Internet (or Cyber) Governance has a long way to go and is presently fraught with confusion - this being a global phenomenon. Then there is the Internet of Things coming up at top speed which means that we have to face up to the risks that come with the convenience ! A solution for governance and some insight into the IoT risks were presented at the Defcon-OWASP Conference in Lucknow (India) on February 22, 2015
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Dinesh O Bareja
Cybersecurity and cybercrime organizations must be created with great planning but that is not happening anywhere. In India we have a plethora of organizations sprouting up in every domain and we all know too many cooks spoil the broth. I make a case for governance at the national and state level and make the case for having a planned structure that will ensure good security, good response and offense too, if needed.
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
There are many (small) risks and threats which are frequently overlooked in an organization. The presentation takes a look at where Risks & Threats (RaT) come from and at the "Biggies" in the RaT Lists. We look at a few Frequently Overlooked Threats and Risks (FORT) and Course Correction Options and finally a few Case Studies to highlight FORTs
Bug bounty program offer numerous benefits to the sponsoring companies. Government organizations as well as private organizations will benefit if they have bug hunters sniffing around on their network.
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
Like all things cyber, insurance holds a lot of hope for risk mitigation. However, again, like all things cyber, there is a lot of unknown in the risk mitigation solution itself.
Incident management and response is a highly specialized job requiring the information Security professional to have multifaceted skills in technology, business, finance, HR and more. In fact the Incident Response professional needs to know so much in terms of technology, people skills or reaction time that he/she might as well be a superhuman!
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
Over 10,000 new cybersecurity technologies are developed each year yet we do not see a correlating decrease in cybersecurity threats. This is because cybersecurity isn’t a mere computer science problem. The most vulnerable part in the security chain is humans. But humans are also a valuable asset in countering cybersecurity threats. A kaleidoscope is constantly changing pattern or sequence of elements. In cyber we need to shake the kaleidoscope to create new ways of both identifying and solving problems.
This presentation will be somewhat unorthodox. Maurushat will weave a story through the thread of human behaviour and cybersecurity with the primary objective of making sense out of chaos. What do Mars Bars, Perestroika, Carrots, Transylvania, Robin Hood, Talin, Majong, Anti-Vaccination, the Mayor of Montreal, Tails and Pineapples have to do with cybersecurity?
In her presentation, Professor Maurushat encapsulates key human behaviour issues in cybersecurity based on 17 years of experience and research in ethical hacking, vulnerability markets, cybercrime investigations and cybersecurity policy consultation with governments and intelligence agencies.
There are no easy answers to cybersecurity challenges. However, this presentation will stimulate thinking about how to use the power of human behaviour to improve cybersecurity through emerging fields of behaviour data engineering, artificial intelligence, behavioural economics and neuro-diversity as evolution.
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Dinesh O Bareja
Cybersecurity and cybercrime organizations must be created with great planning but that is not happening anywhere. In India we have a plethora of organizations sprouting up in every domain and we all know too many cooks spoil the broth. I make a case for governance at the national and state level and make the case for having a planned structure that will ensure good security, good response and offense too, if needed.
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
There are many (small) risks and threats which are frequently overlooked in an organization. The presentation takes a look at where Risks & Threats (RaT) come from and at the "Biggies" in the RaT Lists. We look at a few Frequently Overlooked Threats and Risks (FORT) and Course Correction Options and finally a few Case Studies to highlight FORTs
Bug bounty program offer numerous benefits to the sponsoring companies. Government organizations as well as private organizations will benefit if they have bug hunters sniffing around on their network.
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
Like all things cyber, insurance holds a lot of hope for risk mitigation. However, again, like all things cyber, there is a lot of unknown in the risk mitigation solution itself.
Incident management and response is a highly specialized job requiring the information Security professional to have multifaceted skills in technology, business, finance, HR and more. In fact the Incident Response professional needs to know so much in terms of technology, people skills or reaction time that he/she might as well be a superhuman!
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
Over 10,000 new cybersecurity technologies are developed each year yet we do not see a correlating decrease in cybersecurity threats. This is because cybersecurity isn’t a mere computer science problem. The most vulnerable part in the security chain is humans. But humans are also a valuable asset in countering cybersecurity threats. A kaleidoscope is constantly changing pattern or sequence of elements. In cyber we need to shake the kaleidoscope to create new ways of both identifying and solving problems.
