This document provides an introduction to information system security. It discusses key concepts like security, information security, vulnerabilities, threats, attacks, security policies, and security measures. The document outlines common security risks like interruption, interception, modification, masquerading, and repudiation. It explains that security policies provide guidelines for implementing security controls to protect information system assets from such risks according to the security principles of confidentiality, integrity, and availability.
This document provides an overview of an upcoming ISO27001 training course on Information Security Management Systems (ISMS). It discusses the objectives of the course, which are to learn about ISO 27001 requirements for ISMS, understand the significance of information security, and acquire awareness of underlying risks. The document outlines the key topics that will be covered, including information security background, ISMS benefits, requirements and risks. It also provides details on the recent updates to ISO 27001 in 2022, such as additional requirements for objectives, planning, operations and the introduction of new controls.
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
This document provides lessons learned from implementing Active Directory domains in control system environments. It covers topics like time synchronization, DNS, Active Directory replication, domain controller maintenance, backup and restore, user and group guidelines, and ICS group policy. The key lessons are: accurate time sync is critical; DNS configuration on domain controllers must include the loopback address; Active Directory replication links need to be properly configured; flexible single master operations roles should be transferred before domain controller maintenance; individual user accounts should be used instead of shared administrator accounts; and group policy can be used to apply security settings to control systems. The presentation provides guidance on best practices, common problems encountered, and their solutions.
The document discusses Tableau's security model, which includes authentication, authorization, data security, auditing, and network security components. Authentication verifies user identities and can use local, Active Directory, LDAP, or external authentication. Authorization uses role-based access control to determine user permissions. Data security protects sensitive data through features like data source authentication, row-level security, and encryption of data in transit and at rest. Network security secures communication using methods such as network segmentation, SSL/TLS encryption, firewalls, and VPNs.
A look at current cyberattacks in UkraineKaspersky
Kaspersky researchers have been monitoring the activity of APT actors, cybercriminals and hacktivists currently involved in the conflict in Ukraine. During this webinar, the Global Research and Analysis Team (GReAT) will share their findings on the most recent cyberattacks targeting Ukraine and present their observations, analysis and top findings.
- The types of attacks that have been targeting Ukraine for the past few months
- The results of analysis on destructive attacks and malware (HermeticWiper, etc...)
- How organizations can defend themselves against cyberattacks
GReAT, Kaspersky’s Global Research and Analysis Team, consists of 40 researchers based around the world that work on uncovering APTs, cyberespionage campaigns, major malware, ransomware and underground cybercriminal trends across the world.
Learn more about the importance of ISO 27001 and its role on GRC, what the advantages of starting with ISO 27001 are and the importance of its structure.
Main points covered:
• Definition and goals of GRC (Governance, Risk and Compliance)
• How the structure of ISO/IEC 27001 implements GRC
• Advantages of starting with ISO/IEC 27001
Presenter:
This webinar was presented by Jorge Lozano. He is a senior manager at the Cybersecurity & Privacy practice of PwC Mexico. He has over 17 years of experience in information security and holds the CISSP, CISM, CEH, and ISO27001LI certifications. He is an instructor of PECB for the ISO27001 Introduction, Foundation and Lead Implementer courses.
Link of the recorded session published on YouTube: https://youtu.be/sLfAarQ8cf0
This document provides an introduction to information system security. It discusses key concepts like security, information security, vulnerabilities, threats, attacks, security policies, and security measures. The document outlines common security risks like interruption, interception, modification, masquerading, and repudiation. It explains that security policies provide guidelines for implementing security controls to protect information system assets from such risks according to the security principles of confidentiality, integrity, and availability.
This document provides an overview of an upcoming ISO27001 training course on Information Security Management Systems (ISMS). It discusses the objectives of the course, which are to learn about ISO 27001 requirements for ISMS, understand the significance of information security, and acquire awareness of underlying risks. The document outlines the key topics that will be covered, including information security background, ISMS benefits, requirements and risks. It also provides details on the recent updates to ISO 27001 in 2022, such as additional requirements for objectives, planning, operations and the introduction of new controls.
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
This document provides lessons learned from implementing Active Directory domains in control system environments. It covers topics like time synchronization, DNS, Active Directory replication, domain controller maintenance, backup and restore, user and group guidelines, and ICS group policy. The key lessons are: accurate time sync is critical; DNS configuration on domain controllers must include the loopback address; Active Directory replication links need to be properly configured; flexible single master operations roles should be transferred before domain controller maintenance; individual user accounts should be used instead of shared administrator accounts; and group policy can be used to apply security settings to control systems. The presentation provides guidance on best practices, common problems encountered, and their solutions.
The document discusses Tableau's security model, which includes authentication, authorization, data security, auditing, and network security components. Authentication verifies user identities and can use local, Active Directory, LDAP, or external authentication. Authorization uses role-based access control to determine user permissions. Data security protects sensitive data through features like data source authentication, row-level security, and encryption of data in transit and at rest. Network security secures communication using methods such as network segmentation, SSL/TLS encryption, firewalls, and VPNs.
A look at current cyberattacks in UkraineKaspersky
Kaspersky researchers have been monitoring the activity of APT actors, cybercriminals and hacktivists currently involved in the conflict in Ukraine. During this webinar, the Global Research and Analysis Team (GReAT) will share their findings on the most recent cyberattacks targeting Ukraine and present their observations, analysis and top findings.
- The types of attacks that have been targeting Ukraine for the past few months
- The results of analysis on destructive attacks and malware (HermeticWiper, etc...)
- How organizations can defend themselves against cyberattacks
GReAT, Kaspersky’s Global Research and Analysis Team, consists of 40 researchers based around the world that work on uncovering APTs, cyberespionage campaigns, major malware, ransomware and underground cybercriminal trends across the world.
