[Webinar Slides] Developing a Successful Data Retention Policy AIIM International
You can’t save everything for forever, but how do you find all the policies and regulations needed to factor into your policy plans? How do you decide and prioritize these competing requirements? Learn how to answer these questions and develop a successful data retention policy.
Want to follow along with the webinar replay? Download it here for free: http://info.aiim.org/developing-your-information-management-policies
Cryptography is both an art and a science – the use of deception and mathematics, to hide, transmit, and receive data. This short course covers Cryptography as it relates to the CISSP certification. The full video course is located here: http://resources.infosecinstitute.com/cryptography-CISSP-use-of-cryptography
ATT&CK is an incredibly valuable framework for describing and analyzing what’s happening in your environment. Sometimes security professionals not only need a way to understand, but also need a way to clearly articulate to non-security leadership to gain support and investment in needed resourcing. Using UX design methods, CrowdStrike came up with a mental model and more conversational terms to help anyone quickly parse the big picture.
Sample IT Best Practices Audit report.
An objective, self service tool for CIO’s by CIOs.
Identify and prioritize issues.
Solve the root causes.
Justify Investments.
Improve user productivity.
Maximize existing assets.
Reduce IT costs.
Improve IT service.
Reallocate IT resources to drive the business.
AI Data Acquisition and Governance: Considerations for SuccessDatabricks
data pipeline, governance, and for growth and updating models regularly needs to be part of the AI strategy from the outset.
This session will cover:
Defining AI governance: What this means and how definitions of subjects like ethics and effectiveness can differ between organizations.
Data governance: Companies must rely on an AI governance program to ensure only high-quality, unbiased and consistent data are used in training.
AI is a growing necessity for enterprises / businesses; it provides an avenue for scaling quickly and efficiently.
Best practices / implementation: how to implement AI that meets the requirements of the organization’s defined sets of governances.
Planning the data pipeline and growing/updating the models: AI is not static in the real world; models must be frequently updated to maintain relevance and accuracy.
3 key takeaways or attendee benefits of the session:
Understand how to assess your organization’s need for AI; how to identify the opportune areas for transforming processes, interactions, scaling, cost.
How to start the implementation process. Defining data and AI governance and how to build the training data pipeline within that framework.
Best practices for maintaining AI; how to use data to evaluate models and continuously iterate on them to reflect the real world.
The Presentation is about the Basic Introduction to Cybersecurity that talks about introduction and what is security means. Also the presentation talks about CIA Triad i.e confidentiality, integrity and availability
[Webinar Slides] Developing a Successful Data Retention Policy AIIM International
You can’t save everything for forever, but how do you find all the policies and regulations needed to factor into your policy plans? How do you decide and prioritize these competing requirements? Learn how to answer these questions and develop a successful data retention policy.
Want to follow along with the webinar replay? Download it here for free: http://info.aiim.org/developing-your-information-management-policies
Cryptography is both an art and a science – the use of deception and mathematics, to hide, transmit, and receive data. This short course covers Cryptography as it relates to the CISSP certification. The full video course is located here: http://resources.infosecinstitute.com/cryptography-CISSP-use-of-cryptography
ATT&CK is an incredibly valuable framework for describing and analyzing what’s happening in your environment. Sometimes security professionals not only need a way to understand, but also need a way to clearly articulate to non-security leadership to gain support and investment in needed resourcing. Using UX design methods, CrowdStrike came up with a mental model and more conversational terms to help anyone quickly parse the big picture.
Sample IT Best Practices Audit report.
An objective, self service tool for CIO’s by CIOs.
Identify and prioritize issues.
Solve the root causes.
Justify Investments.
Improve user productivity.
Maximize existing assets.
Reduce IT costs.
Improve IT service.
Reallocate IT resources to drive the business.
AI Data Acquisition and Governance: Considerations for SuccessDatabricks
data pipeline, governance, and for growth and updating models regularly needs to be part of the AI strategy from the outset.
This session will cover:
Defining AI governance: What this means and how definitions of subjects like ethics and effectiveness can differ between organizations.