This presentation will be somewhat unorthodox. Maurushat will weave a story through the thread of human behaviour and cybersecurity with the primary objective of making sense out of chaos. What do Mars Bars, Perestroika, Carrots, Transylvania, Robin Hood, Talin, Majong, Anti-Vaccination, the Mayor of Montreal, Tails and Pineapples have to do with cybersecurity?
In her presentation, Professor Maurushat encapsulates key human behaviour issues in cybersecurity based on 17 years of experience and research in ethical hacking, vulnerability markets, cybercrime investigations and cybersecurity policy consultation with governments and intelligence agencies.
There are no easy answers to cybersecurity challenges. However, this presentation will stimulate thinking about how to use the power of human behaviour to improve cybersecurity through emerging fields of behaviour data engineering, artificial intelligence, behavioural economics and neuro-diversity as evolution.
Cybercrime is nothing new. What is different now is the intimacy, reach and size of those attacks. There are hundreds of billions in losses each year. This unsettling state of affairs has created a binary world with really only two kinds of companies: those that have been hacked and admit it, and those that have been hacked and don't admit it or don’t know it yet. Worse yet, for the vast majority of individuals, very few of us have been untouched whether we know it or not.
In NTT i³’s book “CyberCrime: Radically Rethinking the Global Threat,” Rich Boyer, Chief Architect for Security and Dr. Kenji Takahashi, VP Product Management for Security examine the current arms race between cybercriminals and their diverse and agile toolkits and the radically new approaches to cybersecurity that the enterprise must adopt to compete and win.
Models of Escalation and De-escalation in Cyber ConflictZsolt Nemeth
The cyber insecurity conundrum cuts across all things digital or networked. How can we prioritize defensive efforts across such a vast domain? This talk will describe a framework for engineering systems and policymaking based on the work factors for cyber attack and defense. After developing the work factor concept, it will be illustrated in several examples
The importance of understanding the global cybersecurity indexShivamSharma909
With the advent of modern technologies such as IoT, artificial intelligence, and cloud computing, there is a rapid increase in the number of interconnected devices globally. It has also increased the number of cyber-attacks and data breaches. As a result, cybercrime is a global concern, and appropriate solutions are essential if proper responses are to be found. The Global Cybersecurity Index (GCI) is one such instrument to control cybercrime and provide feedback.
https://www.infosectrain.com/blog/the-importance-of-understanding-the-global-cybersecurity-index/
Cyber Safety Mechanism: Introduction, brief Introduction about Policies involved in cyber safety mechanism and purpose of implementing cyber security model
Information Technology Law (Cyber Law): Evolution of the IT Act 2000 and Its amendments: Genesis and Necessity, advantages.
For Reference watch my YouTube Video - https://youtu.be/NqvNFwa0hQc
Hey Everyone!
This is my complete talk in a virtual conference for cybersecurity researchers that has been hosted by Bsides Maharashtra and thanks to them that they provided me an opportunity to share my thoughts and knowledge with passionate and budding cybersecurity researchers, Hackers, Bug Hunters, and geeks. My talk is all about the detailed explanation of AI in Cyber Security and this should be listened to by every Cyber Sec Person who wants to learn about How AI Can Help In Cyber Security. I have explained the most and every basic to advance information. So do give it a look and understand the concepts and share as much as you can. Thank you Bsides Maharashtra for inviting me. I am happy and excited to be a part of your event.
If you want to invite me for a webinar or conference connect
mail: hello@priyanshuratnakar.com or priyanshuratnakar@protonmail.com
vent details
Date - 25th to 27th November 2020
CTF
Workshop
Speaker session
website - https://bsidesmaharashtra.com/
Security BSides is a community-driven framework for building events by and for information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent BSides approved event for Delhi, India. We’re a volunteer organized event (we have no paid staff), and we truly strive to keep information accessible for everyone.