Learn more about the importance of ISO 27001 and its role on GRC, what the advantages of starting with ISO 27001 are and the importance of its structure.
Main points covered:
• Definition and goals of GRC (Governance, Risk and Compliance)
• How the structure of ISO/IEC 27001 implements GRC
• Advantages of starting with ISO/IEC 27001
Presenter:
This webinar was presented by Jorge Lozano. He is a senior manager at the Cybersecurity & Privacy practice of PwC Mexico. He has over 17 years of experience in information security and holds the CISSP, CISM, CEH, and ISO27001LI certifications. He is an instructor of PECB for the ISO27001 Introduction, Foundation and Lead Implementer courses.
Link of the recorded session published on YouTube: https://youtu.be/sLfAarQ8cf0
Over the last 5 years, Data Centers, your most important asset, have evolved massively. The pace of change continues to ramp with new Architectures, Virtualization, Fabrics and Clouds. How do you evolve your data centers and ensure they are secure, and prove they are secure, for compliance and audit? Using a practical and pragmatic approach, we will present and demonstrate how Cisco can help you tackle your security challenges, leveraging the intelligent network infrastructure and the broadest security portfolio in the industry (ASA5585, ASA SM, ASA 1000v, VSG and TrustSec with ISE).
This document provides a mapping between the requirements of ISO/IEC 27001:2005 and ISO/IEC 27001:2013. It includes tables that map the ISMS requirements and Annex A controls between the two versions, noting new, unchanged, deleted and reverse requirements. The purpose is to provide guidance on the changes between the standards.
Iso iec 27001 foundation training course by interpromMart Rovers
What is involved with the ISO/IEC 27001 Foundation certification training course? Learn about the course curriculum, target audience, duration, formats, exam, fees and much more.
Industrial control systems (ICS) are used to control industrial processes and manufacturing equipment. They face unique security challenges compared to traditional IT systems due to their real-time operation and custom hardware and software. This document discusses several past ICS cyber attacks and identifies vulnerabilities in ICS security architecture, configuration management, patch management, and change testing. Proper ICS security requires a cross-functional team approach and careful management of the specialized ICS environment.
Explores:
1. Introduction to Privacy Regimes in the United States and Abroad
2. Mobile Applications and Devices
3. Lawful Collection and Use of “Big Data”
4. International Privacy and Cross-Border Data Transfers
5. Data Security Requirements and Data Breach Response
6. IT Outsourcing and the Cloud
7. Recent Developments and Emerging Issues
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.Jerimi Soma
(Remarks) This presentation is not affiliated with any company I have been associated with, either now or in the past. Additionally, no copyrights have been violated. However, I cannot guarantee the accuracy of this information, and it may be subject to updates.
ISO27001:2022 must be applied to the organizations before October 2025 if your organization has currently certified with the previous version; 2013 !
Access control is the process of granting or denying access to resources or services on a computer system or network. There are four main access control models: mandatory access control, discretionary access control, role-based access control, and rule-based access control. Access control can be implemented through logical methods like access control lists, group policies, account restrictions, and passwords or through physical methods such as locks, mantraps, video surveillance, and access logs. Strong access control policies and practices help ensure only authorized access and prevent security breaches.
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
According to Technavio's latest market research report, the data security market value will grow by $2.85 Billion during 2021-2025.
To secure their data, organizations can use the CIA triad, a data security model developed to help the data security market and people deal with various IT security parts.
The webinar covers
• Overview Of CIA
• Description of Data Governance vs Information Security vs Privacy
• Relationship of CIA to Data Governance
• Relationship of CIA to Information Security
• Relationship of CIA to Privacy
• How to Implement and Maintain the CIA model (e.g., PDCA, etc.)
Presenters:
Anthony English
Our presenter for this webinar is Anthony English, one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance.
Date: November 17, 2021
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/eA8uQhdLZpw
Website link: https://pecb.com/
This document provides an overview and agenda for a presentation on ISO 27001 and information security management systems (ISMS). It introduces key terms like information security, the CIA triad of confidentiality, integrity and availability. It describes the components of an ISMS like policy, procedures, risk assessment and controls. It explains that ISO 27001 specifies requirements for establishing, implementing and maintaining an ISMS. The standard is popular because it can be used by all organizations to improve security, comply with regulations and build trust. Implementing an ISMS also increases awareness, reduces risks and justifies security spending.
The document discusses various physical security threats and controls for protecting information systems within a facility. It covers topics like access controls, fire detection and suppression systems, environmental controls, and power management. Maintaining physical security is important as gaining access to computer equipment or data centers can easily defeat logical security controls. Regular testing and maintenance of security systems and infrastructure helps ensure the continued protection of organizational assets.
In this article I will provide an Overview of A new Information Security Management System
Standard ISO/IEC 27001:2013 , The new standard just Published from a few Days Earlier .
ISO/IEC 27001:2013 Provides requirements for Establishing, Implementing, Maintaining
and Continually Improving an Information Security Management System.
ISO/IEC 27001:2013 gives Organization a Perfect Information Security management framework for implementing
and maintaining security.
In this Article, I tried to shed some light on new standard and its Mandatory Requirements, Optional Requirements ,
Structure , Benefits , Certification Process and Estimated time for Implementation and Certification.
This document provides an agenda and overview for implementing an Information Security Management System (ISMS) using an ISMS Implementation Toolkit. It discusses what an ISMS toolkit is and important considerations when using one. It then lists the top 5 ISMS toolkits and provides details on the author's own toolkit. Finally, it outlines a 20+1 step process for implementing an ISMS using the toolkit, with each step briefly described.