Data governance: Companies must rely on an AI governance program to ensure only high-quality, unbiased and consistent data are used in training.
AI is a growing necessity for enterprises / businesses; it provides an avenue for scaling quickly and efficiently.
Best practices / implementation: how to implement AI that meets the requirements of the organization’s defined sets of governances.
Planning the data pipeline and growing/updating the models: AI is not static in the real world; models must be frequently updated to maintain relevance and accuracy.
3 key takeaways or attendee benefits of the session:
Understand how to assess your organization’s need for AI; how to identify the opportune areas for transforming processes, interactions, scaling, cost.
How to start the implementation process. Defining data and AI governance and how to build the training data pipeline within that framework.
Best practices for maintaining AI; how to use data to evaluate models and continuously iterate on them to reflect the real world.
The Presentation is about the Basic Introduction to Cybersecurity that talks about introduction and what is security means. Also the presentation talks about CIA Triad i.e confidentiality, integrity and availability
It’s been three years since the General Data Protection Regulation shook up how organizations manage data security and privacy, ushering in a new focus on Data Governance. But what is the state of Data Governance today?
How has it evolved? What’s its role now? Building on prior research, erwin by Quest and ESG have partnered on a new study about what’s driving the practice of Data Governance, program maturity and current challenges. It also examines the connections to data operations and data protection, which is interesting given the fact that improving data security is now the No. 1 driver of Data Governance, according to this year’s survey respondents.
So please join us for this webinar to learn about the:
Other primary drivers for enterprise Data Governance programs
Most common bottlenecks to program maturity and sustainability
Advantages of aligning Data Governance with the other data disciplines
In a post-COVID world, data has the power to be even more transformative, and 84% of business and technology professionals say it represents the best opportunity to develop a competitive advantage during the next 12 to 24 months. Let’s make sure your organization has the intelligence it needs about both data and data systems to empower stakeholders in the front and back office to do what they need to do.
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
Presented at ISACA Indonesia Monthly Technical Meeting, 11 Dec 2019 at Telkom Landmark.
Key takeaways from my presentation:
1. Cloud customers have to understand the share responsibilities between customer and cloud provider
2. Different cloud service model (IaaS, PaaS, SaaS) has different audit methodology
3. Customer’s IT Auditor have to be trained to have the skills needed to audit the cloud service
4. Understanding IAM in Cloud is very important. Each Cloud Service Provider has different IAM mechanism
5. Understanding different type of audit logs in cloud platform is important for IT Auditor
Organizations across most industries make some attempt to utilize Data Management and Data Strategies. While most organizations have both concepts implemented, they must fully understand the difference to fully achieve their goals.
This webinar will cover three lessons, each illustrated with examples, that will help you distinguish the difference between Data Strategy and Data Management processes and communicate their value to both internal and external decision-makers:
Understanding the difference between Data Strategy and Data Management
Prioritizing organizational Data Management needs vs. Data Strategy needs
Discuss foundational Data Management and Data Strategy concepts based on “The DAMA Guide to the Data Management Body of Knowledge” (DAMA DMBOK)
Pitch Deck to SMB End Users | Kaseya Partner Program VAR Onboarding ToolDavid Castro
Sales pitch deck for VAR Rep to use during sales process with SMB end user. Content includes the following: SMB situation analysis, SMB IT management issues, solution alternatives, what is Kaseya, why SMB chooses Kaseya, how VARs can position Kaseya and make money, how VARs can leverage Kaseya resources. Presented by Kaseya. January 2015
Nowadays everyone uses their personal identification documents on a regular basis, which gets shared with third parties without their explicit consent and stored at an unknown location. Companies such as government institutions, banks, credit agencies and other financial organizations are considered to be the weakest point in the current identity management system as they are unfortified to theft and hacking of data. Although the financial services sector have been seeking solutions for identity problem for a long time, it is only now that a viable solution has arrived in form of blockchain. KYC Know Your Customer using Blockchain eliminates the repeated KYC checks that banks currently perform by maintaining a common secure database in a blockchain. The nature of a blockchain ensures that unauthorized changes to the data are automatically invalidated. The proof of reputation concept makes the verification process more robust and secure. Decentralized computing architecture, blockchain will allow for the accumulation of data from multiple authoritative service provider into a single immutable, cryptographically secured and validated database. Blockchain KYC solution take advantages of a secure, public digital ledger to give almost instantaneous and truly secure verification of identity. Due to the immutable and unalterable nature of the record kept in the blockchain, fraud could become a thing of the past. Sreelakshmi V G | Meera P M | Senna Mariya Pius | Mathews Jose | Swapna B Sasi "KYC using Blockchain" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-4 , June 2020, URL: https://www.ijtsrd.com/papers/ijtsrd31542.pdf Paper Url :https://www.ijtsrd.com/computer-science/other/31542/kyc-using-blockchain/sreelakshmi-v-g
Threat modeling is a way of viewing the world, and so what's changing in threat modeling reflects that. There's a global pandemic. The ways we build software are changing. The threats are evolving, and attacks through systems are growing in importance.
