With corporate data breaches occurring at an ever-alarming rate, all levels of organizations are struggling with ways to protect corporate data assets. Rather than choosing one or two of the many options available, Michael Jay Freer believes that the best approach is a combination of tools and practices to address the specific threats. To get you started, Michael Jay introduces the myriad of information security tools companies are using today: firewalls, virus controls, access and authentication controls, separation of duties, multi-factor authentication, data masking, banning user-developed MS-Access databases, encrypting data (both in-flight and at-rest), encrypting emails and folders, disabling jump drives, limiting web access, and more. Then, he dives deeper into data masking and describes a powerful data-masking language. Explore how to develop standard masking business-rules and the best industry practices for manipulating masked data. You can get started slowly with information obfuscation without attempting to "boil the ocean."
To ensure that electronic documentation & records shall only be accessible to those who are authorized, and be restricted from the rest.
Nevertheless, there is necessity to balance it against the enterprise need to use and share the information
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec
With the enhanced data security and breach notification standards defined in the GDPR, many organizations are looking to build out an effective incident response strategy to meet the notification requirements.
To view this webinar on demand, click here: https://symc.ly/2GCfgkM.
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
Learn if your organization will be impacted by the GDPR as well as what data processing tactics trigger compulsory requirements.
To watch this webinar on demand click here https://symc.ly/2GYzBjD.
To ensure that electronic documentation & records shall only be accessible to those who are authorized, and be restricted from the rest.
Nevertheless, there is necessity to balance it against the enterprise need to use and share the information
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec
With the enhanced data security and breach notification standards defined in the GDPR, many organizations are looking to build out an effective incident response strategy to meet the notification requirements.
To view this webinar on demand, click here: https://symc.ly/2GCfgkM.
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
Learn if your organization will be impacted by the GDPR as well as what data processing tactics trigger compulsory requirements.
To watch this webinar on demand click here https://symc.ly/2GYzBjD.
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
Learn more about the transfer of personal data across borders, including best practices for protecting your information against physical and virtual threats in order to maintain data integrity and confidentiality.
To view the on demand version of the webinar click here: https://symc.ly/2uLlDNf.
Security and Privacy: What Nonprofits Need to KnowTechSoup
The adage says, "You can't have privacy without security, but you can have security without privacy." What does that really mean, and how can you proactively address both for your organization? With privacy scandals and data breaches grabbing headlines daily, even the smallest organizations must take responsibility for lawful custodianship and protection of personal information. In this 60-minute webinar with Michael Standard, senior corporate counsel at Symantec, we will cover the key elements of privacy and security programs. You will learn
- How privacy and security concerns intersect and differ
- Risks to assess when evaluating your privacy program
- The definition of "personal information"
- Key privacy laws that may impact your organization
- The top three privacy and security threats and how to mitigate them
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec
Symantec is offering an opportunity to hear first-hand the challenges businesses face when adopting the cloud and adhering to compliance regulations.
To watch the webinar on demand click here: https://symc.ly/2Ivwblu.
Protecting Intellectual Property and Data Loss Prevention (DLP)Arpin Consulting
Protecting Intellectual Property and Data Loss Prevention (DLP) – what makes your business unique, different, valuable, and attracts clients and customers - presented at the Boston Business Alliance 9/23/09
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
GDPR penalties begin in May 2018, yet many organizations are still developing plans and may not be ready. Symantec has identified a four stage approach to GDPR readiness.
To view this webinar now on-demand click here: https://symc.ly/2JgiOa9.
An assessment of UK cyber resilience across the commercial sector. The report highlights information disclosure, as used by hackers to construct attack intelligence.
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec
Learn how to leverage state of the art technology to build an efficient data protection risk management strategy.
To view the webinar on demand, click here: https://symc.ly/2GU8Ehb.
Has your credit union considered how member relations, legal compliance and brand reputation might be affected during a data breach? In this 2012 NAFCU Technology & Security Conference session recording you will learn about the risks of data breaches and how they could impact your credit union.
Has your credit union considered how member relations, legal compliance and brand reputation might be affected during a data breach? In this 2012 NAFCU Technology & Security Conference session recording you will learn about the risks of data breaches and how they could impact your credit union. http://www.nafcu.org/affinion
Affirmative Defense Response System (ADRS)guest95afa8
Mitigating damages and reducing risk before, during and after a data breach occurs is what ADRS is all about. A system that shows "every good faith effort" at protecting the NonPublic Personal Information (NPI) of your customers, employees, and vendors as mandated by the FTC.
White Paper: Aligning application security and complianceSecurity Innovation
According to a study made by Microsoft Security Intelligence Report, application vulnerability are reported as much as 4 times more often than browser or operating system vulnerabilities combined. This growing danger needs to be approached from two different, yet complementary perspectives:
1. Companies should first start to acknowledge the importance of software application risk management and then implement security objectives and measures into the SDLC. The question here is how should they do this? What are the best practices and what are the general compliance requirements and regulations?
2. Handling software security in applications should be done after compliance rules. However, despite the existence of some authorities and regulations in this field, the general compliance requirements are still insufficiently detailed and are subject to change and improvement.
Since companies should follow the existent compliance requirements, but the latter seem to lack a coherent and explanatory guidance, the question of aligning application security to compliance requirements becomes a great challenge.
Why aren't companies paying enough attention to application risks and its security? Why is the latter so difficult to implement? What are the best practices than can be approached to do it, while still following the general regulations?
The following white paper extensively treats these questions and proposes to analyze the following:
1. How to align software development processes with corporate policies.
2. How to align software development activities with compliance requirements.
3. How to define an action plan to identify and remediate gaps between current and best practices.
With the new General Data Protection Regulation (GDPR) set to launch in May of 2018, many are wondering how it will change the way they do business. In this presentation, we explore how to ensure compliance of the new regulation.
Want more on GDPR compliance? Join us for this FREE virtual event: http://info.aiim.org/data-privacy-data-protection-gdpr
In today’s market, global outreach, quick time to release, and a feature rich design are the major factors that determine a product’s success. Organizations are constantly on the lookout for innovative testing techniques to match these driving forces. Crowdsourced testing is a paradigm increasing in popularity because it addresses these factors through its scale, flexibility, cost effectiveness, and fast turnaround. Join Rajini Padmanaban and Mukesh Sharma as they describe what it takes to implement a crowdsourced testing effort including its definition, models, relevance to today’s development world, and challenges and mitigation strategies. Rajini and Mukesh share the facts and myths about crowdsourced testing. They span a range of theory and practice including case studies of real-life experiences and exercises to illustrate the message, and explain what it takes to maximize the benefits of a crowdsourced test implementation.
Estimating in Software Development: No Silver Bullets AllowedTechWell
What do poker, Greek oracles, an Italian mathematician from the Middle Ages, and the path of hurricanes have in common? Given the title of this presentation, chances are it has something to do with estimation, and you'll have to attend this session to get the full connection. Kent McDonald explores the challenges and realities of trying to estimate software-related knowledge work-analysis, testing, development, and the entire project effort. A major challenge is that there are no guaranteed ways to arrive at perfectly accurate estimates, which not surprisingly is why they are called estimates. Kent introduces and gives you a chance to practice quick and practical estimating techniques that will work in different situations-guesstimating, break it down and add it up, and planning poker. Kent has found that these "lite" estimation techniques are almost always just as informative as the ones you just spent six weeks formulating.
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
Learn more about the transfer of personal data across borders, including best practices for protecting your information against physical and virtual threats in order to maintain data integrity and confidentiality.
To view the on demand version of the webinar click here: https://symc.ly/2uLlDNf.
Security and Privacy: What Nonprofits Need to KnowTechSoup
The adage says, "You can't have privacy without security, but you can have security without privacy." What does that really mean, and how can you proactively address both for your organization? With privacy scandals and data breaches grabbing headlines daily, even the smallest organizations must take responsibility for lawful custodianship and protection of personal information. In this 60-minute webinar with Michael Standard, senior corporate counsel at Symantec, we will cover the key elements of privacy and security programs. You will learn
- How privacy and security concerns intersect and differ
- Risks to assess when evaluating your privacy program
- The definition of "personal information"
- Key privacy laws that may impact your organization
- The top three privacy and security threats and how to mitigate them
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec
Symantec is offering an opportunity to hear first-hand the challenges businesses face when adopting the cloud and adhering to compliance regulations.
To watch the webinar on demand click here: https://symc.ly/2Ivwblu.
Protecting Intellectual Property and Data Loss Prevention (DLP)Arpin Consulting
Protecting Intellectual Property and Data Loss Prevention (DLP) – what makes your business unique, different, valuable, and attracts clients and customers - presented at the Boston Business Alliance 9/23/09
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
GDPR penalties begin in May 2018, yet many organizations are still developing plans and may not be ready. Symantec has identified a four stage approach to GDPR readiness.
To view this webinar now on-demand click here: https://symc.ly/2JgiOa9.
An assessment of UK cyber resilience across the commercial sector. The report highlights information disclosure, as used by hackers to construct attack intelligence.
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec
Learn how to leverage state of the art technology to build an efficient data protection risk management strategy.
To view the webinar on demand, click here: https://symc.ly/2GU8Ehb.
Has your credit union considered how member relations, legal compliance and brand reputation might be affected during a data breach? In this 2012 NAFCU Technology & Security Conference session recording you will learn about the risks of data breaches and how they could impact your credit union.