The document discusses ISO 27001 certification, which establishes requirements for an information security management system (ISMS). It outlines the various clauses of ISO 27001:2022 such as leadership, planning, support, operation, performance evaluation, and improvement. The presentation also covers topics like audit stages, organizational controls, physical controls, and the purpose of threat intelligence as it relates to ISO standards.
This document discusses requirements for physical and information security systems for data centers. It outlines two major types of protection: physical security, involving safeguarding assets and personnel through controls like access points, alarms and cameras; and information security, protecting data through measures such as firewalls, antivirus software and identity management. The document provides steps for physical security including site placement, utilities redundancy, and access limitations. It also presents examples of Cisco security products that can be used like the ASA firewall and NAC appliance for network admission control.
Secure by Design - Security Design Principles for the Working ArchitectEoin Woods
As our world becomes digital, the systems we build must be secure by design. The security community has developed a well-understood set of principles used to build systems that are secure (or at least securable) by design, but this topic often isn’t included in the training of software developers. And when the principles are explained, they are often shrouded in the jargon of the security engineering community, so mainstream developers struggle to understand and apply them.
This talk explains why secure design matters and introduces 10 of the most important proven principles for designing secure systems, distilled from the wisdom of the security engineering community.
ISO/IEC 27032 – Guidelines For Cyber SecurityTharindunuwan9
ISO/IEC 27032 provides guidelines for cybersecurity and defines cyberspace as the interaction of people, software, and technology services globally. It aims to emphasize the role of security across information, networks, the internet, and critical infrastructure. The standard establishes a framework for trust, collaboration, information sharing, and technical integration between stakeholders in cyberspace.
Policy template for reference. This contains some specific additions that strengthens the password policy. For a robust and generic password policy, do get in touch.
All about Firewalls ,IPS IDS and the era of UTM in a nutshellHishan Shouketh
The Following report shows the Evolution of the fire wall from the most basic technology’s used to current methods and technological advances in modern firewall design. The author has referred to many articles and related website to get data in to this report. Purpose was to see how the changing modern network infrastructure and the new type of working patterns has affected the firewall technology and design.
The study has on this report has researched the modern network security threats, and what type of measures has been taken to overcome these issues throng the existing firewall technology’s.
Results has shown that modern network needs a multilayered security architecture to protect network environments conclusion was to use the UTM and Next generation firewalls to solve to problem.
Report Also Suggest the new paradigm on Cloud firewall services NBFW (Network base firewall services) as a Solution for ever-growing Security needs
Over the last 5 years, Data Centers, your most important asset, have evolved massively. The pace of change continues to ramp with new Architectures, Virtualization, Fabrics and Clouds. How do you evolve your data centers and ensure they are secure, and prove they are secure, for compliance and audit? Using a practical and pragmatic approach, we will present and demonstrate how Cisco can help you tackle your security challenges, leveraging the intelligent network infrastructure and the broadest security portfolio in the industry (ASA5585, ASA SM, ASA 1000v, VSG and TrustSec with ISE).
This document provides a mapping between the requirements of ISO/IEC 27001:2005 and ISO/IEC 27001:2013. It includes tables that map the ISMS requirements and Annex A controls between the two versions, noting new, unchanged, deleted and reverse requirements. The purpose is to provide guidance on the changes between the standards.
Iso iec 27001 foundation training course by interpromMart Rovers
What is involved with the ISO/IEC 27001 Foundation certification training course? Learn about the course curriculum, target audience, duration, formats, exam, fees and much more.
Industrial control systems (ICS) are used to control industrial processes and manufacturing equipment. They face unique security challenges compared to traditional IT systems due to their real-time operation and custom hardware and software. This document discusses several past ICS cyber attacks and identifies vulnerabilities in ICS security architecture, configuration management, patch management, and change testing. Proper ICS security requires a cross-functional team approach and careful management of the specialized ICS environment.
Explores:
1. Introduction to Privacy Regimes in the United States and Abroad
2. Mobile Applications and Devices
3. Lawful Collection and Use of “Big Data”
4. International Privacy and Cross-Border Data Transfers
5. Data Security Requirements and Data Breach Response
6. IT Outsourcing and the Cloud
7. Recent Developments and Emerging Issues
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.Jerimi Soma
(Remarks) This presentation is not affiliated with any company I have been associated with, either now or in the past. Additionally, no copyrights have been violated. However, I cannot guarantee the accuracy of this information, and it may be subject to updates.
ISO27001:2022 must be applied to the organizations before October 2025 if your organization has currently certified with the previous version; 2013 !
Access control is the process of granting or denying access to resources or services on a computer system or network. There are four main access control models: mandatory access control, discretionary access control, role-based access control, and rule-based access control. Access control can be implemented through logical methods like access control lists, group policies, account restrictions, and passwords or through physical methods such as locks, mantraps, video surveillance, and access logs. Strong access control policies and practices help ensure only authorized access and prevent security breaches.
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
According to Technavio's latest market research report, the data security market value will grow by $2.85 Billion during 2021-2025.
To secure their data, organizations can use the CIA triad, a data security model developed to help the data security market and people deal with various IT security parts.
The webinar covers
• Overview Of CIA
• Description of Data Governance vs Information Security vs Privacy
• Relationship of CIA to Data Governance
• Relationship of CIA to Information Security
• Relationship of CIA to Privacy
• How to Implement and Maintain the CIA model (e.g., PDCA, etc.)
Presenters:
Anthony English
Our presenter for this webinar is Anthony English, one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance.