Nozomi Networks is the leader of industrial cybersecurity, delivering real-time visibility to manage cyber risk & improve resilience for industrial operations. With one solution, customers gain advanced cybersecurity, improved operational reliability & easy IT/OT integration. Innovating the use of artificial intelligence, the company helps the largest industrial sites around the world See and Secure™ their critical industrial control networks. Today Nozomi Networks supports over a quarter of a million devices in the critical infrastructure, energy, manufacturing, mining, transportation & utility sectors, making it possible to tackle the escalating cyber risks to operational networks (OT).
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...MITRE - ATT&CKcon
USAA has utilized the MITRE ATT&CK framework as a unique means to map their current detection infrastructure and assess their ability to defend against the most relevant threats to their network. In this presentation they share some lessons learned during their journey with ATT&CK leading to identified best practices for workflow integration through team composition and custom tool development.
Findability and discoverability of information / records in an organization is dependent on how much it has been worked on in terms of metadata identification, scope notes, etc.
Users are interested in getting the right information that serves their purpose. The content ought to be grouped (classified) so as to enhance its findability. The term taxonomy has bee used in the document to denote indexing.
FORTHCOMING TRAINING IN ELECTRONIC RECORDS MANAGEMENT: Book your slot today from the following Link: http://kenvisiontechniks.com/kenwp/event/electronic-records-information-management/
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
Based on 6 years of creating zero trust networks at Google, the BeyondCorp framework has led to the popularization of a new network security model within enterprises, called the software-defined perimeter.
These are the slides used in the presentation I gave alongside Haydn Thomas and Andrew Cross from Lightful.
The presentation was to help charities understand the most pressing implications of GDPR as well from an operational and marketing standpoint.
You can find out more about our organisations here:
https://tech-trust.org/
https://www.lightful.com/
https://www.meetup.com/netsquaredlondon/
It’s been three years since the General Data Protection Regulation shook up how organizations manage data security and privacy, ushering in a new focus on Data Governance. But what is the state of Data Governance today?
How has it evolved? What’s its role now? Building on prior research, erwin by Quest and ESG have partnered on a new study about what’s driving the practice of Data Governance, program maturity and current challenges. It also examines the connections to data operations and data protection, which is interesting given the fact that improving data security is now the No. 1 driver of Data Governance, according to this year’s survey respondents.
So please join us for this webinar to learn about the:
Other primary drivers for enterprise Data Governance programs
Most common bottlenecks to program maturity and sustainability
Advantages of aligning Data Governance with the other data disciplines
In a post-COVID world, data has the power to be even more transformative, and 84% of business and technology professionals say it represents the best opportunity to develop a competitive advantage during the next 12 to 24 months. Let’s make sure your organization has the intelligence it needs about both data and data systems to empower stakeholders in the front and back office to do what they need to do.
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
Presented at ISACA Indonesia Monthly Technical Meeting, 11 Dec 2019 at Telkom Landmark.
