standards and regulations on a common set of fundamental principles.
The opportunities to use data are growing exponentially, but so too are the business and financial risks as the number of data protection and privacy regulations grows internationally.
Join this webinar to learn more about:
- Trends in modern privacy regulations
- The impact on organizations to protect and use sensitive data
- Data privacy principles
- The impact of General Data Protection Regulation (GDPR) and data transfer between US and EU
- The evolving CCPA, the new PCI DSS version 4 and new international data privacy laws or regulations
- Data privacy best practices, use cases and how to control sensitive personal data throughout the data life cycle
What is tokenization in blockchain - BCS LondonUlf Mattsson
BCS North London Branch in association with Central London Branch webinar (by GoToWebinar) Date: 2nd December 2020 Time: 18.00 to 19.30 Event title: Blockchain tokenization “What is tokenization in Blockchain?”
Agenda
Blockchain
What is Blockchain?
Use cases, trends and risks
Vendors and platforms
Data protection techniques and scalability
Tokenization
Digital business
Convert a digital value into a digital token
Local and central models
Cloud
Tokenization in Hybrid cloud
Protecting data privacy in analytics and machine learning - ISACAUlf Mattsson
In this session, we will discuss a range of new emerging technologies for privacy and confidentiality in machine learning and data analytics. We will discuss how to put these technologies to work for databases and other data sources.
When we think about developing AI responsibly, there’s many different activities that we need to think about.
This session also discusses international standards and emerging privacy-enhanced computation techniques, secure multiparty computation, zero trust, cloud and trusted execution environments. We will discuss the “why, what, and how” of techniques for privacy preserving computing.
We will review how different industries are taking opportunity of these privacy preserving techniques. A retail company used secure multi-party computation to be able to respect user privacy and specific regulations and allow the retailer to gain insights while protecting the organization’s IP. Secure data-sharing is used by a healthcare organization to protect the privacy of individuals and they also store and search on encrypted medical data in cloud.
We will also review the benefits of secure data-sharing for financial institutions including a large bank that wanted to broaden access to its data lake without compromising data privacy but preserving the data’s analytical quality for machine learning purposes.
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bUlf Mattsson
Blockchain
- What is Blockchain?
- Blockchain trends
Emerging data protection techniques
- Secure multiparty computation
- Trusted execution environments
- Use cases for analytics
- Industry Standards
Tokenization
- Convert a digital value into a digital token
- Tokenization local or in a centralized model
- Tokenization and scalability
Cloud
- Analytics in Hybrid cloud
Unlock the potential of data security 2020Ulf Mattsson
Explore challenges of managing and protecting data. We'll share best practices on establishing the right balance between privacy, security, and compliance
Tokenization on Blockchain is a steady trend. It seems that everything is being tokenized on Blockchain from paintings, diamonds and company stocks to real estate. Thus, we took an asset, tokenized it and created its digital representation that lives on Blockchain. Blockchain guarantees that the ownership information is immutable.
Unfortunately, some problems need to be solved before we can successfully tokenize real-world assets on Blockchain. Main problem stems from the fact that so far, no country has a solid regulation for cryptocurrency. For example, what happens if a company that handles tokenization sells the property? They have no legal rights on the property and thus are not protected by the law. Another problem is that this system brings us back some sort of centralization. The whole idea of Blockchain and especially smart contracts is to create a trustless environment.
Tokenization is a method that converts a digital value into a digital token. Tokenization can be used as a method that converts rights to an asset into a digital token.
The tokenization system can be implemented local to the data that is tokenized or in a centralized model. We will discuss tokenization implementations that can provide scalability across hybrid cloud models. This session will position different data protection techniques, use cases for blockchain, and protecting blockchain.
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
In this session, we will discuss a range of new emerging technologies for privacy and confidentiality in machine learning and data analytics. We will discuss how to use open source tools to put these technologies to work for databases and other data sources.
When we think about developing AI responsibly, there’s many different activities that we need to think about. In this session, we will discuss technologies that help protect people, preserve privacy, and enable you to do machine learning confidentially.
This session discusses industry standards and emerging privacy-enhanced computation techniques, secure multiparty computation, and trusted execution environments. We will discuss Zero Trust philosophy fundamentally changes the way we approach security since trust is a vulnerability that can be exploited particularly when working remotely and increasingly using cloud models. We will also discuss the “why, what, and how” of techniques for privacy preserving computing.