Date: November 17, 2021
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/eA8uQhdLZpw
Website link: https://pecb.com/
This document provides an overview and agenda for a presentation on ISO 27001 and information security management systems (ISMS). It introduces key terms like information security, the CIA triad of confidentiality, integrity and availability. It describes the components of an ISMS like policy, procedures, risk assessment and controls. It explains that ISO 27001 specifies requirements for establishing, implementing and maintaining an ISMS. The standard is popular because it can be used by all organizations to improve security, comply with regulations and build trust. Implementing an ISMS also increases awareness, reduces risks and justifies security spending.
The document discusses various physical security threats and controls for protecting information systems within a facility. It covers topics like access controls, fire detection and suppression systems, environmental controls, and power management. Maintaining physical security is important as gaining access to computer equipment or data centers can easily defeat logical security controls. Regular testing and maintenance of security systems and infrastructure helps ensure the continued protection of organizational assets.
In this article I will provide an Overview of A new Information Security Management System
Standard ISO/IEC 27001:2013 , The new standard just Published from a few Days Earlier .
ISO/IEC 27001:2013 Provides requirements for Establishing, Implementing, Maintaining
and Continually Improving an Information Security Management System.
ISO/IEC 27001:2013 gives Organization a Perfect Information Security management framework for implementing
and maintaining security.
In this Article, I tried to shed some light on new standard and its Mandatory Requirements, Optional Requirements ,
Structure , Benefits , Certification Process and Estimated time for Implementation and Certification.
This document provides an agenda and overview for implementing an Information Security Management System (ISMS) using an ISMS Implementation Toolkit. It discusses what an ISMS toolkit is and important considerations when using one. It then lists the top 5 ISMS toolkits and provides details on the author's own toolkit. Finally, it outlines a 20+1 step process for implementing an ISMS using the toolkit, with each step briefly described.
The document discusses ISO 27001 certification, which establishes requirements for an information security management system (ISMS). It outlines the various clauses of ISO 27001:2022 such as leadership, planning, support, operation, performance evaluation, and improvement. The presentation also covers topics like audit stages, organizational controls, physical controls, and the purpose of threat intelligence as it relates to ISO standards.
This document discusses requirements for physical and information security systems for data centers. It outlines two major types of protection: physical security, involving safeguarding assets and personnel through controls like access points, alarms and cameras; and information security, protecting data through measures such as firewalls, antivirus software and identity management. The document provides steps for physical security including site placement, utilities redundancy, and access limitations. It also presents examples of Cisco security products that can be used like the ASA firewall and NAC appliance for network admission control.
Secure by Design - Security Design Principles for the Working ArchitectEoin Woods
As our world becomes digital, the systems we build must be secure by design. The security community has developed a well-understood set of principles used to build systems that are secure (or at least securable) by design, but this topic often isn’t included in the training of software developers. And when the principles are explained, they are often shrouded in the jargon of the security engineering community, so mainstream developers struggle to understand and apply them.
This talk explains why secure design matters and introduces 10 of the most important proven principles for designing secure systems, distilled from the wisdom of the security engineering community.
ISO/IEC 27032 – Guidelines For Cyber SecurityTharindunuwan9
ISO/IEC 27032 provides guidelines for cybersecurity and defines cyberspace as the interaction of people, software, and technology services globally. It aims to emphasize the role of security across information, networks, the internet, and critical infrastructure. The standard establishes a framework for trust, collaboration, information sharing, and technical integration between stakeholders in cyberspace.
Policy template for reference. This contains some specific additions that strengthens the password policy. For a robust and generic password policy, do get in touch.
All about Firewalls ,IPS IDS and the era of UTM in a nutshellHishan Shouketh
The Following report shows the Evolution of the fire wall from the most basic technology’s used to current methods and technological advances in modern firewall design. The author has referred to many articles and related website to get data in to this report. Purpose was to see how the changing modern network infrastructure and the new type of working patterns has affected the firewall technology and design.
The study has on this report has researched the modern network security threats, and what type of measures has been taken to overcome these issues throng the existing firewall technology’s.
Results has shown that modern network needs a multilayered security architecture to protect network environments conclusion was to use the UTM and Next generation firewalls to solve to problem.
Report Also Suggest the new paradigm on Cloud firewall services NBFW (Network base firewall services) as a Solution for ever-growing Security needs
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Data breaches
- Notification rules
- Supervisory authorities
- EU Data Protection Board
View the webinar here: https://www.youtube.com/watch?v=eww0D_y6Hfo
Be careful what you wish for! How the GDPR even now it has been finalised may not solve the key problems of rthe tech community of what is personal data and what is anonymised/pseudonymous.
The Practical Impact of the General Data Protection RegulationGhostery, Inc.
The document provides an overview of the General Data Protection Regulation (GDPR) and its impact on digital advertising. It discusses GDPR's aim to give individuals more control over their personal data and create a single set of privacy rules across the EU. The GDPR will increase obligations for companies, including strengthened consent requirements, data subject rights, and accountability measures. It will also allow for fines of up to 20 million euros or 4% of global revenue. The document also summarizes Ghostery's privacy tools and an industry initiative to enhance ad transparency and user control in compliance with the GDPR.
L'Antica Innovazione - Le Arti Marziali per il miglioramento delle performanceWalter Allievi
Presentazione a cura di Vincenzo Mariano, Pietro Martoccia e Massimiliano Sinisgalli, studenti della Facoltà di Economia all'Università della Basilicata. La presentazione è stata portata come project work al corso di Gestione dei Progetti tenuto dal professor Giovanni Schiuma. Il lavoro ipotizza un possibile scenario applicativo per le Arti Marziali come strumento per il miglioramento delle performance in Azienda.