Has your credit union considered how member relations, legal compliance and brand reputation might be affected during a data breach? In this 2012 NAFCU Technology & Security Conference session recording you will learn about the risks of data breaches and how they could impact your credit union. http://www.nafcu.org/affinion
Affirmative Defense Response System (ADRS)guest95afa8
Mitigating damages and reducing risk before, during and after a data breach occurs is what ADRS is all about. A system that shows "every good faith effort" at protecting the NonPublic Personal Information (NPI) of your customers, employees, and vendors as mandated by the FTC.
White Paper: Aligning application security and complianceSecurity Innovation
According to a study made by Microsoft Security Intelligence Report, application vulnerability are reported as much as 4 times more often than browser or operating system vulnerabilities combined. This growing danger needs to be approached from two different, yet complementary perspectives:
1. Companies should first start to acknowledge the importance of software application risk management and then implement security objectives and measures into the SDLC. The question here is how should they do this? What are the best practices and what are the general compliance requirements and regulations?
2. Handling software security in applications should be done after compliance rules. However, despite the existence of some authorities and regulations in this field, the general compliance requirements are still insufficiently detailed and are subject to change and improvement.
Since companies should follow the existent compliance requirements, but the latter seem to lack a coherent and explanatory guidance, the question of aligning application security to compliance requirements becomes a great challenge.
Why aren't companies paying enough attention to application risks and its security? Why is the latter so difficult to implement? What are the best practices than can be approached to do it, while still following the general regulations?
The following white paper extensively treats these questions and proposes to analyze the following:
1. How to align software development processes with corporate policies.
2. How to align software development activities with compliance requirements.
3. How to define an action plan to identify and remediate gaps between current and best practices.
With the new General Data Protection Regulation (GDPR) set to launch in May of 2018, many are wondering how it will change the way they do business. In this presentation, we explore how to ensure compliance of the new regulation.
Want more on GDPR compliance? Join us for this FREE virtual event: http://info.aiim.org/data-privacy-data-protection-gdpr
In today’s market, global outreach, quick time to release, and a feature rich design are the major factors that determine a product’s success. Organizations are constantly on the lookout for innovative testing techniques to match these driving forces. Crowdsourced testing is a paradigm increasing in popularity because it addresses these factors through its scale, flexibility, cost effectiveness, and fast turnaround. Join Rajini Padmanaban and Mukesh Sharma as they describe what it takes to implement a crowdsourced testing effort including its definition, models, relevance to today’s development world, and challenges and mitigation strategies. Rajini and Mukesh share the facts and myths about crowdsourced testing. They span a range of theory and practice including case studies of real-life experiences and exercises to illustrate the message, and explain what it takes to maximize the benefits of a crowdsourced test implementation.
Estimating in Software Development: No Silver Bullets AllowedTechWell
What do poker, Greek oracles, an Italian mathematician from the Middle Ages, and the path of hurricanes have in common? Given the title of this presentation, chances are it has something to do with estimation, and you'll have to attend this session to get the full connection. Kent McDonald explores the challenges and realities of trying to estimate software-related knowledge work-analysis, testing, development, and the entire project effort. A major challenge is that there are no guaranteed ways to arrive at perfectly accurate estimates, which not surprisingly is why they are called estimates. Kent introduces and gives you a chance to practice quick and practical estimating techniques that will work in different situations-guesstimating, break it down and add it up, and planning poker. Kent has found that these "lite" estimation techniques are almost always just as informative as the ones you just spent six weeks formulating.
Using Non-Violent Communication Skills for Managing Team ConflictTechWell
“Going agile” has transformed thousands of workplaces into groups of self-directed teams, more engaged and increasingly more productive. Knowledge workers report increased job satisfaction, strong team identity, and camaraderie. One of the secrets of high performing teams is their ability to manage conflict in ways that support team cohesion, deepen trust, and reinforce commitment to team greatness. Agile practices value individuals and interactions over processes and tools. Sounds great on paper! How do you live that? How do you work effectively with “difficult people” whether teammates, your boss, or stakeholders in your project? Pat Arcady identifies what is at the core of disagreement, presents a simple four-step protocol for managing conflict, and introduces three key distinctions to make for converting an argument into a meaningful discussion. Practice applying these concepts to your own work situations. This is an experiential session, focused on practical applications for you at your job.
Want your sprint/iteration planning to take less than fifteen minutes (excluding tasking)? The key is in the story writing we do during backlog grooming. Although the Scaled Agile Framework (SAFe) has little to say about story writing, this "speed grooming" practice makes iteration planning a breeze, and better software comes out of the process. André Dhondt shares stories of real-world agile teams using this technique and how they've moved to a customer-empathy mindset. How does it work? You need to develop great stories—customer-focused, just barely enough detail, in thin vertical slices, and collectively designed. André reviews story writing and describes how to do the three phases of grooming in under one team-hour a week (typically, two 25-minute meetings) by defining the phases—Exploring, Sizing, and Splitting, plus one off-line activity Naming the Universe. Learn to avoid the overhead of long pre-backlog sessions, reduce Product Owner prep time, and prevent hidden dependencies from bumping a story out to the next iteration.
Danger! Danger! Your Mobile Applications Are Not SecureTechWell
A new breed of mobile devices with sophisticated processors and ample storage has given rise to sophisticated applications that move more and more data and business logic to devices. The result is significant and potentially dangerous security challenges, especially for location-aware mobile applications and those storing sensitive or valuable data on devices. To counter these risks, Johannes Ullrich introduces and demonstrates design strategies you can use to mitigate these risks and make applications safer and less vulnerable. Johannes illustrates design patterns to: co-validate data on both the client and server; authenticate transactions on the server; and store only authenticated and access-controlled data on the client. Learn to apply these solutions without losing access to powerful HTML5 JavaScript APIs such as those required for location-based mobile applications. Johannes shares the source code of a location-based mobile application used to organize the cataloging of historic buildings.
Database Development: The Object-oriented and Test-driven WayTechWell
As developers, we've created heuristics that help us build robust systems and employed test-driven development (TDD) to improve code design and counter instability. Yet object-oriented development principles and TDD have failed to gain traction in the database world. That’s because database development involves an additional driving force-the data. Max Guernsey shows how to treat databases as objects with classes of their own-rather than as containers of objects-and how to drive database designs from tests. He illustrates a way to give these database classes the ability to upgrade old data without introducing undue risk. Max also shares how to apply good object-oriented design principles to database classes and how to enforce semantic connections between databases and clients. Max demonstrates how it all works together, ensuring that your production databases work exactly the same as test databases, minimizing the risk of design changes, and enabling client applications to more easily keep up with database changes.
Misconceptions abound about the way requirements fit—or don’t fit—into agile projects. Is “agile requirements” an oxymoron—two contradictory terms joined together? How is it possible for requirements to be agile? Do agile projects even need requirements? In reality, requirements are the basis for planning, analyzing, developing, and delivering agile projects. Paul Reed shares the value of requirements analysis on agile projects, the ways requirements form the basis for agile planning, and explains how effective agile teams collaborate to develop requirements. Drawing on what we know about chaos theory, complex adaptive systems, metrics on software projects, and practical application on numerous agile projects, discover how agile and requirements are congruent. Learn how agile and requirements combine to form a sound and sensible union that drives successful delivery of business value. Leave with a clear understanding of how requirements done right leverage agile practices and how agile projects depend on requirements to deliver business value.
A test strategy is the set of ideas that guides your test design. It's what explains why you test this instead of that, and why you test this way instead of that way. Strategic thinking matters because testers must make quick decisions about what needs testing right now and what can be left alone. You must be able to work through major threads without being overwhelmed by tiny details. James Bach describes how test strategy is organized around risk but is not defined before testing begins. Rather, it evolves alongside testing as we learn more about the product. We start with a vague idea of our strategy, organize it quickly, and document as needed in a concise way. In the end, the strategy can be as formal and detailed as you want it to be. In the beginning, though, we start small. If you want to focus on testing and not paperwork, this approach is for you.
Better Test Designs to Drive Test Automation ExcellenceTechWell
Test execution automation is often seen as a technical challenge-a matter of applying the right technology, tools, and smart programming talent. However, such efforts and projects often fail to meet expectations with results that are difficult to manage and maintain-especially for large and complex systems. Hans Buwalda describes how the choices you make for designing tests can make-or break-a test automation project. Join Hans to discover why good automated tests are not the same as the automation of good manual tests and how to break down tests into modules-building blocks-in which each has a clear scope and purpose. See how to design test cases within each module to reflect that module's scope and nothing more. Hans explains how to tie modules together with a keyword-based test automation framework that separates the automation details from the test itself to enhance maintainability and improve ROI.
Enterprise Lean-Agile: It’s More Than ScrumTechWell
Introducing agile development into a large enterprise is like creating a bubble of sanity in the midst of bedlam. Unless the sanity spreads, the effort is ultimately frustrating, frustrated—and fails. Jeff Marr describes the web of the enterprise ecosystem and presents strategies to build a common agile and lean vocabulary and set of practices within your organization. The lean/agile tenets must be understandable to and appropriate for executive leaders, non-agile product development teams, hardware development, manufacturing, customer support, sales, regulatory compliance, and other elements of the enterprise. Jeff describes how enterprises typically view agile and ways common misconceptions play to your advantage and disadvantage. Finally, Jeff describes an approach to establishing partnerships of mutual interest across the enterprise. If you are a leader, champion, coach, or team member struggling with or preparing for agile adoption in the enterprise, you’ll take away invaluable tips to help you avoid pitfalls, improve communication, and spread the sanity.