Key takeaways from my presentation:
1. Cloud customers have to understand the share responsibilities between customer and cloud provider
2. Different cloud service model (IaaS, PaaS, SaaS) has different audit methodology
3. Customer’s IT Auditor have to be trained to have the skills needed to audit the cloud service
4. Understanding IAM in Cloud is very important. Each Cloud Service Provider has different IAM mechanism
5. Understanding different type of audit logs in cloud platform is important for IT Auditor
Organizations across most industries make some attempt to utilize Data Management and Data Strategies. While most organizations have both concepts implemented, they must fully understand the difference to fully achieve their goals.
This webinar will cover three lessons, each illustrated with examples, that will help you distinguish the difference between Data Strategy and Data Management processes and communicate their value to both internal and external decision-makers:
Understanding the difference between Data Strategy and Data Management
Prioritizing organizational Data Management needs vs. Data Strategy needs
Discuss foundational Data Management and Data Strategy concepts based on “The DAMA Guide to the Data Management Body of Knowledge” (DAMA DMBOK)
Pitch Deck to SMB End Users | Kaseya Partner Program VAR Onboarding ToolDavid Castro
Sales pitch deck for VAR Rep to use during sales process with SMB end user. Content includes the following: SMB situation analysis, SMB IT management issues, solution alternatives, what is Kaseya, why SMB chooses Kaseya, how VARs can position Kaseya and make money, how VARs can leverage Kaseya resources. Presented by Kaseya. January 2015
Nowadays everyone uses their personal identification documents on a regular basis, which gets shared with third parties without their explicit consent and stored at an unknown location. Companies such as government institutions, banks, credit agencies and other financial organizations are considered to be the weakest point in the current identity management system as they are unfortified to theft and hacking of data. Although the financial services sector have been seeking solutions for identity problem for a long time, it is only now that a viable solution has arrived in form of blockchain. KYC Know Your Customer using Blockchain eliminates the repeated KYC checks that banks currently perform by maintaining a common secure database in a blockchain. The nature of a blockchain ensures that unauthorized changes to the data are automatically invalidated. The proof of reputation concept makes the verification process more robust and secure. Decentralized computing architecture, blockchain will allow for the accumulation of data from multiple authoritative service provider into a single immutable, cryptographically secured and validated database. Blockchain KYC solution take advantages of a secure, public digital ledger to give almost instantaneous and truly secure verification of identity. Due to the immutable and unalterable nature of the record kept in the blockchain, fraud could become a thing of the past. Sreelakshmi V G | Meera P M | Senna Mariya Pius | Mathews Jose | Swapna B Sasi "KYC using Blockchain" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-4 , June 2020, URL: https://www.ijtsrd.com/papers/ijtsrd31542.pdf Paper Url :https://www.ijtsrd.com/computer-science/other/31542/kyc-using-blockchain/sreelakshmi-v-g
Threat modeling is a way of viewing the world, and so what's changing in threat modeling reflects that. There's a global pandemic. The ways we build software are changing. The threats are evolving, and attacks through systems are growing in importance.
Nozomi Networks is the leader of industrial cybersecurity, delivering real-time visibility to manage cyber risk & improve resilience for industrial operations. With one solution, customers gain advanced cybersecurity, improved operational reliability & easy IT/OT integration. Innovating the use of artificial intelligence, the company helps the largest industrial sites around the world See and Secure™ their critical industrial control networks. Today Nozomi Networks supports over a quarter of a million devices in the critical infrastructure, energy, manufacturing, mining, transportation & utility sectors, making it possible to tackle the escalating cyber risks to operational networks (OT).
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...MITRE - ATT&CKcon
USAA has utilized the MITRE ATT&CK framework as a unique means to map their current detection infrastructure and assess their ability to defend against the most relevant threats to their network. In this presentation they share some lessons learned during their journey with ATT&CK leading to identified best practices for workflow integration through team composition and custom tool development.
Findability and discoverability of information / records in an organization is dependent on how much it has been worked on in terms of metadata identification, scope notes, etc.
Users are interested in getting the right information that serves their purpose. The content ought to be grouped (classified) so as to enhance its findability. The term taxonomy has bee used in the document to denote indexing.