We will review how different industries are taking opportunity of these privacy preserving techniques. A retail company used secure multi-party computation to be able to respect user privacy and specific regulations and allow the retailer to gain insights while protecting the organization’s IP. Secure data-sharing is used by a healthcare organization to protect the privacy of individuals and they also store and search on encrypted medical data in cloud.
We will also review the benefits of secure data-sharing for financial institutions including a large bank that wanted to broaden access to its data lake without compromising data privacy but preserving the data’s analytical quality for machine learning purposes.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Accelerate your Kubernetes clusters with Varnish Caching
Gdpr action plan - ISSA
1. Do You Have a Roadmap for EU
GDPR Compliance?
Ulf Mattsson,
CTO Security Solutions Atlantic BT
2. Ulf Mattsson
Inventor of more than 55 Issued US Patents
Industry Involvement:
• PCI DSS - PCI Security Standards Council
Encryption & Tokenization Task Forces, Cloud &
Virtualization SIGs
• IFIP - International Federation for Information Processing
• CSA - Cloud Security Alliance
• ANSI - American National Standards Institute
ANSI X9 Tokenization Work Group
• NIST - National Institute of Standards and Technology
NIST Big Data Working Group
• User Groups
Security: ISACA & ISSA
Databases: IBM & Oracle
2
14. Ransomware are Getting Worse
• The cyber security solutions that are in place today are somewhat effective
• But a significant proportion of decision makers report that their problems
with phishing
• Ransomware are getting worse over time
• For most of the cyber security capabilities that organizations have
deployed to combat these threats, the majority of decision makers report
they are not highly effective
Source: Osterman Research, Inc., 2017
14
28. The GDPR Institute
Helping you resolve YOUR GDPR Challenge
& Maximise the GDPR Opportunity
A Members Owned Not-for-Profit Organisation
www.gdpr.institute
28
41. GDPR Case Studies
41
• US and Spain – customer data
• Italy, Germany and more – financial data
• Germany – outsourcing
• Sweden – PII data
42. GDPR Simplified into 12 blocks
1. Legitimate basis for data: organizations must know and be able to prove that processing has a legitimate purpose.
2. Information you hold: organization should keep data only in so far as necessary.
3. Individuals rights: individuals (customer…) have the right to ask questions about their personal data.
4. Consent: there should be explicit and clear consent for processing of personal data.
5. Children´s data: explicit consent of the child’s parents (or guardian) for minors less than 16 years of age.
6. Privacy notices: Organizations must transparently state their approach to personal data protection in a privacy notice.
7. Data breaches: Organizations must maintain a data breach register and, data subject should be informed within 72
hours.
8. Privacy by design: Mechanisms to protect personal data should be incorporated in design of new systems and
processes.
9. Privacy impact assessment: organization must conduct a privacy impact assessment to review the impact and
possible risks.
10. Data Protection Officers: organization should assess the need to assign a Data Protection Officer.
11. Third parties: The controller of personal data has the responsibility to ensure that personal data is protect
12. Awareness: To create awareness among your staff about key principles on data protection, conduct regular training.
To know more read my book https://goo.gl/HMDRfk
43. Webcast title : EU GDPR Details
• Duration : 60 min
• Date & Time : Oct 25 2017 10:00 am
• Timezone : United States - New York
• Webcast URL : https://www.brighttalk.com/webcast/14723/269681
45. Protect Sensitive Cloud Data
Internal Network Administrator
Attacker
Remote
User
Internal User
Public Cloud
Examples
Each sensitive
field is protectedEach
authorized
field is in
clear
Cloud Gateway
45
Data Security Agents, including encryption, tokenization or masking of fields or files (at transit
and rest)
SecDevOps
The issue is
INTENTIONAL use of
UNSANCTIONED
public cloud storage
for ease of use for
corporate data
46. Securing Big Data - Examples of Security Agents
Import de-identified
data
Export identifiable data
Export audit for
reporting
Data protection at
database,
application, file
Or in a
staging area
HDFS (Hadoop Distributed File System)
Pig (Data Flow) Hive (SQL) Sqoop
ETL Tools BI Reporting RDBMS
MapReduce
(Job Scheduling/Execution System)
OS File System
Big Data
Data Security Agents, including encryption, tokenization or
masking of fields or files (at transit and rest)
46
SecDevOps
47. Virtual Machines
Docker
Data Security Agents, including encryption, tokenization or masking of fields or files (at transit and
rest)
Source: http://www.slideshare.net/GiacomoVacca/docker-from-scratch
SecDevOps
SecDevOps
47
Welcome to my session and Thank you for inviting me
FinTech - Wikipedia
https://en.wikipedia.org/wiki/Financial_technology
Financial technology, also known as FinTech, is an industry composed of companies that use new technology and innovation to leverage available resources in .