An Automation Culture: The Key to Agile SuccessTechWell
For organizations developing large-scale applications, transitioning to agile is challenging enough. But if your organization has not yet adopted an automation culture, brace yourself for a big surprise because automation is essential to agile success. From the safety nets provided by automated unit and acceptance tests to the automation of build, build verification, and deployment processes, the iterative nature of agile demands a culture of automation across your engineering organization. Geoff Meyer shares lessons learned in adopting a test automation culture as the Dell Enterprise Systems Group simultaneously adopted Scrum and agile processes across its entire software product portfolio. Learn to address the practical challenges of establishing an automation culture at the outset by ensuring that your organizational makeover incorporates changes to your hiring, staffing, and training practices. Find out how you can apply automation beyond the Scrum team in areas of continuous integration, scale and stress testing, and performance testing.
In the tradition of James Whittaker’s book series How to Break … Software, Jon Hagar applies the testing “attack” concept to the domain of embedded software systems. Jon defines the sub-domain of embedded software and examines the issues of product failure caused by defects in that software. Next, he shares a set of attacks against embedded software based on common modes of failure that testers can direct against their own software. For specific attacks, Jon explains when and how to conduct the attack, as well as why the attack works to find bugs. In addition to learning these testing skills, attendees get to practice the attacks on a device—a robot that Jon will bring to the tutorial—containing embedded software. Specific attack methods considered include data issues, computation and control structures, hardware-software interfaces, and communications.
Michael Jay Freer - Information Obfuscationiasaglobal
In this session, Michael Jay Freer will explore defining a common data-masking language, defining standard masking business-rules, defining best practices for manipulating the data, and how to get started without attempting to "Boil-the-ocean."
Customer Data Privacy & Protection | SecloreSeclore
Nearly half of all cyberattacks target small businesses. Customer data is rarely restricted to one system or one business department only and is often shared with external partners and outsourced vendors, which increases the security and privacy risk multi-fold. The Seclore Data Protection Portal automatically protects sensitive data (insurance claims, credit card applications, loan applications, etc.) as customers submit it.
Securing Your "Crown Jewels": Do You Have What it Takes?IBM Security
Securing Your "Crown Jewels": Do You Have What it Takes to Go From Start to Finish?
Protecting Your Most Valuable Data: Organizations face many data protection challenges, but one of the biggest is identifying and prioritizing the 0.01% - 2% of the data that is most important to your organization's survival and success. IBM Data Security Services can help by providing you with a 5-stage strategy designed to ensure that your "Crown Jewels" are protected and kept safe from loss, hackers, and being compromised. Attend this session and learn about processes to identify and prioritize your critical data, and services available from IBM to protect it.
5 Steps to Securing Your Company's Crown JewelsIBM Security
Today's critical business data is under constant threat, which is why enterprises must apply adequate data protection for their data security measures. Companies that fail to make data protection an everyday priority run the risk of losing money, losing business and destroying their reputations.
1. How often do you see non-sanctioned cloud services in use?
2. Are we protecting ourselves against insider threats?
3. Do we have a cyber security task force in place?
4. Is our BYOD policy secure?
5. Do you feel limited by your security budget or staff size?
Keep Up with the Demands of IT Security on a Nonprofit BudgetBVU
The technical requirements facing nonprofits are challenging and complex due to budgetary constraints, and the demands for secure and reliable access to data regulators, clients, donors, and board members. We will explore different tools non-profits can leverage for better IT security practices that won't break your IT budget, including cloud based anti-virus solutions, Intrusion Detection and Prevention Systems, and data backup in the cloud. Additionally, you will learn how tools built within Office 365 (available for free to qualified nonprofits from Microsoft), such as Email Encryption and Mobile Device Management, enable non-profits to operate more efficiently and securely.
An insight into information security.pdfSecurityium
The importance of information and Data Security in UK cannot be understated. In fact, both of these are vital concerns for companies across the planet. Businesses of multiple types and sizes must take proactive steps to protect their critical data from unauthorized access, data breaches, well as any kind of disruptive data security threats to business and consumer data.
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to SecureWorld Expo Dallas on September 27, 2016.
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
An insight into information security.pptxSecurityium
The importance of information and Data Security in UK cannot be understated. In fact, both of these are vital concerns for companies across the planet. Businesses of multiple types and sizes must take proactive steps to protect their critical data from unauthorized access, data breaches, well as any kind of disruptive data security threats to business and consumer data.
Breaking down the cyber security framework closing critical it security gapsIBM Security
Cyber crime is pervasive and here to stay. Whether you work in the Public Sector, Private Sector, are the CEO for a Fortune 500 Company or trying to sustain a SMB everyone is under attack. This February, President Obama, issued an executive order aimed at protecting critical business and government infrastructure due to the scale and sophistication of IT security threats that have grown at an explosive rate. Organizations and Government agencies have to contend with industrialized attacks, which, in some cases, rival the size and sophistication of the largest legitimate computing efforts. In addition, they also have to guard against a more focused adversary with the resources and capabilities to target highly sensitive information, often through long-term attack campaigns. Many security executives are struggling to answer questions about the most effective approach.
GLOBAL ASSET, INC. (GAI) Global Asset, Inc. (GAI) is a fin.docxbudbarber38650
GLOBAL ASSET, INC. (GAI)
Global Asset, Inc. (GAI) is a financial company that manages thousands of accounts across Canada, the United
States, and Mexico. A public company traded on the NYSE, GAI specializes in financial management, loan
application approval, wholesale loan processing, and investment of money management for their customers.
GAI employs over 1,600 employees and has been experiencing consistent growth keeping pace with S&P averages
(approximately 8%) for nearly six years. A well-honed management strategy built on scaling operational
performance through automation and technological innovation has propelled the company into the big leagues; GAI
was only recently profiled in Fortune Magazine.
The executive management team of GAI:
CEO
John Thompson
Vice Presidnet
Trey Elway
Executive
Assistant
Julie Anderson
Executive
Assistant
Kim Johnson
Executive
Assistant
Michelle Wang
CFO
Ron Johnson
COO
Mike Willy
CCO
Andy Murphy
Director of
Marketing
John King
Director of HR
Ted Young
Figure 1 GAI Management Organizational Chart
BACKGROUND AND YOUR ROLE
You are the Computer Security Manager educated, trained, and hired to protect the physical and operational
security of GAI’s corporate information system.
You were hired by COO Mike Willy and currently report to the COO. You are responsible for a $5.25m
annual budget, a staff of 11, and a sprawling and expansive data center located on the 5
th
floor of the
corporate tower. This position is the pinnacle of your career – you are counting on your performance here
to pave the way into a more strategic leadership position in IT, filling a vacancy that you feel is so
significantly lacking from the executive team.
There is actually a reason for this. CEO John Thompson believes that the IT problem is a known quantity –
that is, she feels the IT function can be nearly entirely outsourced at fractions of the cost associated with
creating and maintaining an established internal IT department; the CEO’s strategy has been to prevent IT
from becoming a core competency since so many services can be obtained from 3
rd
parties. Since the CEO
has taken the reigns two years ago, the CEO has made significant headway in cutting your department’s
budget by 30% and reducing half of your staff through outsourcing. This has been a political fight for you:
maintaining and reinforcing the relevance of an internal IT department is a constant struggle. COO Willy’s
act of hiring you was, in fact, an act of desperation: the increasing operational dependence on technology
combined with a diminishing IT footprint gravely concerned Jacobson, and he begged to at least bring in a
manager to whom these obligations could be delegated to. Jacobson’s worst nightmare is a situation where
the Confidentiality, Integrity, and Availability of the information system was compromised – bringing the
company to its knees – then having to rely.
The explosive growth of data and the value it creates calls on data professionals to level up their programs to build, demonstrate, and maintain trust. The days of fine print, pre-ticked boxes, and data hoarding are gone and strong collaboration from data, privacy, marketing and ethics teams is necessary to design trustworthy data-driven practices.
Join for a discussion on the latest trends in trusted data and how you can take critical steps to build trust in data practices by:
- Embedding privacy by design into data operations
- Respecting individual choice and optimizing the ongoing relationship with consumers
- Preparing for future data challenges including responsible AI and sustainability
Similar to Information Obfuscation: Protecting Corporate Data (20)
Do you ever feel you have lost confidence in your own abilities? Why does this happen? Isabel Evans spends a lot of time painting. Someone once commented, “Why are you doing this, when you are not very good at it?” And gradually she stopped drawing and painting, after being intimidated by a conventional vision of what good art should look like. At the same time, she experienced a parallel loss of confidence in her professional abilities. Attempting creative pursuits like drawing and painting is essential to cognitive, emotional, creative abilities and she began to understand the correlation between her creative activities and her confidence. Making errors, being wrong, failing – that is a generous gift we receive when we practice outside our skill level. By staying in a comfort zone and repeating successes, we stagnate. As Isabel started to create again she thought “I don’t feel good at it, I do feel good doing it” The difference was that she was learning, having ideas and the act of re-engaging with failure, together with the comradeship of friends and colleagues, including at Women Who Test, Isabel has regained her confidence in her professional abilities, and been able to reboot her career and joy. Join Isabel to share a journey from self-perceived failure, to recovery and renewed learning.
Instill a DevOps Testing Culture in Your Team and Organization TechWell
The DevOps movement is here. Companies across many industries are breaking down siloed IT departments and federating them into product development teams. Testing and its practices are at the heart of these changes. Traditionally, IT organizations have been staffed with mostly manual testers and a limited number of automation and performance engineers. To keep pace with development in the new “you build it, you own it” environment, testing teams and individuals must develop new technical skills and even embrace coding to stay relevant and add greater value to the business. DevOps really starts with testing. Join Adam Auerbach as he explains what DevOps is and how it relates to testing. He describes how testing must change from top to bottom and how to access your own environment to identify improvement opportunities. Adam dives into practices like service virtualization, test data management, and continuous testing so you can understand where you are now and identify steps needed to instill a DevOps testing culture in your team and organization.