FORTHCOMING TRAINING IN ELECTRONIC RECORDS MANAGEMENT: Book your slot today from the following Link: http://kenvisiontechniks.com/kenwp/event/electronic-records-information-management/
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
Based on 6 years of creating zero trust networks at Google, the BeyondCorp framework has led to the popularization of a new network security model within enterprises, called the software-defined perimeter.
These are the slides used in the presentation I gave alongside Haydn Thomas and Andrew Cross from Lightful.
The presentation was to help charities understand the most pressing implications of GDPR as well from an operational and marketing standpoint.
You can find out more about our organisations here:
https://tech-trust.org/
https://www.lightful.com/
https://www.meetup.com/netsquaredlondon/
General Data Protection Regulation (GDPR) tidal wave that has hit, are you ready? Is your organization prepared for the extensive privacy requirements GDPR puts forth for any organization handling EU Data Subjects' personal Data? At this point, organizations must have a complete inventory of personal data and have conducted a DPIA against it. A handful of supervisory authorities have issued compliance guidelines, but your organizations must be able to assess compliance with this ambiguous regulation at any time.
Many aspects of GDPR define the distinction between a data collector and a data processor, their respective responsibilities and compliance requirements. Those responsibilities will have an effect on the contracts you negotiate with third parties, the way in which you evaluate the risks involved with establishing a business relationship and the policies you develop to maintain compliance to the regulations.
Join this webinar to learn:
*More information about GDPR and what the industry is experiencing to date
*What minimum requirements you should have had in place by May 25, 2018
*What you should plan to do for the next 12-18 months if you are not completely ready
*What the SEC Privacy Shield program is and why you should self-certify
*How to continuously monitor vendor risk KPIs
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
The General Data Protection Regulation is the biggest change to the law on data in years. This webinar features Vicky Brown, Deputy General Counsel at WPP, and Paul King, Head of Data at OgilvyOne discussing what it is, why it matters and what companies are doing.
Webinar presented live on May 11, 2017.
As data is increasingly accessed and shared across geographic boundaries, a growing web of conflicting laws and regulations dictate where data can be transferred, stored, and shared, and how it is protected. The Object Management Group® (OMG®) and the Cloud Standards Customer Council™ (CSCC™) recently completed a significant effort to analyze and document the challenges posed by data residency. Data residency issues result from the storage and movement of data and metadata across geographies and jurisdictions.
Attend this webinar to learn more about data residency:
• How it may impact users and providers of IT services (including but not limited to the cloud)
• The complex web of laws and regulations that govern this area
• The relevant aspects – and limitations -- of current standards and potential areas of improvement
• How to contribute to future work
Read the OMG's paper, Data Residency Challenges and Opportunities for Standardization: http://www.omg.org/data-residency/
Read the CSCC's edition of the paper, Data Residency Challenges: http://www.cloud-council.org/deliverables/data-residency-challenges.htm
What is GDPR and why does it matter to me? Desynit
An introduction to the most radical changes to data protection in the last 10 years. Stephan Chandler-Garcia from Digital Catapult gives you an overview of the General Data Protection Regulation and how you can stay ahead of the curve as a Salesforce user. We will be looking at new ways of thinking about your customers data and new ways of managing consent.
The General Data Protection Regulation (GDPR) that becomes effective end of May this year will have great impact on how companies and government organizations manage digital information when dealing with information from citizens and other subject in the European Union. As data is the life blood of most organizations, it is no exaggeration to state that the GDPR will require fundamental changes in organizational behavior.
Bridging the Gap Between Privacy and RetentionInfoGoTo
This slideshare explores the vital connection between privacy and retention and explores some tools and approaches that can help organizations successfully manage them in tandem.
1. Sustainable solutions in smart cities need data – but data easily turns to personal data
=> GDPR as the law of everything
2. Who governs data and how
3. How citizens could better decide when they give their data and for what purposes and with what conditions
- Transparency
- Consent and fair contract terms
- Legitimate interest or public interest as grounds for processing data
4. Conclusions: is the GDPR fit to deal with data processing in a smart city?
Fully understand how GDPR affects the life of millions of EU citizens by having in mind the 10 simple facts exposed by Dr. Karsten Kinast
The presentation gives a short glimpse in to the motivation of GDPR, the key changes it brings, and the ongoing compliance on information lifecycle it presumes.