The GDPR replaces the EU Data Protection Directive and introduces stricter regulations around personal data processing and privacy. It applies to all companies that handle the personal data of EU residents, regardless of the company's location. Under the GDPR, companies face heavier obligations like obtaining consent to collect personal data, appointing a data protection officer, implementing security measures, notifying about data breaches, and heavy fines for noncompliance. It also expands individuals' privacy rights regarding their personal data.
Este documento describe una prueba llamada Cubos de Kohs que evalúa la habilidad de integrar y analizar estímulos visuales y formar volúmenes en niños de 5 a 20 años. La prueba utiliza 16 cubos de colores y 16 tarjetas con figuras de colores que el niño debe replicar usando los cubos. Se observa si el niño puede nombrar los colores y construir las figuras en un plano horizontal dentro de un tiempo límite para asignar puntajes.
Succeeding with Hybrid SharePoint (includes new Cloud SSA material)Jeff Fried
Session by Jeff Fried at SPS Toronto on Sept 19 2015
Focusing on hybrid sharepoint - strategy and implementation.
Special attention to new Cloud Hybrid Search and Cloud SSA, including examples, what the gaps are, and how to address them.
El documento presenta 3 problemas matemáticos relacionados con el cálculo de áreas y volúmenes. El primer problema pide hallar el área de la región entre las curvas f(x) = x2 - 1 y g(x) = 2x + 2. El segundo, calcular el volumen del sólido generado al girar la región entre f(x) y g(x) en torno a la recta y = 1. Y el tercero, calcular el volumen al girar la región entre xy = e^2 y xy = 1 en torno al eje x.
This document summarizes a study on the synthetic production of antimicrobial peptides (AMPs) in E. coli. The purpose is to create an AMP production system in E. coli to test yield and purification parameters. Three AMPs were chosen - Spheniscin from penguins, WAM-1 from wallabies, and OH-CATH(3-34) from cobras. DNA containing the AMPs was inserted into a plasmid vector and transformed into E. coli cells. Two constructs containing Spheniscin and OH-CATH(3-34) were successfully produced, while the WAM-1 construct is still in progress. Future work includes optimizing purification, inducing AMP production
Moodle es un sistema de gestión de aprendizaje (LMS) que permite administrar y distribuir actividades de formación de manera presencial, semipresencial o virtual. Proporciona recursos como documentos descargables, páginas web y glosarios, así como actividades como foros, chats y tareas. Las aulas virtuales en Moodle contienen bloques de contenido, información y administración para organizar la información y comunicación del curso según el formato configurado.
El documento presenta una evaluación de análisis numérico que consiste en 3 problemas. El primero usa el método de Newton-Raphson para aproximar la raíz cuadrada de 2. El segundo usa el método de iteración del punto fijo para aproximar la raíz cuadrada de 3. El tercero completa una tabla con aproximaciones numéricas, errores absolutos y errores relativos.
Josef Haik MD MPH, Eyal Winkler MD, Nimrod Farber MD, Moti Harats MD, Oren Weissman MD
Department of Plastic and Reconstructive Surgery and The Burn Unit, Sheba Medical Center
ISRAEL
Este documento describe diferentes tipos de formatos de imágenes, incluyendo BMP, GIF, JPEG, PNG, PSD, RAW y TIFF. BMP es un formato de mapa de bits usado originalmente por Windows. GIF es un formato antiguo que permite 256 colores y animaciones. JPEG es uno de los formatos más populares para fotos digitales con millones de colores. PNG fue creado para reemplazar a GIF y admite transparencias. PSD es el formato nativo de Photoshop para edición de imágenes con capas. RAW contiene todos los píxe
Gdg 2019 artificial intelligence, sviluppo web... le nuove regole del giocoDaniele Mondello
Dev Fest Mediterranean Le normative nelle nuove tecnologie. Come cambia lo scenario con le regole AGID. Le sfide dell'intelligenza artificiale. Il software come dispositivo medico.
The Dark Side of the GDPR: dalla compliance alla formazionePar-Tec S.p.A.
In occasione dell’evento "The Dark Side of the GDPR: la sicurezza in mostra" gli esperti Par-Tec e Sophos hanno presentato il nuovo Regolamento europeo sulla protezione dei dati personali mediante l’analisi di un interessante caso di studio e delle principali contromisure normative ed organizzative, antropiche (la formazione) e tecnologiche.
I punti trattati durante la presentazione sono:
- Compliance
- Introduzione al GDPR
- Presentazione di un caso di studio
- Il ruolo del DPO
- Tecnologia
- Le tecnologie a difesa del dato
- Full-disk e File encryption
- Endpoint Protection
- Enterprise Mobility Management
- Formazione
- Offerta Educational e Linea Security
- Presentazione corso GDPR
Per saperne di più, scaricate le slide e guardate il video integrale della presentazione su https://www.par-tec.it/the-dark-side-of-the-gdpr-dalla-compliance-alla-formazione
Piattaforme Industry4.0 pronte per l'applicazione in industria, logistica e b...Davide Gazzotti
Clickode ha messo a punto 2 piattaforme tecnologiche pronte per realizzare PoC in ambito Industry 4.0 e Bulding Automation: ClickIoT per realizzare manutenzioni predittive e ClickLocate per localizzare merci e persone all'interno di sistemi logistici, produttivi e commerciali. Queste piattaforme abilitano l'implementazione dei principi dell'Industry 4.0 in qualsiasi realtà.
Siamo davvero entrati nella quarta rivoluzione industriale? È una domanda che negli ultimi tempi si stanno ponendo imprese, governi ed esperti, a partire dal 2011 quando il termine Industry 4.0 è entrato nel lessico socio economico. Negli ultimi decenni abbiamo assistito ad una crescente evoluzione globale del ruolo dell’automazione industriale all’interno dei network logistici, con la crescente necessità di nuove tecnologie e soluzioni.