Test Design for Fully Automated Build ArchitectureTechWell
Imagine this … As soon as any developed functionality is submitted into the code repository, it is automatically subjected to the appropriate battery of tests and then released straight into production. Setting up the pipeline capable of doing just that is becoming more and more common and something you need to know about. But most organizations hit the same stumbling block—just what IS the appropriate battery of tests? Automated build architectures don't always lend themselves well to the traditional stages of testing. In this hands-on tutorial, Melissa Benua introduces you to key test design principles—applicable to organizations both large and small—that allow you to take full advantage of the pipeline's capabilities without introducing unnecessary bottlenecks. Learn how to make highly reliable tests that run fast and preserve just enough information to let testers and developers determine exactly what went wrong and how to reproduce the error locally. Explore ways to reduce overlap while still maintaining adequate test coverage. Take back ideas about which test areas could benefit from being combined into a single suite and which areas could benefit most from being broken out altogether.
System-Level Test Automation: Ensuring a Good StartTechWell
Many organizations invest a lot of effort in test automation at the system level but then have serious problems later on. As a leader, how can you ensure that your new automation efforts will get off to a good start? What can you do to ensure that your automation work provides continuing value? This tutorial covers both “theory” and “practice”. Dot Graham explains the critical issues for getting a good start, and Chris Loder describes his experiences in getting good automation started at a number of companies. The tutorial covers the most important management issues you must address for test automation success, particularly when you are new to automation, and how to choose the best approaches for your organization—no matter which automation tools you use. Focusing on system level testing, Dot and Chris explain how automation affects staffing, who should be responsible for which automation tasks, how managers can best support automation efforts to promote success, what you can realistically expect in benefits and how to report them. They explain—for non-techies—the key technical issues that can make or break your automation effort. Come away with your own clarified automation objectives, and a draft test automation strategy to use to plan your own system-level test automation.
Build Your Mobile App Quality and Test StrategyTechWell
Let’s build a mobile app quality and testing strategy together. Whether you have a web, hybrid, or native app, building a quality and testing strategy means (1) knowing what data and tools you have available to make agile decisions, (2) understanding your customers and your competitors, and (3) testing your app under real-world conditions. Jason Arbon guides you through the latest techniques, data, and tools to ensure the awesomeness of your mobile app quality and testing strategy. Leave this interactive session with a strategy for your very own app—or one you pretend to own. The information Jason shares is based on data from Appdiff’s next-gen mobile app testing platform, lessons from Applause/uTest’s crowd, text mining hundreds of millions of app store reviews, and in-depth discussions with top mobile app development teams.
Testing Transformation: The Art and Science for SuccessTechWell
Technologies, testing processes, and the role of the tester have evolved significantly in the past few years with the advent of agile, DevOps, and other new technologies. It is critical that we testing professionals evaluate ourselves and continue to add tangible value to our organizations. In your work, are you focused on the trivial or on real game changers? Jennifer Bonine describes critical elements that help you artfully blend people, process, and technology to create a synergistic relationship that adds value. Jennifer shares ideas on mastering politics, maneuvering core vs. context, and innovating your technology strategies and processes. She explores how new processes can be introduced in an organization, what the role of organizational culture is in determining the success of a project, and how you can know what tools will add value vs. simply adding overhead and complexity. Jennifer reviews critically needed tester skills and discusses a continual learning model to evolve your skills and stay relevant. This discussion can lead you to technologies, processes, and skills you can stake your career on.
We’ve all been there. We work incredibly hard to develop a feature and design tests based on written requirements. We build a detailed test plan that aligns the tests with the software and the documented business needs. And when we put the tests to the software, it all falls apart because the requirements were changed without informing everyone. Mary Thorn says help is at hand. Enter behavior-driven development (BDD), and Cucumber and SpecFlow, tools for running automated acceptance tests and facilitating BDD. Mary explores the nuances of Cucumber and SpecFlow, and shows you how to implement BDD and agile acceptance testing. By fostering collaboration for implementing active requirements via a common language and format, Cucumber and SpecFlow bridge the communication gap between business stakeholders and implementation teams. In this workshop, practice writing feature files with the best practices Mary has discovered over numerous implementations. If you experience developers not coding to requirements, testers not getting requirements updates, or customers who feel out of the loop and don’t get what they ask for, Mary has answers for you.
Develop WebDriver Automated Tests—and Keep Your SanityTechWell
Many teams go crazy because of brittle, high-maintenance automated test suites. Jim Holmes helps you understand how to create a flexible, maintainable, high-value suite of functional tests using Selenium WebDriver. Learn the basics of what to test, what not to test, and how to avoid overlapping with other types of testing. Jim includes both philosophical concepts and hands-on coding. Testers who haven't written code should not be intimidated! We'll pair you up to make sure you're successful. Learn to create practical tests dealing with advanced situations such as input validation, AJAX delays, and working with file downloads. Additionally, discover when you need to work together with developers to create a system that's more easily testable. This tutorial focuses primarily on automating web tests, but many of the same concepts can be applied to other UI environments. Demos and labs will be in C# and Java using WebDriver. Leave this tutorial having learned how to write high-value WebDriver tests—and stay sane while doing so.
DevOps is a cultural shift aimed at streamlining intergroup communication and improving operational efficiency for development and operations groups. Over time, inclusion of other IT groups under the DevOps umbrella has become the norm for many organizations. But even broadening the boundaries of DevOps, the conversation has been largely devoid of the business units’ place at the table. A common mistake organizations make while going through the DevOps transformation is drawing a line at the IT boundary. If that occurs, a larger, more inclusive silo within the organization is created, operating in an informational vacuum and causing operational inefficiency and goal misalignment. Sharing his experiences working on both sides of the fence, Leon Fayer describes the importance of including business units in order to align technology decisions with business goals. Leon discusses inclusion of business units in existing agile processes, benefits of cross-departmental monitoring, and a business-first approach to technology decisions.
Eliminate Cloud Waste with a Holistic DevOps StrategyTechWell
Chris Parlette maintains that renting infrastructure on demand is the most disruptive trend in IT in decades. In 2016, enterprises spent $23B on public cloud IaaS services. By 2020, that figure is expected to reach $65B. The public cloud is now used like a utility, and like any utility, there is waste. Who's responsible for optimizing the infrastructure and reducing wasted expenses? It’s DevOps. The excess expense, known as cloud waste, comprises several interrelated problems: services running when they don't need to be, improperly sized infrastructure, orphaned resources, and shadow IT. There are a few core tenets of DevOps—holistic thinking, no silos, rapid useful feedback, and automation—that can be applied to reducing your cloud waste. Join Chris to learn why you should include continuous cost optimization in your DevOps processes. Automate cost control, reduce your cloud expenses, and make your life easier.
Transform Test Organizations for the New World of DevOpsTechWell
With the recent emergence of DevOps across the industry, testing organizations are being challenged to transform themselves significantly within a short period of time to stay meaningful within their organizations. It’s not easy to plan and approach these changes considering the way testing organizations have remained structured for ages. These challenges start from foundational organizational structures and can cut across leadership influence, competencies, tools strategy, infrastructure, and other dimensions. Sumit Kumar shares his experience assisting various organizations to overcome these challenges using an organized DevOps enablement framework. The framework includes radical restructuring, turning the tools strategy upside down, a multidimensional workforce enablement supported by infrastructure changes, redeveloped collaborations models, and more. From his real world experiences Sumit shares tips for approaching this journey and explains the roadmap for testing organizations to transform themselves to lead the quality in DevOps.
The Fourth Constraint in Project Delivery—LeadershipTechWell
All too often, the triple constraints—time, cost, and quality—are bandied about as if they are the be-all, end-all. While they are important, leadership—the fourth and larger underpinning constraint—influences the first three. Statistics on project success and failure abound, and these measurements are usually taken against the triple constraints. According to the Project Management Institute, only 53 percent of projects are completed within budget, and only 49 percent are completed on time. If so many projects overrun budget and are late, we can’t really say, “Good, fast, or cheap—pick two.” Rob Burkett talks about leadership at every level of a team. He shares his insights and stories gleaned from his years of IT and project management experience. Rob speaks to some of the glaring difficulties in the workplace in general and some specifically related to IT delivery and project management. Leave with a clearer understanding of how to communicate with teams and team members, and gain a better understanding of how you can be a leader—up and down your organization.
Resolve the Contradiction of Specialists within Agile TeamsTechWell
As teams grow, organizations often draw a distinction between feature teams, which deliver the visible business value to the user, and component teams, which manage shared work. Steve Berczuk says that this distinction can help organizations be more productive and scale effectively, but he recognizes that not all shared work fits into this model. Some work is best handled by “specialists,” that is people with unique skills. Although teams composed entirely of T-shaped people is ideal, certain skills are hard to come by and are used irregularly across an organization. Since these specialists often need to work closely with teams, rather than working from their own backlog, they don’t fit into the component team model. The use of shared resources presents challenges to the agile planning model. Steve Berczuk shares how teams such as those providing infrastructure services and specialists can fit into a feature+component team model, and how variations such as embedding specialists in a scrum team can both present process challenges and add significant value to both the team and the larger organization.