GDPR and evolving international privacy regulationsUlf Mattsson
Convergence of data privacy principles, standards and regulations
General Data Protection Regulation (GDPR)
GDPR and California Consumer Privacy Act (CCPA)
What role does technologies play in compliance
Use Cases
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers.
The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value.
This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
• Learn New Application and Data Protection Strategies
• Learn Advancements in Machine Learning
• Learn how to develop a roadmap for EU GDPR compliance
• Learn Data-centric Security for Digital Business
• Learn Where Data Security and Value of Data Meet in the Cloud
• Learn Data Protection On-premises, and in Public and Private Clouds
• Learn about Emerging Application and Data Protection for Multi-cloud
• Learn about Emerging Data Privacy and Security for Cloud
• Learn about New Enterprise Application and Data Security Challenges
• Learn about Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation
Michele Nati - Digital Catapult viewpoint on Industrie 4.0 - Digital Technolo...MicheleNati
Presentation showing Digital Catapult interest and fit in Industrie 4.0 movement. Digital Technologies for Manufacturing Innovation: Embracing Industry 4.0 - Nottingham, November 30th
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
GDPR and IoT: What do you need to know?
1. GDPR and IoT:
What do you need to know?
IoT Guildford Meetup
February 27th, Guildford
Michele Nati
Lead Technologist for Digital Trust
Digital Catapult, London
@michelenati
https://www.linkedin.com/in/michelenati/
2. House keeping
• Need to increase participation
• Rewards participants, hosts, speakers
• Reputation based ecosystem
• Community Engagement List (CEL)
• ERC20 token to build meetup-ers reputation
5. What is GDPR?
A regulation for the treatment of personal
data in Europe, superseding previous
DPA (in force on May 25th 2018, after a two
years grace period)
Whose personal data: All EU citizen
Who has to comply: All organizations
processing data of EU citizens
6. Personal Data – WTF?
According to GDPR: ‘Personal data’ means any information
relating to an identified or identifiable natural person (‘data
subject’); an identifiable natural person is one who can be
identified, directly or indirectly, in particular by reference to an
identifier such as a name, an identification number, location
data, an online identifier or to one or more factors specific to the
physical, physiological, genetic, mental, economic, cultural or
social identity of that natural person
IoT data are most likely personal
• If in doubt, be conservative!
7. Data Protection basics
Data Subject: the person whom data are collected
and processed for the provisioning of a service
Data Controller: who sets the purpose of the
processing (either collected directly or acquired
from other sources)
Data Processor: who processes the data for the
purpose of providing a service (might be the same
as the Controller)
8. The Data Economy:
The opportunity
• More companies are
embracing digital
transformation
• With more data used to:
• Improve in Artificial Intelligence and
Machine Learning algorithms
• Deliver more personalised services
and attract new customers
• With IoT increasing
availability of data
• Most of them being personal
10. GDPR: Transparency
Article 12-14, Information notice
concise, transparent, intelligible and easily
accessible” and “clear and in plain language
• Should avoid information fatigue
• Name the recipients of personal data
• Keep up-to-date
11. IoT Challenges
Some concepts might be difficult to convey
• Privacy Policies complexity > automated
decision
• Layered privacy policy
• Unlikely names of the recipients but
detailed categories
• How to maintain this dynamic and personalised?
• Exceptions might exist
12. GDPR: Accountability
Article 4 and 7, Consent
Consent would not legitimise collection of data which is not necessary
in relation…
Other legal basis: performance of a contract, legal obligation,
legitimate interest
“any freely given, specific, informed and unambiguous indication of
the data subject’s wishes by which he or she, by a statement or by a
clear affirmative action, signifies agreement to the processing of
personal data relating to him or her“
13. Consent requirements
Freely given
• Cannot prevent the provisioning of a service
• No data for free app
Specific
• For different data and purpose, and different
recipients
Informed
An unambiguous indication of wishes
• No pre-ticked boxes, no opt-out
Explicit Consent
• Sensitive data
Proof of consent and possibility to remove
14. How to manage consent:
Solutions Landscape
Consent
Management
Platforms
PIMSTransparency
(e.g.,PDRs)
Service ProvisioningCustomer on-boarding
Standards
15. IoT Challenges
• How to obtain consent through IoT
device?
