Integrating internal controls, risk management, compliance, information security, and financial reporting can save money and increase effectiveness. Coordinating these areas through enterprise risk management helps align risk assessment, control monitoring, and assurance activities between departments. Using a common framework prevents duplicative work and helps ensure all risks are addressed.
Most of the money thrown at securing information systems misses the weak spots. Huge amounts are spent securing infrastructure while web applications are left exposed. It is a crisis that is largely ignored.
Software development teams, under pressure to deliver features and meet deadlines, often respond to concerns about the security of their web applications by commissioning a last-minute security assessment and then desperately attempt to address only the most glaring findings. They may even simply throw up a web application firewall to mitigate the threats. Such bolted-on solutions are not long-term answers to web application security.
Instead, we advocate a built-in approach. We will show that by weaving security into the software development life cycle, and using mature resources for security coding standards, toolkits and frameworks such as those from OWASP, development teams can consistently produce secure systems without dramatically increasing the development effort or cost.
This slide deck was most recently presented at a SPIN meeting in Cape Town In September 2012 by Paul and Theo from ThinkSmart (www.thinksmart.co.za).
For more information, contact Paul at ThinkSmart (dot see oh dot zed ay).
Reducing Risk And Cost In With A Linux Infrastructure Maturity AssessmentLinuxIT
The LIMA aims to establish the maturity of your current Linux environment in order to help your organisation develop it to a level which fits with your technical and business requirements.
RedLegg's unique approach to Security Program Development is based on a solid Risk Management Foundation. The Risk Management approach considers the business needs while navigating the complexities of legal, regulatory and security requirements.
What's New with Ivanti’s Enterprise Licensing Agreement?Ivanti
If you have or are considering any Ivanti Products, the Enterprise Licensing Agreement (ELA) is especially worth checking out. In this webinar we'll discuss the benefits of the ELA and the variations designed to fit any organization’s budgetary needs. You will also learn about new ELA options and additional education discounts.
Most of the money thrown at securing information systems misses the weak spots. Huge amounts are spent securing infrastructure while web applications are left exposed. It is a crisis that is largely ignored.
Software development teams, under pressure to deliver features and meet deadlines, often respond to concerns about the security of their web applications by commissioning a last-minute security assessment and then desperately attempt to address only the most glaring findings. They may even simply throw up a web application firewall to mitigate the threats. Such bolted-on solutions are not long-term answers to web application security.
Instead, we advocate a built-in approach. We will show that by weaving security into the software development life cycle, and using mature resources for security coding standards, toolkits and frameworks such as those from OWASP, development teams can consistently produce secure systems without dramatically increasing the development effort or cost.
This slide deck was most recently presented at a SPIN meeting in Cape Town In September 2012 by Paul and Theo from ThinkSmart (www.thinksmart.co.za).
For more information, contact Paul at ThinkSmart (dot see oh dot zed ay).
Reducing Risk And Cost In With A Linux Infrastructure Maturity AssessmentLinuxIT
The LIMA aims to establish the maturity of your current Linux environment in order to help your organisation develop it to a level which fits with your technical and business requirements.
RedLegg's unique approach to Security Program Development is based on a solid Risk Management Foundation. The Risk Management approach considers the business needs while navigating the complexities of legal, regulatory and security requirements.
What's New with Ivanti’s Enterprise Licensing Agreement?Ivanti
If you have or are considering any Ivanti Products, the Enterprise Licensing Agreement (ELA) is especially worth checking out. In this webinar we'll discuss the benefits of the ELA and the variations designed to fit any organization’s budgetary needs. You will also learn about new ELA options and additional education discounts.
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB
This webinar covers:
• How should Risk Assessment be successful by using ISO 27001 ISMS framework
• Using ISMS legal, physical and technical controls involved in an organization’s information risk management processes
• How companies can protect Personal Health Information (PHI), Payment Card Information (PCI) and Personally Identifiable Information (PII)
Presenter:
This session will be hosted by PECB Trainer Dr. Michael C. Redmond, CEO of Redmond Wordwide with extensive experience in Incident Response Programs.
Presentation I just finished creating for Denim Group, my clients new vulnerability management platform launch.. we\'ve gotten over 10 articles so far and several analyst quotes!
ControlCase covers the following:
- What is CMMC?
- Who does CMMC apply to?
What is the accreditation body (CMMC-AB)?
- What is a CMMC Third Party Organization (C3PAO)?
- What does CMMC mean for Cybersecurity?
- What are the CMMC certification levels?
- How often is CMMC needed?
- CMMC and NIST
- What is the CMMC Assessment process?