Pin the Tail on the Metric: A Field-Tested Agile GameTechWell
Metrics don’t have to be a necessary evil. If done right, metrics can help guide us to make better forward-looking decisions, rather than being used for simply managing or monitoring. They can help us identify trade-offs between options for what to do next versus punitive or worse, purely managerial measures. Steve Martin won’t be giving the Top Ten List of field-tested metrics you should use. Instead, in this interactive mini-workshop, he leads you through the critical thinking necessary for you to determine what is right for you to measure. First, Steve explores why you want to measure something—whether it’s for a team, a portfolio, or even an agile transformation. Next, he provides multiple real-life metrics examples to help drive home concepts behind characteristics of good and bad metrics. Finally, Steve shows how to run his field-tested agile game—Pin the Tail on the Metric. Take back this activity to help you guide metrics conversations at your organization.
Agile Performance Holarchy (APH)—A Model for Scaling Agile TeamsTechWell
A hierarchy is an organizational network that has a top and a bottom, and where position is determined by rank, importance, and value. A holarchy is a network that has no top or bottom and where each person’s value derives from his ability, rather than position. As more companies seek the benefits of agile, leaders need to build and sustain delivery capability while scaling agile without introducing unnecessary process and overhead. The Agile Performance Holarchy (APH) is an empirical model for scaling and sustaining agility while continuing to deliver great products. Jeff Dalton designed the APH by drawing from lessons learned observing and assessing hundreds of agile companies and teams. The APH helps implement a holarchy—a system composed of interacting organizational units called holons—centered on a series of performance circles that embody the behaviors of high performing agile organizations. Jeff describes how APH provides guidelines in the areas of leadership, values, teaming, visioning, governing, building, supporting, and engaging within an all-agile organization. Join Jeff to see what the APH is all about and how you can use it in your team and organization.
A Business-First Approach to DevOps ImplementationTechWell
DevOps is a cultural shift aimed at streamlining intergroup communication and improving operational efficiency for development and operations groups. Over time, inclusion of other IT groups under the DevOps umbrella has become the norm for many organizations. But even broadening the boundaries of DevOps, the conversation has been largely devoid of the business units’ place at the table. A common mistake organizations make while going through the DevOps transformation is drawing a line at the IT boundary. If that occurs, a larger, more inclusive silo within the organization is created, operating in an informational vacuum and causing operational inefficiency and goal misalignment. Sharing his experiences working on both sides of the fence, Leon Fayer describes the importance of including business units in order to align technology decisions with business goals. Leon discusses inclusion of business units in existing agile processes, benefits of cross-departmental monitoring, and a business-first approach to technology decisions.
Databases in a Continuous Integration/Delivery ProcessTechWell
DevOps is transforming software development with many organizations adopting lean development practices, implementing continuous integration (CI), and performing regular continuous deployment (CD) to their production environments. However, the database is largely ignored and often seen as a bottleneck in the DevOps process. Steve Jones discusses the challenges of database development and why many developers find the database to be an impediment to the CD process. Steve shares the techniques you can use to fit a database into the DevOps process. Learn how to store database code in a version control system, and the differences between that and application code. Steve demonstrates a CI process with SQL code and uses automated testing frameworks to check the code. Steve then shows how automated releases with manual gates can reduce the stress and risk of database deployments while ensuring consistent, reliable, repeatable releases to QA, UAT, and production.
Mobile Testing: What—and What Not—to AutomateTechWell
Organizations are moving rapidly into mobile technology, which has significantly increased the demand for testing of mobile applications. David Dangs says testers naturally are turning to automation to help ease the workload, increase potential test coverage, and improve testing efficiency. But should you try to automate all things mobile? Unfortunately, the answer is not always clear. Mobile has its own set of complications, compounded by a wide variety of devices and OS platforms. Join David to learn what mobile testing activities are ripe for automation—and those items best left to manual efforts. He describes the various considerations for automating each type of mobile application: mobile web, native app, and hybrid applications. David also covers device-level testing, types of testing, available automation tools, and recommendations for automation effectiveness. Finally, based on his years of mobile testing experience, David provides some tips and tricks to approach mobile automation. Leave with a clear plan for automating your mobile applications.
Cultural Intelligence: A Key Skill for SuccessTechWell
Diversity is becoming the norm in everyday life. However, introducing global delivery models without a proper understanding of intercultural differences can lead to difficulty, frustration, and reduced productivity. Priyanka Sharma and Thena Barry say that in our diverse world, we need teams with people who can cross these boundaries, communicate effectively, and build the diverse networks necessary to avoid problems. We need to learn about cultural intelligence (CI) and cultural quotient (CQ). CI is the ability to relate and work effectively across cultures. CQ is the cognitive, motivational, and behavioral capacity to understand and respond to beliefs, values, attitudes, and behaviors of individuals and groups. Together, CI and CQ can help us build behavioral capacities that aid motivation, behavior, and productivity in teams as well as individuals. Priyanka and Thena show how to build a more culturally intelligent place with tools and techniques from Leading with Cultural Intelligence, as well as content from the Hofstede cultural model. In addition, they illustrate the model with real-life experiences and demonstrate how they adapted in similar circumstances.
Turn the Lights On: A Power Utility Company's Agile TransformationTechWell
Why would a century-old utility with no direct competitors take on the challenge of transforming its entire IT application organization to an agile methodology? In an increasingly interconnected world, the expectations of customers continue to evolve. From smart meters to smart phones, IoT is creating a crisis point for industries not accustomed to rapid change. Glen Morris explains that pizzas can be tracked by the minute and packages at every stop, and customers now expect this same customer service model should exist for all industries—including power. Glen examines how to create momentum and transform non-IT-focused industries to an agile model. If you are struggling with gaining traction in your pursuit of agile within your business, Glen gives you concrete, practical experiences to leverage in your pursuit. Finally, he communicates how to gain buy-in from business partners who have no idea or concern about agile or its methodologies. If your business partners look at you with amusement when you mention the need for a dedicated Product Owner, join Glen as he walks you through the approaches to overcoming agile skepticism.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
2. Michael Jay Freer
Quality Business Intelligence
Michael Jay Freer is a consultant specializing in business intelligence solutions. He has
provided thought leadership and consulting services to Fortune 500 companies including
MetLife, Tyco Safety Products, Capital One, Brinks Home Security, Rite Aid, and Zales. With
more than twenty years of experience, Michael Jay has worked with business sponsors to
provide solutions in financial, marketing, manufacturing, supply chain management, retail, and
hospitality/cruise/tourism industries. A member of the PMI, IIBA, and ASQ, Michael Jay serves
on the board of the South Florida Chapter of the Data Warehouse Institute.
3. Tuesday, September 04, 2012
Information Obfuscation
Information Obfuscation
(Data Masking)
Protecting Corporate Data-Assets
Presented by Michael
Jay Freer
Michael Jay Freer - Presenter Bio
Michael Jay Freer, SSGB, ITIL(v3), Information Management professional providing
thought leadership to fortune 500 companies
including MetLife Bank, Tyco Safety Products,
Capital One, Brinks Home Security, and Zales.
Over his 25+ years experience he has worked with
business executives providing solutions in
financial management, manufacturing, supply
chain management, retail, marketing, and hospitality industries.
As an Enterprise Architect at MetLife Bank, Michael Jay specialized in
Information Obfuscation facilitating project solutions for protecting
business Confidential and Restricted data.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 2
All rights reserved
1
4. Tuesday, September 04, 2012
Information Obfuscation
Presentation Ground Rules
Start and Finish on time
Questions at anytime
Parking lot for longer discussion points
“Electronics on Stun”
Respect your peers
No phone calls or email in the room
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 3
All rights reserved
Information Obfuscation
(Data Masking)
Protecting Corporate Data-assets
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
2
5. Tuesday, September 04, 2012
Information Obfuscation
Agenda
Outlining the Problem
Data Masking Golden Rule
Defining Information Obfuscation
Information Classification
Who is Responsible
Defining a Common Language
Data-Centric Development
Governance
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 5
All rights reserved
Outlining the Problem
Problem Statement
Corporate Data breaches are occurring at an alarming rate.
1) It is incumbent on organizations to protect the customer,
partner, and employee data with which they are entrusted.
2) Ease of access to sensitive information in business systems.
3) Using unmasked Confidential and Restricted data in nonproduction environments exposes risks to company reputation.
Business Rationale for Obfuscating Data
• Reduce Data Breach Risks
• Heightened Legal and Regulatory Scrutiny of Data Protection
Services (i.e.: SOX, HIPAA, GLBA, NPPI, FFIEC, PCI-DSS)
• Company Policies and Standards
• Fundamental assumption on the part of customers that their data
is already de-identified in non-production systems
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 6
All rights reserved
3
6. Tuesday, September 04, 2012
Information Obfuscation
Outlining the Problem
Problem Statement
Corporate Data breaches are occurring at an alarming rate.
1) It is incumbent on organizations to protect the customer,
partner, and employee data with which they are entrusted.
2) Ease of access to sensitive information in business systems.
3) Using unmasked Confidential and Restricted data in nonproduction environments exposes risks to company reputation.
Business Rationale for Obfuscating Data
• Reduce Data Breach Risks
• Heightened Legal and Regulatory Scrutiny of Data Protection
Services (i.e.: SOX, HIPAA, GLBA, NPPI, FFIEC, PCI-DSS)
• Company Policies and Standards
• Fundamental assumption on the part of customers that their data
is already de-identified in non-production systems
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 7
All rights reserved
Data Masking Golden Rule
To put Information-obfuscation (Data-masking) into
perspective simply think about yourself:
How many vendors or service-providers have your
personal information (banks, mortgage holders
physicians, pharmacies, retailers, schools you applied
to, utilities, cellular carriers, internet providers, etc.)?
Michael Jay’s Data Masking Golden Rule
“Do unto your company’s corporate data assets as you
would have your banker, healthcare provider, or retailer
do unto your personal information.”