La sua importanza ha portato i fornitori di soluzioni di material handling, quali CASSIOLI, ad una continua e attenta analisi dei dati volta ad un costante aumento in termini di sviluppo tecnologico ed informatico.
Il Dott. Bruno Belluccia con il suo intervento introduttivo in occasione dell'evento "Industria 4.0, tecnologie abilitanti" tenutosi giorno 12-04-2017 presso la sala congressi ASI di Gela.
L'evento è stato realizzato da SB engine srl, Comune di Gela e il Google Developer Group
MySQL Day Roma 2018 - Il GDPR e le tecnologie a protezione dei dati personaliPar-Tec S.p.A.
In occasione del MySQL Day 2018 di Roma il TechAdvisor Michelangelo Uberti ha fornito una panoramica delle contromisure tecnologiche a protezione del dato.
I punti trattati durante la presentazione sono:
- Presentazione dell’offerta Par-Tec dedicata a MySQL Enterprise Edition
- Le misure da adottare per essere compliant al GDPR
- La formazione ed i corsi Par-Tec Educational
- Le tecnologie a difesa del dato
Per saperne di più, scaricate le slide e guardate il video della presentazione del nostro TechAdvisor su https://www.par-tec.it/il-gdpr-e-le-tecnologie-a-protezione-dei-dati-personali
I controlli della ISO 27002:2014 nei reparti produttivi delle aziendeciii_inginf
Impianti industriali sotto attacco - come le tecnologie informatiche possono aumentare la sicurezza in ambito produttivo.
Il Sistema di Gestione della Sicurezza delle
Informazioni nei Reparti Produttivi - Standard di sicurezza e norme della famiglia ISO 27000.
Presentazione a cura di ing Fabrizio Di Crosta
NetApp Webinar: 100 Days to GDPR: La guida pratica di NetAppNetApp
A partire dal 25 maggio 2018 le aziende dovranno essere compliant alla normativa GDPR . in questo webinar Insieme a Varonis abbiamo fatto il punto sulla roadmap per la compliance.
Innovazione di processo e infrastrutturale per la gestione degli indicatori delle statistiche economiche e degli aggregati di Contabilità nazionale
http://www.istat.it/it/archivio/193422
CCI2017 - Security Best Practices e novità in Windows Server 2016 - Ermanno G...walk2talk srl
Negli ultimi anni la sicurezza informatica è diventata una delle principali componenti delle moderne infrastrutture informatiche.
Per rendere sicura un'infrastruttura informatica occorre un'attenta analisi dell'attuali minacce informatiche e della loro possibile evoluzione e l'applicazione delle best practices per la protezione e il monitoraggio.
Nella sessione verrà anche analizzato come Windows Server 2016 e Microsoft Advanced Threat Analytics può aiutarci nell'hardening dell'infrastruttura.
Per richiedere accesso al canale contenente le registrazioni audio/video delle sessioni tecniche di Cloud Conference Italia 2017 compila il seguente form:
https://goo.gl/Fq6DQE
Customer digital identity and consent managementFrancesco Faenzi
Data is the new oil. Una privacy strategy sui customer data è un business enabler. Il Digital Trust è il passo "oltre la privacy" fondato sulla "consegna delle chiavi del forziere della fiducia" nelle mani del cliente stesso:"you are in control of your data".
MySQL Day Milano 2017 - Dalla replica a InnoDB Cluster: l’HA secondo MySQLPar-Tec S.p.A.
In occasione del MySQL Day 2017 di Milano il TechAdvisor Michelangelo Uberti ha fornito una panoramica delle soluzioni native di alta disponibilità di MySQL.
I punti trattati durante la presentazione sono:
- Presentazione dell’offerta Par-Tec dedicata a MySQL Enterprise
- High Availability: cause, esigenze, aspettative
- Funzionamento, benefici e limiti dei principali approcci:
- Replica tradizionale
- MySQL Cluster
- MySQL Group Replication
- La novità: MySQL InnoDB Cluster
Per saperne di più, scaricate le slide e guardate il video della presentazione del nostro TechAdvisor su https://www.par-tec.it/dalla-replica-a-innodb-cluster-l-ha-secondo-mysql-milano
2. - -
SOMMARIO
- -
2
Big Data &
Analytics C.C. 4
Test Data
management
3 GDPR
2
1
Big Data &
Analytics C.C.
Aubayincifre
5
Persistent
Data Masking
6
Approccio
Aubay
6. - -- -
COMPETENCE CENTER BIG DATA & ANALYTICS
24/11/20166
Il Competence Center Big Data & Analytics rappresenta la struttura fondata con lo scopo di erogare
servizi legati all’ambito dell’Enterprise Information Management.
Dalla realizzazione di reporting per il management alla costruzione di architetture Big Data, il
nostro approccio è comunque caratterizzato da pragmatismo, indipendenza tecnologica ed
integrazione tra soluzioni tecnologiche e business requirements, in modo da raggiungere la
massima efficacia con il minor “costo”.
Caratteristiche
Dal disegno strategico fino alla gestione delle
applicazioni siamo in grado di fornire un’ampia
gamma di servizi per aiutare le aziende a sviluppare le
capacità analitiche necessarie per l’analisi dei dati e la
creazione del valore.