The idea behind the Security BSides Delhi is to organize an Information Security gathering where professionals, experts, researchers, and InfoSec enthusiasts come together to discuss. It creates opportunities for individuals to both presents and participates in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
Feel free to use the slide but give credit somewhere :)
Presented at the Master of Science and Doctor of Philosophy Programs in Data Science for Healthcare and Clinical Informatics, Department of Clinical Epidemiology and Biostatistics, Faculty of Medicine Ramathibodi Hospital, Mahidol University, Bangkok, Thailand on October 21, 2020
How communities can support and collaborate with public agencies in Disaster response. Provides an insight into our thinking about public private partnership and DR concepts
20090115
Cybercrime is nothing new. What is different now is the intimacy, reach and size of those attacks. There are hundreds of billions in losses each year. This unsettling state of affairs has created a binary world with really only two kinds of companies: those that have been hacked and admit it, and those that have been hacked and don't admit it or don’t know it yet. Worse yet, for the vast majority of individuals, very few of us have been untouched whether we know it or not.
In NTT i³’s book “CyberCrime: Radically Rethinking the Global Threat,” Rich Boyer, Chief Architect for Security and Dr. Kenji Takahashi, VP Product Management for Security examine the current arms race between cybercriminals and their diverse and agile toolkits and the radically new approaches to cybersecurity that the enterprise must adopt to compete and win.
Models of Escalation and De-escalation in Cyber ConflictZsolt Nemeth
The cyber insecurity conundrum cuts across all things digital or networked. How can we prioritize defensive efforts across such a vast domain? This talk will describe a framework for engineering systems and policymaking based on the work factors for cyber attack and defense. After developing the work factor concept, it will be illustrated in several examples
The importance of understanding the global cybersecurity indexShivamSharma909
With the advent of modern technologies such as IoT, artificial intelligence, and cloud computing, there is a rapid increase in the number of interconnected devices globally. It has also increased the number of cyber-attacks and data breaches. As a result, cybercrime is a global concern, and appropriate solutions are essential if proper responses are to be found. The Global Cybersecurity Index (GCI) is one such instrument to control cybercrime and provide feedback.
https://www.infosectrain.com/blog/the-importance-of-understanding-the-global-cybersecurity-index/
Cyber Safety Mechanism: Introduction, brief Introduction about Policies involved in cyber safety mechanism and purpose of implementing cyber security model
Information Technology Law (Cyber Law): Evolution of the IT Act 2000 and Its amendments: Genesis and Necessity, advantages.
For Reference watch my YouTube Video - https://youtu.be/NqvNFwa0hQc
Hey Everyone!
This is my complete talk in a virtual conference for cybersecurity researchers that has been hosted by Bsides Maharashtra and thanks to them that they provided me an opportunity to share my thoughts and knowledge with passionate and budding cybersecurity researchers, Hackers, Bug Hunters, and geeks. My talk is all about the detailed explanation of AI in Cyber Security and this should be listened to by every Cyber Sec Person who wants to learn about How AI Can Help In Cyber Security. I have explained the most and every basic to advance information. So do give it a look and understand the concepts and share as much as you can. Thank you Bsides Maharashtra for inviting me. I am happy and excited to be a part of your event.
If you want to invite me for a webinar or conference connect
mail: hello@priyanshuratnakar.com or priyanshuratnakar@protonmail.com
vent details
Date - 25th to 27th November 2020
CTF
Workshop
Speaker session
website - https://bsidesmaharashtra.com/
Security BSides is a community-driven framework for building events by and for information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent BSides approved event for Delhi, India. We’re a volunteer organized event (we have no paid staff), and we truly strive to keep information accessible for everyone.
The idea behind the Security BSides Delhi is to organize an Information Security gathering where professionals, experts, researchers, and InfoSec enthusiasts come together to discuss. It creates opportunities for individuals to both presents and participates in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
Feel free to use the slide but give credit somewhere :)
Presented at the Master of Science and Doctor of Philosophy Programs in Data Science for Healthcare and Clinical Informatics, Department of Clinical Epidemiology and Biostatistics, Faculty of Medicine Ramathibodi Hospital, Mahidol University, Bangkok, Thailand on October 21, 2020
How communities can support and collaborate with public agencies in Disaster response. Provides an insight into our thinking about public private partnership and DR concepts
20090115
As a Linked In member you are networking which is the reason why LI was set up. However you need to mind your manners when connecting. I got hassled with the Linked In connection requests and put this presentation together to get some people to understand the basics / essentials of good behavior (as I like it!)