• How to remove consent through IoT
device?
• How to keep consent updated?
• E.g. triggering new sensors, collecting new data
• How to obtain consent in shared
space? Or for shared devices? (cars,
home assistants)
16. GDPR: Level of control
Article 17-19
The right to be informed -> provide information notice
The right of access -> free of charge, within a month
The right to rectification -> within one (or two months)
The right to erasure -> some exceptions are possible
The right to restrict processing -> retain information but stop
processing
The right to data portability -> free of charge, within a month, no
hindrance
The right to object -> marketing and research unless legal basis
Rights in relation to automated decision making and profiling.
17. IoT Challenges
• Need to know all the collected data
• Be able to link data from different data
sources
• Track who you shared the data with
• Track and keep up to date retention
period
• Interoperable, machine-readable
formats
18. The risks for IoT
• Understand what data are personal
• You are most likely profiling your
customers (tell them) - Article
• You are most likely combining data
• Do you know where this data comes and how you obtained them?
(Consent)
• Is there risk of de-anonymization?
19. How to build Digital Trust
Measureable
properties
TrustworthinessTrust
- Transparency
(Article 12-14,
Information notice)
- Accountability
(Article 4 and 7,
Consent)
- Level of Control
(Article 17-19, Data
erasure and
portability)
21. The transparency risk
• Consumers are
becoming savvy
• And demands for trustworthy apps
(33%), with simple privacy
statements (source: MEF Consumer
Trust Report 2017)
• While hidden business
models and lack of
transparency might
hinder this growth
24. Consumers pain points
• Lie & Agree
• Takes too long to read and
understand
• Want to access the service
• (Often) No choice offered
• Agree & Forget
• Lack of record
• Difficult to retrieve
• Static information
• Lack of interaction
25. How to redesign
Privacy Policies?
Problem Statement: How to increase consumers’ trust and
businesses’ transparency by developing a GDPR compliant solution
that takes into account the user experience and help to reduce
consumers pain points and organizations compliance burden related
to the provisioning of digital services using personal data?
Personal Data Receipts (PDRs), a human-readable record
summarizing in a simple and clear way what personal data an
organization is collecting about an individual, for what purpose, how
they are stored and for how long and if any third party sharing is
allowed.
26. Personal Data Receipts
• How it was built
• Multidisciplinary team: UX lead, Marketing expert,
Tech Lead, Lawyer
• Customer-centric approach
• Transparency can be measured, ASK
the Customers
• The categories of data
• The purpose, including 3rd party sharing
• The where, how and how long
• The contact details of the Data Controller
• What else consumers wants
• Simple, non technical, plain text
• Icons only as support
27. PDRs and GDPR compliance
• Article 12-14, Information notice
• Use of icons and simple text to explain: what, how and for what
purpose
• (could be personalized to target different demographic groups)
• Article 4 and 7, Consent
• Includes data collected under consent
• Provides a record for both individual and organization
• Article 17-19, Data erasure and
portability
• Provides a direct channel with the contact Data Controller
• Educates business to discover their customers data (in particular
IoT and third parties) and simplify cascade updates
• Privacy by Design and DPIA
28. PDRs: The benefits
For individuals (“Savvy consumers”):
• Privacy Policies become human and simplified
• Track and control on personal data sharing is simplified (and
possible!!)