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Tripwire
Cyber security experts David Meltzer, Chief Research Officer at Tripwire; Tony Gore, CEO at Red Trident Inc.; and John Powell, Senior Critical Infrastructure Engineer at Red Trident Inc., discuss the practical 1-2-3 basics of industrial cyber security and how to get started automating asset management. Attendees will also learn how to build an effective strategy for protecting industrial assets – networks, endpoints and controllers.
Key Takeaways:
· Learn how to automate and simplify the inventory process and secure your assets
· Understand what cyber security standards may apply to your unique environment
· Hear real-world tips on how to prioritize and work across functional silos within your company
· Receive an industrial cyber security assessment checklist to help gauge your starting point
Rapid Risk Assessment: A New Approach to Risk ManagementEnergySec
Presented by: Andrew Plato, Anitian
Abstract: Understanding, managing and responding to risk is one of the core functions of any information security program. However, for many organizations risk assessment is cumbersome and time consuming process. IT leaders, as well as security regulations, are demanding risk management practices that can deliver quick and actionable results.
Rapid Risk Assessment is a new approach to risk management that dramatically reduces the time, effort, and complexity for IT security risk assessment. Using the existing principles of risk management defined in NIST 800-30 documents, Rapid Risk Assessment can deliver more actionable and reliable results empowering business leaders to make sound decisions about risk. The key to this approach is a unique combination of skills, organization, and documentation that accelerates every aspect of the risk management process.
This presentation shows why current risk management tactics are failing and how Rapid Risk Assessment can correct those deficiencies.
Its time to rethink everything a governance risk compliance primerEnclaveSecurity
Governance, Risk, & Compliance (GRC) is more than a catchy acronym – it is an approach to business culture. GRC is a three-legged stool that is necessary to effectively manage and steer the organization. This presentation will provide an introduction to GRC and discuss the collaboration and sharing of information, assessments, metrics, risks, policies, training, and losses across business roles and processes. GRC helps identify interrelationships in today’s complex and distributed business environment.
Dr. Benetis briefly presented how modern, real time and automated technology from Lumension (Risk & Compliance Manager) is used to audit and monitor level of security in Lithuania's public sector. Presentation showed real use cases how solution made security measurement easier and more efficient. Dr. Benetis is also a president of ISACA Lithuania chapter.
Organisations are realising seriouness of cybersecurity and searching for ways to manage and govern it. How to organise security initiatives? How to monitor their success? How to build trust in own risk management? How to develop compliance management as a simple, but efficient and helpful instrument for everyone in organisation? Presentation will touch on practicalities of risk and compliance methods integration, and overall strategy to minimise costs of risk and compliance initiatives by using Lumension Risk Manager platform for public and private institutions.
7 Mistakes of IT Security Compliance - and Steps to Avoid ThemSasha Nunke
This presentation describes seven typical IT security compliance errors and outlines the best practices you can immediately apply to your environment to help your company achieve compliance.
Learn more about how organizations prevented downtime with #BigFix in the wake of #wannacry. References and Use Cases along with a review of our BigFix Solution.
https://www.ibm.com/connect/ibm/ca-en/resources/tomjs/
In a growing firm, Human Resources is often trying to maintain order in an environment of chaos. From recruiting and onboarding through process management and cultural changes, HR is the department that experiences a company’s growing pains most acutely. But if HR is constantly putting out fires, how can your staff focus on its greater mission of serving the evolving workforce and strengthening the company?
This webinar will examine some of the troubling challenges, emerging trends and truly innovative ideas that are transforming HR today.
You will learn how innovative HR departments are managing:
Workload management challenges
Content management challenges
Access Management challenges
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
View on-demand recording: http://securityintelligence.com/events/bridging-the-gap-between-your-security-defenses-and-critical-data/
Many organizations are struggling with the growing gap between the vulnerability of critical data and security defenses. You need visibility at all times to prevent external and internal database breaches. Your organization can't lose sight of the importance of the integrity of your data, including unauthorized changes and suspicious activity.
You will learn how combining the industry-leading security intelligence capabilities of IBM QRadar Security Intelligence Platform with the robust data security capabilities of IBM Security Guardium data activity monitor, organizations can gain actionable insights to reduce security risks at all layers and boost compliance across the enterprise.
In this live webinar, Sally Fabian, IBM Data Security Technical Specialist, will discuss:
- Architecture and integration points
- Real-time alerts and reporting
- Vulnerability assessments according to your risk score
- Security intelligence event log collection and analytics
- Actionable insights from security events
Effective Internal Controls (Annotated) by @EricPesikEric Pesik
Instilling good governance and ensuring full compliance with an effective internal control program. Presented at Corruption and Compliance South & South East Asia Summit, September 2012, Hilton Hotel, Singapore.