A security awareness presentation created for an audience of senior officials from MTNL (India's foremost telecom PSU). The presentation covers fundamentals of Information Security, it's evolution, present day risks from the IT and Telecom infrastructure perspective.
Cyberwar, cyberwarfare are on everyone's lips but mean nothing as they are least understood and still need to be defined! Yet we have everyone who means something - standing on the rooftops and rattling their swords. The question is = is India ready - this is explored in the presentation. Indian institutions, cyber practices and the way ahead.
Information Security Management Education Program - Concept Document Dinesh O Bareja
Information security training is incomplete which ever way one sees it - the techie lacks a lot of stuff and so does the non-techie. This is a concept to make changes and build an education program which will actually create professionals having good skills.
Business - IT Alignment Increases Value Of ITDinesh O Bareja
Aligment of IT and business is a chimera and everyone is chasing it. Achieveing alignment will provide great value to the organization.
Presented at ISACA Annual Conference in Chennai.
Common sense is the most important element in Information Security and I am working in the IS domain! So who knows this better than me. The problem is the people (generally) and so many IS clients and professionals do not realize this simple fact.
I am prompted by this knowledge and realization gap to present Common Sense 101 - a compilation of CS resources from all over the net - hoping it makes sense to you and you benefit from it in your practice.
The term “Internet of Things” refers to all those objects or
devices of everyday life that are connected to the Internet
and that have some kind of intelligence.
Splunk Conf 2013 September 30-October 3 & Splunklive Denver.
Monitoring for the big "T". Learn how Ping Identity manages, deploys and monitors it's hybrid cloud SaaS applications using best of breed solutions. Tools and people create T = r + t, our philosophy for transparency and reliability.
Demonetization, IoT and related thoughts! by "Sherlin Mathew" from "Cogizant" The presentation was done at #doppa17 DevOps++ Global Summit 2017. All the copyrights are reserved with the author
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...Agile Testing Alliance
Pankaj Kumar who is a Principal Quality Engineer at Allscripts took a Session on "Security testing using ML(Machine learning), AI(Artifical intelligence), Deep learning(DL)" at Global Testing Retreat #ATAGTR2019
Please refer our following post for session details:
https://atablogs.agiletestingalliance.org/2019/12/05/global-testing-retreat-atagtr2019-welcomes-pankaj-kumar-as-our-esteemed-speaker/
WordCamp Europe 2019: From WordPress to Blockchain, 100% Open Source Future. ...Bas van der Lans
Keynote Sebastiaan van der Lans at WordCamp Europe 2019.
Start Timestamping content today: https://wordproof.io/start
https://2019.europe.wordcamp.org/session/from-wordpress-to-blockchain-the-future-is-100-open-source/
Presented at the Gartner Identity & Access Management Summit, London, Travis Greene discussed the opportunities and challenges of the Internet of Things (IoT), as well as the early indicators of what the IoT world will look like. He also addressed IoT security and privacy, and the critical role that identity will play in the future.
Crime Scene Investigation: Content – Who killed Enterprise Content Management? As consumer technology takes more attention, enterprise content management seems to have disappeared, particularly ECM. Presentation by John Newton was made at the Technology Services Group led by Dave Giordano at the University of Chicago Gleacher Center on 8 June 2011.
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?SahilRao25
Let's take a look at implementations of AI or machine learning in the cybersecurity world. To know more: https://www.softwarefirms.co/blog/ai-and-machine-learning-in-cybersecurity-a-saviour-or-enemy?utm_source=Social+media&utm_medium=Traffic&utm_campaign=SR
A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015bmcmenemy
A smarter, more secure Internet of Things?
We stand on the very brink of the most fundamental change in the way human beings use technology since the introduction of agriculture, over 6 thousand years ago. The Internet of Things will not just change our work or home, it will change every aspect of our lives, including redefining the very concepts of privacy, industry and government.
When something is so important, how can we build in the security and intelligence necessary? What are the key challenges we face? And what will an always on, hyperconnected world mean to the concept of identity itself?
In this presentation,we discuss the opportunities and challenges of the Internet of Things, as well as some of the early indicators of what the IoT world will look like. We also address thinking on security and privacy, and the critical role that the concept of identity will play in the future.