(Use this as your compass to navigate)
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 8
All rights reserved
4
7. Tuesday, September 04, 2012
Information Obfuscation
Data Masking Golden Rule
To put Information-obfuscation (Data-masking) into
perspective simply think about yourself:
How many vendors or service-providers have your
personal information (banks, mortgage holders
physicians, pharmacies, retailers, schools you applied
to, utilities, cellular carriers, internet providers, etc.)?
Michael Jay’s Data Masking Golden Rule
“Do unto your company’s corporate data-assets as you
would have your banker, healthcare provider, or retailer
do unto your personal information.”
(Use this as your compass to navigate)
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 9
All rights reserved
Defining Information Obfuscation
Definition
Information Obfuscation is the effort in both business
operations and non-production systems to protect business
confidential and restricted data from easy access or
visibility by unauthorized parties.
Framework
For our purposes, obfuscation includes access
management, data masking, encryption of data-at-rest
(DAR) and encryption of data-in-transit including
principles for protecting business communications.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 10
All rights reserved
5
8. Tuesday, September 04, 2012
Information Obfuscation
Information Classification
Sensitive Data
“Sensitive” is a broad term for information considered to be
a business trade-secret; or consider “private” by regulatory
rule, legal act, or trade association (i.e.: GLBA, HIPAA,
FFIEC, PCI, PHI, PII).
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 11
All rights reserved
Information Classification
Information Classification Levels
Public – non-sensitive data, disclosure will not violate
privacy rights
Internal Use Only – generally available to employees and
approved non-employees. May require a non-disclosure
agreement.
Confidential – intended for use only by specified employee
groups. Disclosure may compromise an organization,
customer, or employee.
Restricted – very sensitive, intended for use only by named
individuals.
Sealed – extremely sensitive, irreparable destruction of
confidence in and reputation of the organization
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 12
All rights reserved
6
9. Tuesday, September 04, 2012
Information Obfuscation
Information Classification
Information Classification Levels
Public – non-sensitive data, disclosure will not violate
privacy rights
Internal Use Only – generally available to employees and
approved non-employees. May require a non-disclosure
PII (Personally Identifiable Information) will
agreement.
vary based on your company, your industry,
Confidential – intended for use only by specified employee
government regulations, and jurisdiction.
groups. Disclosure may compromise an organization,
customer, or employee.
Restricted – very sensitive, intended for use only by named
individuals.
Sealed – extremely sensitive, irreparable destruction of
confidence in and reputation of the organization
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 13
All rights reserved
Who is Responsible
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 14
All rights reserved
7
10. Tuesday, September 04, 2012
Information Obfuscation
Who is Responsible
You are!
No matter your role in the organization, you are
responsible for protecting the “corporate data-assets.”
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 15
All rights reserved
Who is Responsible
You are!
No matter your role in the organization, you are
responsible for protecting the “corporate data-assets.”
Everyone else is also Responsible
All of your peers are also responsible for protecting the
Corporate Data-Assets.
However, you don’t have control over your peers, only
over your own vigilance and how you make your
management aware of any concerns, risk, or issues with the
security of the corporate data-assets.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 16
All rights reserved
8
11. Tuesday, September 04, 2012
Information Obfuscation
Defining a Common Language
Information Obfuscation
Information Obfuscation (or Data Masking) is the practice
of concealing, restricting, fabricating, encrypting, or
otherwise obscuring sensitive data.
This is usually thought of in the context of non-production
systems but it really encompasses the full information
management lifecycle from on boarding of data to
developing new functionality to archiving and purging
historical data.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 17
All rights reserved
Defining a Common Language
Communication
The Business-Information Owner, Project Stakeholders,
Development Teams, and Support Teams need to use a
common language when discussing the various obfuscation
methods and where in the environment lifecycle an action
will occur.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 18
All rights reserved
9
12. Tuesday, September 04, 2012
Information Obfuscation
Defining a Common Language
Communication
The Business-Information Owner, Project Stakeholders,
Development Teams, and Support Teams need to use a
common language when discussing the various obfuscation
methodssimple phrasethe environment lifecycle an action
The and where in ‘Just mask the data’ does
will occur.
not address what to mask, how to mask, where to
mask, or who is responsible for understanding
the impact masking will have on business
functionality.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 19
All rights reserved
Common Language – Environment Lifecycle
Common Environments
1. Development – Code is created, modified and unit tested
2. Testing / QA – System, integration, & regression testing
3. User Acceptance (UAT) – Business-user validation
Test new business requirements and regression test
existing functionality
4. Business Operations – Day-to-day business
environment
5. Business Support – Replicate and troubleshoot business
issues
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 20
All rights reserved
10
13. Tuesday, September 04, 2012
Information Obfuscation
Common Language – Environment Lifecycle
Common Environments
1. Development – Code is created, modified and unit tested
2. Testing / QA – System, integration, & regression testing
3. User Acceptance (UAT) – Business-user validation
Question for Another Time
Test new business requirements and regression some
“Which of these environments will hold test
existing functionality
level of “sensitive-data” and which are
4. Business Operations – Day-to-day business
maintained as “Production Environments?”
environment
5. Business Support – Replicate and troubleshoot business
issues
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 21
All rights reserved
Common Language – Environment Lifecycle
Other Possible Environments
Isolated On-boarding – When data from 3rd party
partners are transitioned in, there may requirements for a
secured environment to cleanse and prepare data for
integration into the business operations environments
Isolated Data-Masking – Unmasked Confidential and
Restricted Data should not be transferred to nonproduction environments. A separate secure environment
allows for standardized data masking in-place
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 22
All rights reserved
11
14. Tuesday, September 04, 2012
Information Obfuscation
Common Language – Environment Lifecycle
Other Possible Environments
Isolated On-boarding – When data from 3rd party
partners are transitioned in, there may requirements for a
secured environment to cleanse and prepare data for
integration into the business operations environments
Isolated Data-Masking – Unmasked Confidential and
Restricted Data should not be transferred to nonproduction environments. A separate secure environment
allows for standardized data masking in-place
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 23
All rights reserved
Common Language – Environment Lifecycle
Other Possible Environments
Isolated On-boarding – When data from 3rd party
partners are transitioned in, there may requirements for a
secured environment to cleanse and prepare data for
Example
integration into the business operations environments.
Isolated Data-Masking – Unmasked Confidential and
A mortgage service provider staging loans when
Restricted Data should not be transferred to nonthe servicing responsibility has not officially
production environments. A separate secure environment
transferred.
allows for standardized data masking in-place
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 24
All rights reserved
12
15. Tuesday, September 04, 2012
Information Obfuscation
Common Language – Environment Lifecycle
Other Possible Environments
Isolated On-boarding – When data from 3rd party
partners are transitioned in, there may requirements for a
secured environment to cleanse and prepare data for
Example
integration into the business operations environments.
Isolated Data-Masking – Unmasked Confidential and
A mortgage service provider staging loans when
Restricted Data should not be transferred to nonthe servicing responsibility has not officially
production environments. A separate secure environment
transferred.
allows for standardized data masking in-place
Do you consider this to be “production data?”
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 25
All rights reserved
Common Language – Environment Lifecycle
Other Possible Environments
Isolated On-boarding – When data from 3rd party
partners are transitioned in, there may requirements for a
secured environment to cleanse and prepare data for
integration into the business operations environments
Isolated Data-Masking – Unmasked Confidential and
Restricted Data should not be transferred to nonproduction environments. A separate secure environment
allows for standardized data masking in-place
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 26
All rights reserved
13
16. Tuesday, September 04, 2012
Information Obfuscation
Common Language – Environment Lifecycle
Other Possible Environments
Isolated On-boarding – When data from 3rd party
partners are transitioned in, there may requirements for a
secured environment to cleanse and prepare data for
integration into the business operations environments
Isolated Data-Masking – Unmasked Example and
Confidential
Company policies often state sensitive data may
Restricted Data should not be transferred to nonnot be stored in non-production environments.