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB
This webinar covers:
• How should Risk Assessment be successful by using ISO 27001 ISMS framework
• Using ISMS legal, physical and technical controls involved in an organization’s information risk management processes
• How companies can protect Personal Health Information (PHI), Payment Card Information (PCI) and Personally Identifiable Information (PII)
Presenter:
This session will be hosted by PECB Trainer Dr. Michael C. Redmond, CEO of Redmond Wordwide with extensive experience in Incident Response Programs.
Presentation I just finished creating for Denim Group, my clients new vulnerability management platform launch.. we\'ve gotten over 10 articles so far and several analyst quotes!
ControlCase covers the following:
- What is CMMC?
- Who does CMMC apply to?
What is the accreditation body (CMMC-AB)?
- What is a CMMC Third Party Organization (C3PAO)?
- What does CMMC mean for Cybersecurity?
- What are the CMMC certification levels?
- How often is CMMC needed?
- CMMC and NIST
- What is the CMMC Assessment process?
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Tripwire
Cyber security experts David Meltzer, Chief Research Officer at Tripwire; Tony Gore, CEO at Red Trident Inc.; and John Powell, Senior Critical Infrastructure Engineer at Red Trident Inc., discuss the practical 1-2-3 basics of industrial cyber security and how to get started automating asset management. Attendees will also learn how to build an effective strategy for protecting industrial assets – networks, endpoints and controllers.
Key Takeaways:
· Learn how to automate and simplify the inventory process and secure your assets
· Understand what cyber security standards may apply to your unique environment
· Hear real-world tips on how to prioritize and work across functional silos within your company
· Receive an industrial cyber security assessment checklist to help gauge your starting point
Rapid Risk Assessment: A New Approach to Risk ManagementEnergySec
Presented by: Andrew Plato, Anitian
Abstract: Understanding, managing and responding to risk is one of the core functions of any information security program. However, for many organizations risk assessment is cumbersome and time consuming process. IT leaders, as well as security regulations, are demanding risk management practices that can deliver quick and actionable results.
Rapid Risk Assessment is a new approach to risk management that dramatically reduces the time, effort, and complexity for IT security risk assessment. Using the existing principles of risk management defined in NIST 800-30 documents, Rapid Risk Assessment can deliver more actionable and reliable results empowering business leaders to make sound decisions about risk. The key to this approach is a unique combination of skills, organization, and documentation that accelerates every aspect of the risk management process.
This presentation shows why current risk management tactics are failing and how Rapid Risk Assessment can correct those deficiencies.
Its time to rethink everything a governance risk compliance primerEnclaveSecurity
Governance, Risk, & Compliance (GRC) is more than a catchy acronym – it is an approach to business culture. GRC is a three-legged stool that is necessary to effectively manage and steer the organization. This presentation will provide an introduction to GRC and discuss the collaboration and sharing of information, assessments, metrics, risks, policies, training, and losses across business roles and processes. GRC helps identify interrelationships in today’s complex and distributed business environment.
Dr. Benetis briefly presented how modern, real time and automated technology from Lumension (Risk & Compliance Manager) is used to audit and monitor level of security in Lithuania's public sector. Presentation showed real use cases how solution made security measurement easier and more efficient. Dr. Benetis is also a president of ISACA Lithuania chapter.
Organisations are realising seriouness of cybersecurity and searching for ways to manage and govern it. How to organise security initiatives? How to monitor their success? How to build trust in own risk management? How to develop compliance management as a simple, but efficient and helpful instrument for everyone in organisation? Presentation will touch on practicalities of risk and compliance methods integration, and overall strategy to minimise costs of risk and compliance initiatives by using Lumension Risk Manager platform for public and private institutions.
7 Mistakes of IT Security Compliance - and Steps to Avoid ThemSasha Nunke
This presentation describes seven typical IT security compliance errors and outlines the best practices you can immediately apply to your environment to help your company achieve compliance.
Learn more about how organizations prevented downtime with #BigFix in the wake of #wannacry. References and Use Cases along with a review of our BigFix Solution.
https://www.ibm.com/connect/ibm/ca-en/resources/tomjs/
In a growing firm, Human Resources is often trying to maintain order in an environment of chaos. From recruiting and onboarding through process management and cultural changes, HR is the department that experiences a company’s growing pains most acutely. But if HR is constantly putting out fires, how can your staff focus on its greater mission of serving the evolving workforce and strengthening the company?
This webinar will examine some of the troubling challenges, emerging trends and truly innovative ideas that are transforming HR today.