Cyber Risk Management in 2017: Challenges & Recommendations
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
Will Your Data Be Sold?
May 12 2017, 3:13 p.m.
IN MID-APRIL, an arsenal of powerful software tools apparently designed by the NSA to infect and control Windows computers was leaked by an entity known only as the “Shadow Brokers.” Not even a whole month later, the hypothetical threat that criminals would use the tools against the general public has become real, and tens of thousands of computers worldwide are now crippled by an unknown party demanding ransom.
An infected NHS computer in Britain Gillian Hann
The malware worm taking over the computers goes by the names “WannaCry” or “Wanna Decryptor.” It spreads from machine to machine silently and remains invisible to users until it unveils itself as so-called ransomware, telling users that all their files have been encrypted with a key known only to the attacker and that they will be locked out until they pay $300 to an anonymous party using the cryptocurrency Bitcoin. At this point, one’s computer would be rendered useless for anything other than paying said ransom. The price rises to $600 after a few days; after seven days, if no ransom is paid, the hacker (or hackers) will make the data permanently inaccessible (WannaCry victims will have a handy countdown clock to see exactly how much time they have left).
Ransomware is not new; for victims, such an attack is normally a colossal headache. But today’s vicious outbreak has spread ransomware on a massive scale, hitting not just home computers but reportedly health care, communications infrastructure, logistics, and government entities.
Reuters said that “hospitals across England reported the cyberattack was causing huge problems to their services and the public in areas affected were being advised to only seek medical care for emergencies,” and that “the attack had affected X-ray imaging systems, pathology test results, phone systems and patient administration systems.”
The worm has also reportedly reached universities, a major Spanish telecom, FedEx, and the Russian Interior Ministry. In total, researchers have detected WannaCry infections in over 57,000 computers across over 70 countries (and counting — these things move extremely quickly).
View image on TwitterView image on Twitter
Follow
12B @dodicin
A ransomware spreading in the lab at the university
7:24 AM - 12 May 2017
1,711 1,711 Retweets 1,340 1,340 likes
According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind. The security researcher who tweets and blogs as MalwareTech told The Intercept, “I’ve never seen anything like this with ransomware,” and “the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over 9 million computers in nearly 200 countries.
Most importantly, unlike previous massively replicating computer worms and ransomware infections, today’s ongoing WannaCry attack appears to be based on an attack developed by the NSA, code-named ETERNALBLUE. The U.S. software weapon would have allowed the spy agency’s hackers to break into potentially millions of Windows computers by exploiting a flaw in how certain versions of Windows implemented a network protocol commonly used to share files and to print. Even though Microsoft fixed the ETERNALBLUE vulnerability in a March software update, the safety provided there relied on computer users keeping their systems current with the most recent updates. Clearly, as has always been the case, many people (including in government) are not installing updates. Before, there would have been some solace in knowing that only enemies of the NSA would have to fear having ETERNALBLUE used against them — but from the moment the agency lost control of its own exploit last summer, there’s been no such assurance. Today shows exactly what’s at stake when government hackers can’t keep their virtual weapons locked up. As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it, “I am actually surprised that a weaponized malware of this nature didn’t spread sooner.”
Screenshot of an infected computer via Avast.
The infection will surely reignite arguments over what’s known as the Vulnerabilities Equity Process, the decision-making procedure used to decide whether the NSA should use a security weakness it discovers (or creates) for itself and keep it secret, or share it with the affected companies so that they can protect their customers. Christopher Parsons, a researcher at the University of Toronto’s Citizen Lab, told The Intercept plainly: “Today’s ransomware attack is being made possible because of past work undertaken by the NSA,” and that “ideally it would lead to more disclosures that would improve the security of devices globally.”
But even if the NSA were more willing to divulge its exploits rather than hoarding them, we’d still be facing the problem that too many people really don’t seem to care about updating their software. “Malicious actors exploit years old vulnerabilities on a routine basis when undertaking their operations,” Parsons pointed out. “There’s no reason that more aggressive disclose of vulnerabilities through the VEP would change such activities.”
A Microsoft spokesperson provided the following comment:
Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt. In March, we provided a security update which provides additional protections against this potential attack. Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance.
Update: May 12, 2017, 3:45 p.m.