production environments. A separate secure environment
Moving standardized data masking in-place
allows for data to “development” or “test” environments
before masking would violate such company policies.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 27
All rights reserved
Common Language – Environment Lifecycle
Other Possible Environments
Isolated On-boarding – When data from 3rd party
partners are transitioned in, there may requirements for a
secured environment to cleanse and prepare data for
integration into the business operations environments
Isolated Data-Masking – Unmasked Confidential and
Restricted Data should not be transferred to nonproduction environments. A separate secure environment
allows for standardized data masking in-place
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 28
All rights reserved
14
17. Tuesday, September 04, 2012
Information Obfuscation
Common Language – Masking Taxonomy
Methods of Obfuscating Information
Pruning Data
Concealing Data
Fabricating Data
Trimming Data
Encrypting Data
Separating Data
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 29
All rights reserved
Common Language – Masking Taxonomy
Methods of Obfuscating Information
Pruning Data
Concealing Data
Fabricating Data
Trimming Data
Encrypting Data
Separating Data
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 30
All rights reserved
15
18. Tuesday, September 04, 2012
Information Obfuscation
Data Movement
Encrypted
Data Storage
Encrypted
Encrypted
Development Environment
Common Language – Where to Obfuscate
Data Movement – Data can be removed, shorten, or encrypted
Data Stores – Data can be encrypted , data-at-rest (DAR)
Interactive User Interfaces – Only show required data or portions
of attributes for identification (i.e. account#, license#, SS#)
Static Reporting – More restrictive than Interactive User Interfaces
MJFreer@QualityBI.com
(954) 249-1530
Slide# 31
All rights reserved
Michael Jay Freer
Data Movement
Encrypted
Data Storage
Encrypted
Encrypted
Development Environment
Common Language – Where to Obfuscate
Data Movement – Data can be removed, shorten, or encrypted
Data Stores – Data can be encrypted , data-at-rest (DAR)
Interactive User Interfaces – Only show required data or portions
of attributes for identification (i.e. account#, license#, SS#)
Static Reporting – More restrictive than Interactive User Interfaces
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 32
All rights reserved
16
19. Tuesday, September 04, 2012
Information Obfuscation
Data Movement
Encrypted
Data Storage
Encrypted
Encrypted
Development Environment
Common Language – Where to Obfuscate
Data Movement – Data can be removed, shorten, or encrypted
Data Stores – Data can be encrypted , data-at-rest (DAR)
Interactive User Interfaces – Only show required data or portions
of attributes for identification (i.e. account#, license#, SS#)
Static Reporting – More restrictive than Interactive User Interfaces
MJFreer@QualityBI.com
(954) 249-1530
Slide# 33
All rights reserved
Michael Jay Freer
Data Movement
Encrypted
Data Storage
Encrypted
Encrypted
Development Environment
Common Language – Where to Obfuscate
Data Movement – Data can be removed, shorten, or encrypted
Data Stores – Data can be encrypted , data-at-rest (DAR)
Interactive User Interfaces – Only show required data or portions
of attributes for identification (i.e. account#, license#, SS#)
Static Reporting – More restrictive than Interactive User Interfaces
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 34
All rights reserved
17
20. Tuesday, September 04, 2012
Information Obfuscation
Data Movement
Data Storage
Encrypted
Encrypted
Encrypted
Development Environment
Common Language – Where to Obfuscate
Data Movement – Data can be removed, shorten, or encrypted
Data Stores – Data can be encrypted , data-at-rest (DAR)
Interactive User Interfaces – Only show required data or portions
of attributes for identification (i.e. account#, license#, SS#)
Static Reporting – More restrictive than Interactive User Interfaces
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 35
All rights reserved
Common Language – Masking Taxonomy
Methods of Obfuscating Information
Pruning Data
Concealing Data
Fabricating Data
Trimming Data
Encrypting Data
Separating Data
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 36
All rights reserved
18
21. Tuesday, September 04, 2012
Information Obfuscation
Data Movement
Data Storage
Encrypted
Encrypted
Encrypted
Development Environment
Common Language – Pruning Data
Pruning Data: Removes sensitive data from attributes
in non-production environments. The attribute will still
appear on data entry screens and reporting but be left blank.
MJFreer@QualityBI.com
(954) 249-1530
Slide# 37
All rights reserved
Michael Jay Freer
Data Movement
Encrypted
Example
Executive Salaries: Employee personnel records
Data Storage
Encrypted
Encrypted
Development Environment
Common Language – Pruning Data
can de-identify by changing Emp#, SS#, from attributes
Pruning Data: Removes sensitive data& names but
executive management records are attribute will still
in non-production environments. Theeasily tied back to
the on data entry hierarchy (e.g., top 10 salaries).
appearorganizational screens and reporting but be left blank.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 38
All rights reserved
19
22. Tuesday, September 04, 2012
Information Obfuscation
Data Movement
Data Storage
Encrypted
Encrypted
Encrypted
Development Environment
Common Language – Concealing Data
Concealing Data: Removes sensitive data from user
access and visibility. For data entry screens and reports, the
attribute does not appear at all versus being Pruned (blank).
Concealing data depends on clear rules for Access, Authentication, and
Accountability.
MJFreer@QualityBI.com
(954) 249-1530
Slide# 39
All rights reserved
Michael Jay Freer
Data Movement
Encrypted
Example
Data Storage
Encrypted
Encrypted
Development Environment
Common Language – Concealing Data
Bank / Loan Account#: Bank web sites generally
Concealing Data: Removes sensitivethe accountuser
do not display account numbers even to data from
access and visibility. For data entry screens and reports, the
holder.
attribute does not appear at all versus being Pruned (blank).
Concealing data depends on clear rules for Access, Authentication, and
Accountability.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 40
All rights reserved
20
23. Tuesday, September 04, 2012
Information Obfuscation
Data Movement
Data Storage
Encrypted
Encrypted
Encrypted
Development Environment
Common Language – Fabricating Data
Fabricating Data:
1) Creating data to replace sensitive data
2) Creating data to facilitate full functional testing
3) Creating date for negative testing (error handling)
MJFreer@QualityBI.com
(954) 249-1530
Slide# 41
All rights reserved
Michael Jay Freer
Data Movement
Data Storage
Encrypted
Encrypted
Example
Contact ame or ID#:
Encrypted
Development Environment
Common Language – Fabricating Data
Replacing contact name and ID# is the standard
Fabricating de-identifying customer and employee
method for Data:
records.
1) Creating data to replace sensitive data
2) Creating data to facilitate full functional testing
3) Creating date for negative testing (error handling)
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 42
All rights reserved
21
24. Tuesday, September 04, 2012
Information Obfuscation
Data Movement
Data Storage
Encrypted
Encrypted
Encrypted
Development Environment
Common Language – Trimming Data
Trimming Data: Removes part of an attribute’s value
versus Pruning which removes the entire attribute value.
MJFreer@QualityBI.com
(954) 249-1530
Slide# 43
All rights reserved
Michael Jay Freer
Data Movement
Social Security# and Credit Card#:
Encrypted
Example
Data Storage
Encrypted
Encrypted
Development Environment
Common Language – Trimming Data
Changing
TrimmingSSN# from 123-45-6789 toan attribute’s value
Data: Removes part of XXX-XX-6789
(or a new attribute = 6789) so that only part of the
versus Pruning which removes the entire attribute value.
information is available, usually for identification.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 44
All rights reserved
22
25. Tuesday, September 04, 2012
Information Obfuscation
Data Movement
Encrypted
Data Storage
Encrypted
Encrypted
Development Environment
Common Language – Encrypting Data
Encrypting Data: Encryption can be done at the
attribute, table, or database levels
(Encrypted data can be decrypted back to the original value)
MJFreer@QualityBI.com
(954) 249-1530
Slide# 45
All rights reserved
Michael Jay Freer
Example
Data Storage
Encrypted
Credit Card#: Credit card numbers are often encrypted
Data Movement
Encrypted
Development Environment
Common Language – Encrypting Data
Encrypted
for data transmission for PCI DSS compliance.
Encrypting credit card numbers at rest (DAR) provides
additional security.
Credit Card# is Data: Encryption can that often falls
Encrypting an example of an attribute be done at theinto
multiple Obfuscation Methods.
attribute, table, or database levels
(Encrypted data can be decrypted back to the original value)
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 46
All rights reserved
23
26. Tuesday, September 04, 2012
Information Obfuscation
Move Sensitive Data
to a Secured Table
Common Language – Separating Data
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Nonsensitive attributes do not reside in a single record.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 47
All rights reserved
Move Sensitive Data
to a Secured Table
Common Language – Separating Data
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Nonsensitive attributes do not reside in a single record.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 48
All rights reserved
24
27. Tuesday, September 04, 2012
Information Obfuscation
Move Sensitive Data
to a Secured Table
Common Language – Separating Data
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Nonsensitive attributes do not reside in a single record.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 49
All rights reserved
Move Sensitive Data
to a Secured Table
Common Language – Separating Data
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Nonsensitive attributes do not reside in a single record.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 50
All rights reserved
25
28. Tuesday, September 04, 2012
Information Obfuscation
Move Sensitive Data
to a Secured Table
Common Language – Separating Data
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Nonsensitive attributes do not reside in a single record.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 51
All rights reserved
Move Sensitive Data
to a Secured Table
Common Language – Separating Data
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Nonsensitive attributes do not reside in a single record.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 52
All rights reserved
26
29. Tuesday, September 04, 2012
Information Obfuscation
Move Sensitive Data
to a Secured Table
Common Language – Separating Data
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Nonsensitive attributes do not reside in a single record.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 53
All rights reserved
Move Sensitive Data
to a Secured Table
Common Language – Separating Data
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Nonsensitive attributes do not reside in a single record.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 54
All rights reserved
27
30. Tuesday, September 04, 2012
Information Obfuscation
Move Sensitive Data
to a Secured Table
Common Language – Separating Data
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Nonsensitive attributes do not reside in a single record.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 55
All rights reserved
Move Sensitive Data
to a Secured Table
Common Language – Separating Data
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Nonsensitive attributes do not reside in a single record.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 56
All rights reserved
28
31. Tuesday, September 04, 2012
Information Obfuscation
Common Language – Masking Taxonomy
Prune – Removes values from non-production systems. Attribute
appears on data entry screens and reporting but are blank.
Conceal – Removes sensitive data from user access or visibility. For
data entry screens and reports, the attribute may not appear at all or be
obscured versus being Pruned (blank).
Fabricate – Creating data to replace sensitive data and facilitate
proper application testing.
Trim – Removes part of a data attribute’s value (Pruning removes the
entire attribute value)
Encrypt – Unlike Fabricated Data, encrypted data can be decrypted
back to the original value.