7. - -- -
Competence Center Big Data & Analytics
Data Governance Business Intelligence CPMData Integration
DL & Meta Data
Management
Data Quality
& MDM
Test Data
Management
Data
Warehousing
Data
Virtualization
Big Data Lake
Query &
Reporting
OLAP&DD
Business
Analytics
Budgeting &
Forecasting
Pianificazione
Finanziaria
Dashoboard &
Scorecard
COMPETENZE CORE
7 24/11/2016
9. - -- -
GENERAL DATA PROTECTION REGULATION (1)
24/11/20169
GDPR
4 Maggio 2016 24 Maggio 2016 25 Maggio 2018
Pubblicazione in
Gazzetta Ufficiale
Europea
Entrata in vigore Piena applicazione
IL GDPR disciplina il trattamento dei dati personali
dei cittadini appartenenti alla EU.
I dati personali devono essere trattati solo se si verificano le seguenti condizioni:
TRASPARENZA
FINALITÀ
LEGITTIMA
PROPORZIONALITÀ
Queste condizioni non si verificano durante la creazione di ambienti di test a partire dai dati di
produzione, che comporta seppur non intenzionalmente una divulgazione dei dati personali a categorie
di utenti non autorizzate al trattamento.
10. - -- -
GENERAL DATA PROTECTION REGULATION (2)
24/11/201610
Per adeguarsi alla normativa è necessario rendere anonime le informazioni personali durante la
creazione degli ambienti di test, attraverso il processo di Persistent Data Masking.
Aubay vanta una forte esperienza sui processi
di Data Masking acquisita su importanti clienti
quali:
• Intesa San Paolo
• Allianz
• ….
Abbiamo così svilupparto un framework di
riferimento per il General Data Protection
Regulation, che consente di industrializzare il
processo di mascheramento dei dati.
12. - -- -
Cloning or Subsetting
CREAZIONE DI AMBIENTI DI TEST
24/11/201612
Source Applications
and Databases
Non-production
Environments
13. - -- -
SUBSETTING
24/11/201613
Obiettivo:
creare un ambiente con tutti e soli i dati necessari agli utenti nel minor tempo possibile
Tecniche
Riduzione dei tempi di test e analisi grazie al ridotto numero di dati
Riduzione dei tempi di popolamento degli ambienti
Riduzione della richiesta di risorse
Benefici
Restringere la scala temporale oppure selezionarla in particolari serie temporali
1
2
3 Escludere alcuni dati
Selezionare particolari combinazioni di caratteristiche/dimensioni sui dati
14. - -- -
MA STIAMO RISPETTANDO LA NORMATIVA?
L’attenzione alle problematiche di riservatezza dei dati personali
gestiti dalle aziende sui propri archivi elettronici è in forte
crescita.
Normative nazionali e internazionali (UE GDPR) sempre più
stringenti stanno portando le organizzazioni IT a mettere in atto
le misure volte a impedire il riconoscimento di soggetti anagrafici
e altre informazioni riservate, da parte di personale interno ed
esterno, che possa accedere agli archivi aziendali per scopi non
specificatamente di business.
Compliance
Officer
Siamo in regola con
le normative?
14 24/11/2016
16. - -- -
Cloning/Subsetting and
Persistent Data Masking
CREAZIONE DI AMBIENTI DI TEST E PERSISTENT DATA MASKING
24/11/201616
Source Applications
and Databases
Non-production
Environments
17. - -- - 24/11/201617
Proteggere i dati effettivi, pur avendo un sostituto funzionale per le
occasioni in cui non sono richiesto i dati reali.
Obiettivo
COS’È?
Il Persistent Data Masking (mascheramento dei dati) è una metodologia adottata per creare una
versione strutturalmente identica e simile ma non autentica dei dati di un'organizzazione che
possono, quindi, essere utilizzati per scopi quali test del software senza violare le leggi di
protezione dei dati personali.
18. - -- -
DETTAGLI
24/11/201618
Il Persistent Data Masking utilizza tecniche che permettono di modificare i dati esistenti in modo tale da
renderli irriconoscibili e quindi anonimi.
Il Persistent Data Masking non è però soltanto una banale operazione di sostituzione dei dati originali, se
non si presta la necessaria attenzione, tale sostituzione può introdurre molteplici inconsistenze, fino a
rendere una banca dati sostanzialmente inutilizzabile.
Principali Tecniche
Nulling or Truncating
1
2
3 Substitution
Scrambling or masking out
4
5
6
Shuffling
Encription
Number and date Variance
19. - -- -
Tabella Cliente Tabella Cliente
Tabella Prodotti Tabella Prodotti
Dati Originali Dati Mascherati
GARANTIRE L’INTEGRITÀ REFERENZIALE
Propagare i valori delle chiavi primarie in tutte le tabelle correlate mantenendo la
consistenza e l’integrità referenziale nei dati mascherati
Integrità
referenziale
mantenuta
24/11/201619
20. - -- -
CONSISTENZA DELLE INFORMAZIONI
La consistenza deve essere garantita per
applicazione:
nei sistemi che la compongono;
nei sistemi con cui collabora;
Il codice postale deve essere valido per:
Indirizzo;
numero di telefono;
L’età deve coincidere con la data di nascita;
Il codice fiscale deve essere consistente
rispetto alle informazioni anagrafiche.
Applicazione di fatturazione
Produzione
Test
DATA MASKING
24/11/201620
22. - -- -
APPROCCIO PROGETTUALE AUBAY
23/01/201722
• Importazione metadati
• Realizzazione
mascheramento
• Test di non regressione
Pilota
• Supporto sistemistico e
applicativo
Assistenza
Assessment
• Analisi del patrimonio
applicativo
• Definizione regole di
mascheramento
• Sw Selection
• Identificazione fase
pilota
• Rilascio ambienti
• Refresh periodico
• Audit periodico
ambienti di sviluppo e
test
Esercizio
• Definizione del
processo
• Adozione del tool
• Definizione procedure
operative
Organizzazione
23. - -- -
APPROCCIO METODOLOGICO AUBAY
Cloning/Subsetting and
Persistent Data Masking
Cloning/Subsetting and
Persistent Data Masking
DRIVE
24/11/201623
Source Applications
and Databases
Non-production
Environments
24. - -- -
TABELLA DRIVE
24/11/201624
Il contenuto della tabella DRIVE è il seguente:
tutti i campi mascherati;
tutte le chiavi di JOIN necessarie per legare le informazioni fra il SOURCE e la tabella DRIVE;
i flag di mascheramento che governano il processo.