This post was updated with a comment from Microsoft.
Update: May 12, 2017, 4:10 p.m.
This post was updated with a more current count of the number of affected countries.
Will You Ever Get Your Data Back?
SPONSOR OF THIS WHITE PAPER
KnowBe4 is the world’s most popular integrated Security Awareness Training and
Simulated Phishing platform. Realizing that the human element of security was being
seriously neglected, KnowBe4 was created to help organizations manage the problem
of social engineering through a comprehensive new-school awareness training
approach.
Risk Assessment. We evaluate your digital footprint and infrastructure to find and resolve vulnerabilities in your network, databases, applications, storage, and other infrastructure.
Data Security. We map the flow of data across your digital footprint, applications environment, library framework, source code, and storage to pinpoint risks before they turn into attacks.
Secure Hosting. We create dynamic, cloud-based environments with inside-out security controls to protect your systems and storage from attacks and other service disruptions.
Application Security. We practice “secure by design” discipline in our software development. This protects your custom applications by automating secure coding standards and testing at every step.
Integrated Tools. We architect holistic security solutions that integrate traditionally siloed tools to give you a lean and flexible security stack—reducing the effects of tools sprawl and wasted level of effort.
Monitoring and Contingency Plans. We monitor your systems, applications, and digital interactions for threats and architect back-up capabilities to quickly restore service if a breach occurs.
https://www.atlanticbt.com/services/cybersecurity/
Risk Assessment. We evaluate your digital footprint and infrastructure to find and resolve vulnerabilities in your network, databases, applications, storage, and other infrastructure.
Data Security. We map the flow of data across your digital footprint, applications environment, library framework, source code, and storage to pinpoint risks before they turn into attacks.
Secure Hosting. We create dynamic, cloud-based environments with inside-out security controls to protect your systems and storage from attacks and other service disruptions.
Application Security. We practice “secure by design” discipline in our software development. This protects your custom applications by automating secure coding standards and testing at every step.
Integrated Tools. We architect holistic security solutions that integrate traditionally siloed tools to give you a lean and flexible security stack—reducing the effects of tools sprawl and wasted level of effort.
Monitoring and Contingency Plans. We monitor your systems, applications, and digital interactions for threats and architect back-up capabilities to quickly restore service if a breach occurs.
https://www.atlanticbt.com/services/cybersecurity/
Risk Assessment. We evaluate your digital footprint and infrastructure to find and resolve vulnerabilities in your network, databases, applications, storage, and other infrastructure.
Data Security. We map the flow of data across your digital footprint, applications environment, library framework, source code, and storage to pinpoint risks before they turn into attacks.
Secure Hosting. We create dynamic, cloud-based environments with inside-out security controls to protect your systems and storage from attacks and other service disruptions.
Application Security. We practice “secure by design” discipline in our software development. This protects your custom applications by automating secure coding standards and testing at every step.
Integrated Tools. We architect holistic security solutions that integrate traditionally siloed tools to give you a lean and flexible security stack—reducing the effects of tools sprawl and wasted level of effort.
Monitoring and Contingency Plans. We monitor your systems, applications, and digital interactions for threats and architect back-up capabilities to quickly restore service if a breach occurs.
https://www.atlanticbt.com/services/cybersecurity/
The reason for high interest is based on the Cloud Gateway Benefits
Example
Eliminates the threat of third parties exposing your sensitive information
Delivers a secure and uncompromised SaaS user experience
Identifies malicious activity and proves compliance to third parties and detailed audit trails
Eases cloud adoption process and acceptance
Product is transparent and has close to 0% overhead impact
Simplifies compliance requirements
Ability to outsource a portion of your IT security requirements
Eliminates data residency concerns and requirements
Greatly reduces cloud application security risk
Enables partner access to your sensitive data
Controls cloud security from the enterprise
Protects your business from third party access
Data protection at database, application or file
Data protection in a staging area
3. Volume encryption in Hadoop
4. Hbase, Pig, Hive, Flume and Scope using protection API
5. MapReduce using protection API
6. File and folder encryption in HDFS
8. Export de-identified data
7. Import de-identified data
9. Export identifiable data
10. Export audit s for reporting
Examples of Services That Can Fill The Gap
Security Services
Audit & Assessment Services
Application Security Consulting
Managed Vulnerability Scanning
Security Tools Implementation
Virtual CISO
Application Services
Application Hosting & Cloud Migration
IT Consulting & Information Architecture
Software Development & User Experience Design