How the Switch to a Predominantly Remote Workforce Accelerated IT and Securit...Dana Gardner
Transcript of a discussion on how the rapid shift to remote work accelerated the digital transformation of a New York-based publishing organization to reduce risk while preserving a highly creative and distributed culture.
The Future for Smart Technology ArchitectsPaul Preiss
The future of software and even hardware is based in ever more complex abilities to adapt to highly dynamic change and input. The Internet of Things brings with it input from billions of sources locally and around the globe and for intelligent architects this represents an opportunity to create deep competitive advantage and customer loyalty.
The Japanese have used intelligent systems for years from cars to trains to vacuum cleaners and there will continue to be smarter and smarter systems. Architects around the world must include this thinking into their designs and strategies. Adaptive social networks, individually designed health care, just in time 3d printing are only some of the components of this coming era.
How to include smart system thinking into designs
How to get started with smart tools like inferencing, fuzzy, neural and other technologies
When to think smart and when to avoid
Possible outcomes to strive for today in preparing your architecture for the age of smart systems
Similar to Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India (20)
WFH Cybersecurity Basics Employees and Employers Dinesh O Bareja
Work from home (WFH) is the new normal. The covid19 pandemic, has thrown everyone, across the world into a struggle (and challenge) for survival. While we stand up to the challenge, we have to set our rules for WFH, with cybersecurity safeguards.
Changes in the world have brought about changes in our lives and at present there are events that are making huge changes. Cyber security demands will also change as we come out into a new world order. We look at skills needed.
Basics in IT Audit and Application Control Testing Dinesh O Bareja
IT Audit and Application Control Testing are large and complex activities in themselves, and it is my presentation to share the basics here, based on my own experience and using guidance from IIA GTAGs.
India Top5 Information Security Concerns 2013Dinesh O Bareja
Indian Information Security scenario, and the global one too, leaves much to be desired - this report covers concerns about InfoSec in this year. A straightforward document with lots of practical insights about what ails Information and Data Security in Government, Business and Users.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
1. The Future of
Cyber Risks
Internet of Things
Cyber Governance
&
Lucknow (India),February 22nd, 2015
Dinesh O Bareja
db@dineshbareja.com
2. This is a Web Distribution Version
• This presentation has been optimized for distribution via the web as a PDF which means that animation panes have been
deleted and expanded. This will allow full content on animated slides to be visible and readable
• The intent is to make sure that the animations do not appear with unreadable clutter
• The images that have been used are sourced freely from the Internet using multiple search resources. Our logic is that if your
creations are searchable then they are usable for representation AND we never use any such images in ANY of our commercial
works
• All our works that are put up as ‘distribution’ versions are published under Creative Commons license and are non-commercial –
these are available for download from common document sites on the internet or from our website
• If some images are deleted (due to watermarked copyright notices or stringent usage policies) the slide will only show a
hyperlink to it. You can follow the link to see the image.
• This is done if I have received an objection or a take-down notice from the copyright owner
• I/We make every effort to include a link or name to the copyright owner of the image(s) that have been used in this presentation
and please accept our sincere apologies in case any image has not been individually acknowledged
• Copyright notices or watermarks are not removed from images or text which are not purchased, however, we may say that
practically all text is our own creation
• Inspite of all the above and other declarations, if you have objections to the use (as owner of any of the IP used in this
presentation / paper) you may please send an email to us and we shall remove the same right away (please do remember to
include your communication coordinates and the URL where you spotted this infringement
3. You should presume
that someday, we will be
able to make machines that
can reason, think and do
things better than we can.