La soluzione presenta i seguenti Punti di Forza:
disaccoppia la regola dal risultato della stessa;
consente di controllare e limitare il proliferare delle regole;
consente di garantire l’integrità referenziale fra i vari sistemi;
garantisce la coerenza con i dati iniziali;
è una soluzione completamente scalabile.
CONTENUTO
PUNTI DI FORZA
25. - -- -
METODOLOGIA
25
STEP
1 Individuazione dei dati da mascherare
Dati personali «anagrafici» relativi a persone
fisiche
Dati «anagrafici» relativi a persone giuridiche
24/11/2016
28. - -- -
METODOLOGIA
28
STEP
4 Individuazione degli ambienti in perimetro
Clone Multibanca Clone Multibanca
Clone Multibanca Clone
SWW/SVWWMOPxx
SWW/SVWWSTPxx
IDE di sviluppo SAPMOPxx
Visual Studio xxxx SAPSTPxx
MyEclipse vsxx
Repository RTC
Clone Multibanca
ClearCase UCM
G7TC - M ainframe 1
G71C - Cassaf. SW/ClearCasse 0
G72 C - D ip art iment ale 1
G7NC - M aster Test 0
WebServer WebLogic Settimo
Qmanager
Certificazione/MIGIndipendent Test
Note
Cloni Temporanei
Cloni Permanenti
Formazione/Addestramento
Produzione
WebServer Apache M oncalieri TWS
SAPSTTxx
SAPMOTxx
SWW/SVWWSTTxx
SWW/SVWWMOTxx
TQ*
Dipendente da progetto
New Appl/Facoltativo
Passaggi con UDC
Sviluppo
Condiviso
Ambiente
POUN
System Test/Collaudo
WebServer Apache Settimo
WebServer WebLogic M oncalieri
Application Test
SWW/SVWWMOSxx
SWW/SVWWSTSxx
SAPMOSxx
SAPSTSxx
SQ*
Direzione Sistemi Informativi – Servizio Infrastrutture Tecnologiche
Gestioni Operative - Gestione Ambienti di Test
AMBIENTI di SVILUPPO e TEST
Ad ogni progetto viene assegnato un DB che può essere personalizzato o generico
(calderone).
Il DB può essere Oracle o MS SQL. (Questi hanno metodi di accesso diversificati e quindi si
differenzia la modalità di copia dati.)
Per accedere è necessario avere le abilitazioni e i parametri autorizzativi, cioè UTENZA, (nome
macchina) e ISTANZA, dati che sono censiti in GSS Desktop (ex Omnia).
PIATTAFORMA DIPARTIMENTALE - Aggiornamento del 18/09/2013
N
O
T
E
24/11/2016
31. - -- -
FLUSSO LOGICO DEL TEMPLATE DI PROCESSO - DIRETTA
31
SOURCE
Check
PRE
JOIN
SI
Leggo da DRIVE
dato MASCHERATO
Check
POST
JOIN
SI
TARGET
MASK=S
SI
SCRIVO DATO
MASHERATO
NO
SCRIVO DATO
IN CHIARO
MASCHERO CON
GLOSSARIO
SCRIVO DATO
MASHERATO
NO
24/11/2016
32. - -- -
FLUSSO LOGICO DEL TEMPLATE DI PROCESSO - ASSOCIATIVA
32
SOURCE
Check
PRE
JOIN
SI Leggo da DRIVE
dato MASCHERATO
Check
POST
JOIN
TARGET
MASK=S
SI
SCRIVO DATO
MASHERATO
NO
SCRIVO DATO
IN CHIARO
MASCHERO CON
GLOSSARIO
SCRIVO DATO
MASHERATO
NO
Check
SOURCE
24/11/2016
SI
SI
33. - -- -
COMPONENTI SW - CONSIGLIATI
Individuazione dei dati sensibili
E’ lo strunento (Es: Informatica Secure@Source) che consente di avere visibilità completa
dei dati sensibili e analizza e classifica il rischio che incombe sui dati sensibili.
Generatore di Regole
E’ lo strumento che consente la creazione ed esecuzione delle regole di mascheramento
delle informazioni anagrafiche
Designer
E’ l’ambiente che consente di disegnare i diversi flussi di processo che portano i dati dai
SOURCE verso i TARGET applicando le regole di mascheramento
Workflow
E’ l’ambiente che gestisce l’esecuzione dei mapping e dei processi di aggiornamento della
tabella DRIVE
Monitor
E’ lo strumento che consente di verificare l’esecuzione dei mapping richiesta dal workflow
Analyzer
E’ lo strumento che consente l’analisi dei dati di log prodotti dai singoli flussi mapping
eseguiti dal workflow
33 24/11/2016
34. - -- -
RIFERIMENTI
Giorgio David Jacchini
Professional Services Principal
Consultant
E-Mail: giorgio.jacchini@aubay.it
Mobile: +39.347,3872611
Oscar Russo
Head of Big Data & Analytics CC
E-Mail: oscar.russo@aubay.it
Mobile: +39.346.6815161
34 24/11/2016