Data Separation – Moves specific segments of data or individual
datum into separate tables / databases to limit user access or visibility
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 57
All rights reserved
Development Staff
Quality Assurance
Issue Support Staff
Business End-User Access
Matrix – Method, Environment, Access
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 58
All rights reserved
29
32. Tuesday, September 04, 2012
Information Obfuscation
Matrix – Method, Environment, Access
User Groups
Development Staff
Quality Assurance
Issue Support Staff
Business End-User Access
Environments
Obfuscation Method
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 59
All rights reserved
No Access to Data
Development Staff
Quality Assurance
Issue Support Staff
Business End-User Access
Matrix – Method, Environment, Access
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 60
All rights reserved
30
33. Tuesday, September 04, 2012
Information Obfuscation
Last Four Digits
Development Staff
Quality Assurance
Issue Support Staff
Business End-User Access
Matrix – Method, Environment, Access
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 61
All rights reserved
Fabricate Data
Development Staff
Quality Assurance
Issue Support Staff
Business End-User Access
Matrix – Method, Environment, Access
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 62
All rights reserved
31
34. Tuesday, September 04, 2012
Information Obfuscation
Not Acknowledged
Development Staff
Quality Assurance
Issue Support Staff
Business End-User Access
Matrix – Method, Environment, Access
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 63
All rights reserved
Development Staff
Quality Assurance
Issue Support Staff
Business End-User Access
Matrix – Method, Environment, Access
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 64
All rights reserved
32
35. Tuesday, September 04, 2012
Information Obfuscation
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all possible values
or permutations of data so full positive testing will also
require some level of fabricated data
4) Full regression testing will require a standardized test set
including the items above and is likely to be a combination of
fabricated and masked data
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 65
All rights reserved
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all possible values
or permutations of data so full positive testing will also
require some level of fabricated data
4) Full regression testing will require a standardized test set
including the items above and is likely to be a combination of
fabricated and masked data
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 66
All rights reserved
33
36. Tuesday, September 04, 2012
Information Obfuscation
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all possible values
or permutations of data so full positive testing will also
require some level of fabricated data
4) Full regression testing will require a standardized test set
including the items above and is likely to be a combination of
fabricated and masked data
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 67
All rights reserved
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
If your source data has already been cleansed, how would
3) Existing production data may not contain all possible values
youpermutations of data so full positive testing will also
test for exceptions (negative testing)?
or
require some level of fabricated data
Based on functional-requirements, negative tests should
4)be created for everything outside a standardized test set
Full regression testing will require expected ranges.
including the items above and is likely to be a combination of
fabricated and masked data
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 68
All rights reserved
34
37. Tuesday, September 04, 2012
Information Obfuscation
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all possible values
or permutations of data so full positive testing will also
require some level of fabricated data
4) Full regression testing will require a standardized test set
including the items above and is likely to be a combination of
fabricated and masked data
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 69
All rights reserved
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all possible values
or permutations of data so full positive testing will also
require some level of fabricated data
4) Full regression testing will require a standardized test set
including the items above and is likely to be a combination of
fabricated and masked data
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 70
All rights reserved
35
38. Tuesday, September 04, 2012
Information Obfuscation
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all possible values
or permutations of data so full positive and as regulations
As systems become more complex testing will also
require some level of fabricated datadata sets for situations
increase, functional tests require
4) Full regression testing will require a standardized test set
not yet present within the production data.
including the items above and is likely to be a combination of
fabricated and masked data
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 71
All rights reserved
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all possible values
or permutations of data so full positive testing will also
require some level of fabricated data
4) Full regression testing will require a standardized test set,
including the items above, and is likely to be a combination
of fabricated and masked data (de-identified records)
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 72
All rights reserved
36
39. Tuesday, September 04, 2012
Information Obfuscation
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all for source
Leverage test-datasets already created possible values
or permutations of data so full positive testing will also
systems.
require some level of fabricated data
4) Full regression testing will require a standardized test set,
including the items above, and is likely to be a combination
of fabricated and masked data (de-identified records)
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 73
All rights reserved
Governance
Data stewardship is a key success factor for good data
governance and in this case for good information
obfuscation.
No one person will be aware of every government
regulation, trade association guideline, business functional
requirement, or company policy.
Include representatives from data stewardship, security,
internal audit, and quality assurance teams in your solution
planning and project development teams.
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 74
All rights reserved
37
40. Tuesday, September 04, 2012
Information Obfuscation
Information Obfuscation Summary
1. Obfuscation occurs throughout the information lifecycle
not just in non-production environments
2. Everyone is responsible for protecting the corporate data
assets and the best data security tool is vigilance
3. Use a defined language to communicate who, what,
where, when, and how obfuscation will occur
4. Make Information Obfuscation part of your
organization’s business-as-usual (BAU) processes
5. Follow Michael Jay’s Data Masking Golden Rule
“Do unto your company’s corporate data assets as you
would have your banker, healthcare provider, or retailer
do unto your personal information.”
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 75
All rights reserved
Information Obfuscation Summary
1. Obfuscation occurs throughout the information lifecycle
not just in non-production environments
2. Everyone is responsible for protecting the corporate data
assets and the best data security tool is vigilance
3. Use a defined language to communicate who, what,
where, when, and how obfuscation will occur
4. Make Information Obfuscation part of your
organization’s business-as-usual (BAU) processes
5. Follow Michael Jay’s Data Masking Golden Rule
“Do unto your company’s corporate data assets as you
would have your banker, healthcare provider, or retailer
do unto your personal information.”
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 76
All rights reserved
38
41. Tuesday, September 04, 2012
Information Obfuscation
Information Obfuscation Summary
1. Obfuscation occurs throughout the information lifecycle
not just in non-production environments
2. Everyone is responsible for protecting the corporate data
assets and the best data security tool is vigilance
3. Use a defined language to communicate who, what,
where, when, and how obfuscation will occur
4. Make Information Obfuscation part of your
organization’s business-as-usual (BAU) processes
5. Follow Michael Jay’s Data Masking Golden Rule
“Do unto your company’s corporate data assets as you
would have your banker, healthcare provider, or retailer
do unto your personal information.”
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 77
All rights reserved
Information Obfuscation Summary
1. Obfuscation occurs throughout the information lifecycle
not just in non-production environments
2. Everyone is responsible for protecting the corporate data
assets and the best data security tool is vigilance
3. Use a defined language to communicate who, what,
where, when, and how obfuscation will occur
4. Make Information Obfuscation part of your
organization’s business-as-usual (BAU) processes
5. Follow Michael Jay’s Data Masking Golden Rule
“Do unto your company’s corporate data assets as you
would have your banker, healthcare provider, or retailer
do unto your personal information.”
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 78
All rights reserved
39
42. Tuesday, September 04, 2012
Information Obfuscation
Information Obfuscation Summary
1. Obfuscation occurs throughout the information lifecycle
not just in non-production environments
2. Everyone is responsible for protecting the corporate data
assets and the best data security tool is vigilance
3. Use a defined language to communicate who, what,
where, when, and how obfuscation will occur
4. Make Information Obfuscation part of your
organization’s business-as-usual (BAU) processes
5. Follow Michael Jay’s Data Masking Golden Rule
“Do unto your company’s corporate data assets as you
would have your banker, healthcare provider, or retailer
do unto your personal information.”
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 79
All rights reserved
Information Obfuscation Summary
1. Obfuscation occurs throughout the information lifecycle
not just in non-production environments
2. Everyone is responsible for protecting the corporate data
assets and the best data security tool is vigilance
3. Use a defined language to communicate who, what,
where, when, and how obfuscation will occur
4. Make Information Obfuscation part of your
organization’s business-as-usual (BAU) processes
5. Follow Michael Jay’s Data Masking Golden Rule
“Do unto your company’s corporate data-assets as you
would have your banker, healthcare provider, or retailer
do unto your personal information.”
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 80
All rights reserved
40
43. Tuesday, September 04, 2012
Information Obfuscation
Questions?
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 81
All rights reserved
Thank You!
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 82
All rights reserved
41
44. Tuesday, September 04, 2012
Information Obfuscation
Appendix
Reference Material
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer
Slide# 83
All rights reserved
Legal & Regulatory Alphabet Soup (Sampling)
GLBA – The Gramm–Leach–Bliley Act allowed consolidation
of commercial & investment banks, securities, & insurance co.
PPI – Nonpublic Personal Information - Financial
consumer’s personally identifiable information (see GLBA)
OCC – Office of the Controller of Currency regulates banks.
PCI – Payment Card Industry; defines Data Security Standard
(PCI DSS) processing, storage, or transmitting credit card info.
PHI – Patient Health Information - Dept of Health & Human
Services (“HHS”) Privacy Rule (see HIPAA).
PII – Personally Identifiable Information; used to uniquely
identify an individual. (Legal definitions vary by jurisdiction.)
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 84
All rights reserved
42
45. Tuesday, September 04, 2012
Information Obfuscation
Sample Cross Reference Chart
Data Point
Customer - The Fact That an Individual is a Customer **
First, or Last Name *; Mother's Maiden Name
Country, State, Or City Of Residence *
Telephone# (Home, Cell, Fax)
Birthday, Birthplace, Age, Gender, or Race *
++
Social Security#, Account#, Driver's License#, National ID
Passport#, Issuing Country
Credit Card Numbers, Expiration Date, Credit Card Security Code
Credit Card Purchase
Grades, Salary, or Job Position *
Vehicle Identifiers, Serial Numbers, License Plate Numbers
Email - Electronic Mail Addresses; IP Address, Web URLs
Biometric Identifiers, Face, Fingerprints, or Handwriting
Dates - All Elements of Dates (Except Year +)
Medical Record#, Genetic Information, Health Plan Beneficiary#
PCI
PII
PPI PHI
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
* More likely used in combination with other personal data
** GLBA regulation to fall into the “Restricted” classification
+ All elements of dates (including year) if age 90 or older
++ Varies by Jurisdiction
MJFreer@QualityBI.com
(954) 249-1530
Michael Jay Freer (MJFreer@Comcast.net)
(954) 2491530
Michael Jay Freer
Slide# 85
All rights reserved
43