-Sergei Brin, co-founder Google (07-2014)
’
‘
4. AGENDA
GOVERNANCE .. QUICK LOOK AT ISSUES
CHALLENGES AND OPTIONS
RISKS OF THE FUTURE… AS THEY TAKE BIRTH
TODAY - INTERNET OF THINGS
5. ABriefIntroduction
Dinesh O Bareja
CISA, CISM, ITIL, ISMS, Cert ERM, Cert IPR
• Principal Advisor – Pyramid Cyber Security & Forensic Pvt Ltd
• COO – Open Security Alliance
• Co-Founder – Indian Honeynet Project
• Member IGRC – Bombay Stock Exchange
• Ex Cyber Surveillance Advisor – CDRC (Jharkhand Police – Special Branch)
Enterprise & Government Policy Development;
Cyber Security Strategy, Design, Architecture;
Current State Security Assessment, Audit &
Optimization; Governance, Risk Management;
ABOUT ME
6. It is time the infosec community got up
to highlight weakness in governance
and THE thinking OF our government’s
on cyber security AT THE national AND
STATE LEVEL
And REALIZE THE
The increasing inability to control
(cyber) related incidents with the
looming threats of cyber war /
terrorism / espionage / crime
7.
8. …What is it (dictionary)
•government; exercise of authority control
•Governance (noun) - the persons (or
committees or departments etc.) who
make up a body for the purpose of
administering something;
GOVERNANCE
9. A body for the purpose
of administering
something;
SO Let Us Take A Look
At what We Have To
Govern…..
15. •Multiple organizations: LEA, Government,
Defence, Large Enterprises, NGOs etc. exist
and
•Everyone does their “own thing”
•All are ‘de facto’ experts
CurrentCYBERSTATE
16. •Everyone wants to protect his/herteir
thought, (ass)ets, technology
• And believes that his/her/their system is
handmade by God!
•SO…. Chaos and confusion reigns supreme
CurrentCYBERSTATE
17. •Multiple organizations: LEA, Government,
Defence, Large Enterprises, NGOs etc.
•Everyone does their “own thing”
•Protect my thought, (ass)ets, technology
•All are ‘de facto’ experts
•Everyone’s system in handmade by God!
•SO…. Chaos and confusion reigns supreme
CurrentCYBERSTATE
18. Way Ahead (my own thoughts)
•Cyber Security must be entrusted (at national
level) to one authority and organization
•Designate the President / PMO as C-in-C as this is
a frontier, a battleground
•Cybercrime, Terrorism, War, Attacks, Espionage,
Reputation, Information Exchange, Development
of Offensive Capabilities et al cannot be decided
upon by a NCSC
19. •I had done a presentation on
Governance a few years earlier and it
was as relevant as it was then as it is
now…
•Normally I do not use my old slides but I
find this is still an area which needs the
same old stuff…
20. •As per my agenda today I had said that we would
take a look at OPTIONS … Option in the middle of
all this confusion etc ….
•This is my own conceptual framework to bring
direction and order at a national / state level
•It may not be the silver bullet, but like I say if there
is good silver in the bullet at least we have started
the journey to kill the problem
21. • The concept presented may not be the silver
bullet,
• but
• like I say - if there is good silver in the bullet at
least we have started the journey to kill the
problem
22. Second Line of Command (Operational and Strategic)
Commander in Chief
PM / President
NSA NCSC
Defence Chief
of Staff
Head of
Intelligence
MHACERT
LEA, Industry
Rep & Bodies
Cyber Security Organizations and Organizations with Cyber Command Centers
State Cyber
Security Centers
Sectoral CERTs
NTRO(cyber)
NCIIPC
IB, RAW, NIA,
DIA
Defense CERTs,
DIA, DRDO etc
Academia
Participants
CyberCrime
Police Stations
CCTNS,
NATGRID
Information &
Data Library
Online
Battalions
General areas
n.e.s.
Continuing
Education &
Training
Control and Operational Areas (national and state level)
Capacity
Building
Capability
Building
Citizen
Outreach
Sectoral
Departments
Critical
Infrastructure
Education
and Training
International
Relations
Policy &
Regulations
Offensive and
Defensive
Knowledge
Repository
Domestic
Relationships
Risk
Advisories
Intelligence
Gathering
Research and
Development
Public Private
Partnership
Public
Relations
Security
Clearance
Think Tank Testing Group
Talent
Identification
Responsible
Disclosure
Field Organizations and Teams
CERT Incident
Response
Awareness,
Education,
Training
Developers
Embedded
Cyber
Patrollers
Reporting and
Measurement
Skill
Development
Audit, Risk,
Technology
Conceptualgovernance
framework
25. This really does not
happen in real life!