• Reassurance that data will not end in the wrong hands is
possible (3rd party sharing highlighted)
Services and apps become more trustworthy and
more data are shared with more control
For organizations:
• Attitude to personal data become user-centric
• Open new personal comm channel with their uses
Consumers trust increases and churn is avoided,
while more data are accessed
29. Where are PDRs are useful:
Patient data collection
BMS Backend
PDR
Hospital/Imaging
Centres
Visitor
BMS
website
Data Collected →
← Response
PostgreSQL
Booking Confirmation
NEW PDR
Application
Data Points for
PDR:
Email, Full Name,
DoB, Phone
Number, Address,
Post Code
Added possibility
to manage
individual rights
30. Want to know more?
• White paper available in March
• Recommendations and blueprint on
how integrate PDRs
• Templates for PDRs available
32. GDPR and AI Transparency
Article 4 (4) & 22 - Automate decision making and profiling
1. is either provided by the law, such as in the case of fraud prevention
or money laundering checks,
2. or is necessary for the performance of or entering into a contract,
3. or is based on the individual’s prior consent
This requires to explain:
1. the usage of such technologies;
2. the significance and envisaged consequences for the individual; and
3. “meaningful information about the logic involved“
This is a challenge not only for IoT data
33. AI: Transparency challenges
• Algorithms are becoming too complex
• In particular when using Deep Learning
• Not easy to explain to general public
• Privacy Policies are statics and might need to evolve as the algorithms evolve or
the subject change (PDRs can help instead)
• You want to protect IP of your model
• You can try to:
• Give access to the data you use as input
• Tell how many see the same as you, show fairness (lack of bias in training sets)
34. Be careful using AI
• Research?
• Be careful with anonymization
• Personalised service?
• Ask for consent and maintain pseudonimity
• Want more efficiency? Combine more data?
• Be transparent, Ask consent, Don’t share
Always be transparent about use of AI and
ask for consent
35. The complexity of AI
ecosystem
Individuals (Data Subjects)
Algorithm
Controllers
(Data
Controllers
)
Algorithm
Executors
(Data
Processors
)
Algorithm
Creators
38. Blockchain properties
• Transactional data are personal
• Anonymization -> Hashing is not anonymization
• Pseudonymization -> Keys are not anonymous
• Unpermissioned vs permissioned
• Decentralized network, who runs it?
• Append-only
• High-redundancy of data
39. GDRP compliance
• Personal data
• What data to store?
• Jurisdiction
• Who is the data controller?
• Digital rights enforcement
• Minimization?
• Erasure?
• Update? What update means?
• Access request? To who?
• Possible solutions?
• Think about your network first
• Think about what you store
• Consider off-chain data store, store consent but consider carefully meta-data
40. Other things to consider
Data breaches
• Report within 72 hours (in UK to the ICO)
• Communicate to data subject
• Require to map data (including processors)
Privacy by Design and DPIA
• Risk-based approach
• Might result difficult in case of HW and SW
• Lawyers, with DPO and CIO
Data Retention
• Pre-determined, explicit
• For the duration of the service
• Need frequent review
41. Get involved
• Resolve more
consumers and
businesses
tensions
• Risk of cybercrime
• Lack of control
• Fear of surveillance
• Identify achievable
trustworthy
measures
• Stimulate debate, Generate
recommendation for EU
• Co-create a DTRL (Digital
Trust Readiness Level)
https://truessec.eu
42. Other resources – initiatives
IoT Mark: https://iotmark.wordpress.com
Recommendation and a mark for SMEs
IoTSF: https://iotsecurityfoundation.org
Focus on security of IoT systems
Tech Lawyer interpretation: http://www.gamingtechlaw.com
ICO recommendations: https://ico.org.uk/for-organisations/guide-
to-the-general-data-protection-regulation-gdpr/
Digital Catapult workshop:
https://www.eventbrite.co.uk/e/innovation-opportunity-of-the-gdpr-
for-ai-and-ml-workshop-registration-42793145450
43. EU Recommendations –
Article WP29
Article 29 WP on Consent:
https://iapp.org/media/pdf/resource_center/wp29_consent
-12-12-17.pdf
Article 29 WP on Transparency:
https://iapp.org/media/pdf/resource_center/wp29-
transparency-12-12-17.pdf
Article 29 WP on Data Portability:
https://iapp.org/media/pdf/resource_center/WP29-2017-
04-data-portability-guidance.pdf