I have yet to see a
hacker who is genteel,
good mannered and
follows such etiquette
<LOL>
26. Moving on… the 2nd part of my talk
•We’ve seen how orderly or disorderly we are (big
deal, we are like that only and it is not just us but
the whole world)
•Lets move on to something more exciting – our
future, tomorrow, kal / kaal …
•
• The Internet of Things
31. (…) it takes many decades from the excitement of
inception for these technologies to fully work. In the case
of the automobile, the technology took 40 years to go from
merely “working” to eventually becoming fully part of our
lives. It took 80 years, from 1880 to 1960 for the
technology to become comfortable. The final phase of a
technology is for it to disappear. As John Seely Brown
puts it: “Technology has not fully arrived until it
disappears—until it is so much a part of us that we don’t
see it.” (Brian Arthur, “Myths and Realities of the High-
Tech Economy”)
40. exciting new developments
SMART
•Light bulbs that change depending on your
mood
•Refrigerators that talk with your smartphone
•Efficiency across industries
•Cost savings in healthcare
IoT
43. SMART
IoTIoT technologies and services generated
global revenues of $4.8 trillion in 2012
To reach
$8.9 trillion by 2020
growing at a compound annual rate (CAGR) of 7.9%.
44. SMART
IoT50 billion connected devices by 2020
Each person will have more than 6
devices
IoT device will more than double
(4.9 billion this year)
47. television
RISKSThe smart TV recognizes voice commands so it is in listening mode
and also listens to any conversation in the room while trying to figure
out a command.. Is this shared at the back end ??
48. Look at the future differently
• Neither software nor email security will be enough
• To protect (IoT) against future attacks from
cybercriminals
• Develop strategies in preparation "for the onslaught of
Internet enabled devices“
• Prepare for the fast approaching army of networked
devices
49. http://fortifyprotect.com/HP_IoT_Research_Study.pdf
Any connected consumer
electronic appliance may
become a zombie for a
botnet. Imagine the power of
a DDoS using all the TV sets
of one brand.
Ransomware may shoot up.
What if a ransomware hits
the same TV sets or consumer
appliance
Will the brand pay the
ransom? Will you pay to get
back your connected fridge?"
RISKS
50. RISKS
• Security flaw that could allow unlocking doors
of up to 2.2 million Minis, BMWs, and Rolls-
Royce models
• They all are equipped with BMW’s
ConnectedDrive software which uses on-board
SIM cards
• Potentially hackers gain access to the onboard
vehicle computer systems that manage
everything from engines and brakes to even
the air conditioning
56. This document has been created by IndiaWatch., Open Security Alliance., Dinesh O Bareja
Released in the public domain under Creative Commons License (Attribution- Noncommercial 2.5 India)
http://creativecommons.org/licenses/by-nc-sa/2.5/in/
The information and practices listed in this document are provided as is and for guidance purposes only and should not be
construed to be a standard (unless mentioned otherwise). Readers are urged to make informed decisions before adopting the
information given in this document.
The author(s) may not be held responsible, or liable, in any event and for any issues arising out of the use of the information and / or
guidelines included in this document. Further, we do not give any warranty on accuracy, completeness, functionality, usefulness or
other assurances as to the content in the document. We disclaim all responsibility for any losses, damage caused or attributed, directly
or indirectly, from reliance on and the use of such information.
Readers are welcome to provide feedback to the authors using the contact information provided in this document. This document
has been prepared for general public distribution so all animations have been converted to static images.
Graphics and images are usually obtained from the internet and royalty free sources and are usually acknowledged by us. Errors may
be expected in this practice and this is not intentional.-we resect creative rights and request owner(s) to inform us of any inadvertent
omission. Any trademarks or companies may be displayed or mentioned with the purpose of establishing a point or for better
understanding and we do not claim any exclusivity or relationship with their respective owers.
License and Copyright
Acknowledgements & Disclaimer
Various resources on the internet have been referred to contribute to the information presented. Images have been acknowledged (above) where possible. Any company names,
brand names, trade marks are mentioned only to facilitate understanding of the message being communicated - no claim is made to establish any sort of relation (exclusive or
otherwise) by the author(s), unless otherwise mentioned. Apologies for any infraction, as this would be wholly unintentional, and objections may please be communicated to us
for remediation of the erroneous action(s).