You will learn how innovative HR departments are managing:
Workload management challenges
Content management challenges
Access Management challenges
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
View on-demand recording: http://securityintelligence.com/events/bridging-the-gap-between-your-security-defenses-and-critical-data/
Many organizations are struggling with the growing gap between the vulnerability of critical data and security defenses. You need visibility at all times to prevent external and internal database breaches. Your organization can't lose sight of the importance of the integrity of your data, including unauthorized changes and suspicious activity.
You will learn how combining the industry-leading security intelligence capabilities of IBM QRadar Security Intelligence Platform with the robust data security capabilities of IBM Security Guardium data activity monitor, organizations can gain actionable insights to reduce security risks at all layers and boost compliance across the enterprise.
In this live webinar, Sally Fabian, IBM Data Security Technical Specialist, will discuss:
- Architecture and integration points
- Real-time alerts and reporting
- Vulnerability assessments according to your risk score
- Security intelligence event log collection and analytics
- Actionable insights from security events
Effective Internal Controls (Annotated) by @EricPesikEric Pesik
Instilling good governance and ensuring full compliance with an effective internal control program. Presented at Corruption and Compliance South & South East Asia Summit, September 2012, Hilton Hotel, Singapore.
Hanrick Curran Audit Training - Internal Controls - March 2013Matthew Green
Training delivered to assisting audit staff as part of their continuing professional development/education (CPE/CPD). Provided in a 60 minute session with substantial discussion and interaction.
Internal audit means a continuous critical review of financial and operating matters of a business. In other words, we can say that the audit of a business conducted by the business for a continuous basis. Internal audit is done by the internal staff appointed particularly for the audit purposes. These are called internal auditors.
Gain business insight with Continuous Controls MonitoringEmma Kelly
Audit, Risk and Compliance managers have both an obligation and an opportunity to help their companies manage the most critical risks the current environment has either created or magnified. Now more than ever, organizations need to transform internal controls testing process from a manual collection of evidence to fine-grained monitoring controls that track user access to sensitive functions / data, system configurations, master data and transactions in
business-critical systems.
Continuously monitoring your business in real-time with actionable insight visible on drill-down, modern, dynamic dashboards allows for completeness and accuracy as well as time-efficient, cost-effective risk management decisions.
In this session, you will learn how Continuous Monitoring together with effective controls can prevent business losses and reduce the cost of audits. We will share best practices and provide case studies of clients that have automated monitoring controls in business-critical applications such as Oracle E-Business Suite and Oracle Cloud ERP to prevent risks in significant business processes such as Procure-to-Pay, Order-to-Cash, Hire-to-Retire, and Financial Record-to-Report.
Join Oracle GRC pioneers Appssurance Founder and CEO Brian O’Neil and SafePaaS CEO Adil Khan.
Information technology sector has experienced a stupendous growth lately and the outlook looks positive with return of consumer confidence and renewal of business growth which is expected to drive IT spending going forward. India accounts for less than 5 per cent of global technology spending – tremendous untapped potential for growth of IT sector, in both core as well as emerging opportunities.
Keeping pace with growing momentum and corporate needs for better IT governance and compliance, we’re pleased to launch our IT Risk Advisory Services in addition to our existing bouquet of Risk advisory, Consulting, Training & Human Capital Services.
Information technology sector has experienced a stupendous growth lately and the outlook looks positive with return of consumer confidence and renewal of business growth which is expected to drive IT spending going forward. India accounts for less than 5 per cent of global technology spending – tremendous untapped potential for growth of IT sector, in both core as well as emerging opportunities.
Keeping pace with growing momentum and corporate needs for better IT governance and compliance, we’re pleased to launch our IT Risk Advisory Services in addition to our existing bouquet of Risk advisory, Consulting, Training & Human Capital Services.
Today’s security professionals and software developers not only have to do more in less time; they have to do it securely. This means mitigating risk and addressing compliance requirements in an environment where:
• The threat landscape continues to evolve.
• Application portfolios and their risk profiles continue to shift.
• Security tools are difficult to deploy, configure, and integrate into workflows.
• Consumption models continue to change.
How can your internal resources keep pace in this dynamic environment? Managed application security testing can be just the relief valve your organization needs. In this webinar, we’ll discuss the need for managed application security testing, the sweet spots where it offers maximum value, what you should look for in a managed application security testing provider, and highlights from Synopsys’ Managed Services offering.
Today’s security professionals and software developers not only have to do more in less time; they have to do it securely. This means mitigating risk and addressing compliance requirements in an environment where:
• The threat landscape continues to evolve.
• Application portfolios and their risk profiles continue to shift.
• Security tools are difficult to deploy, configure, and integrate into workflows.
• Consumption models continue to change.
How can your internal resources keep pace in this dynamic environment? Managed application security testing can be just the relief valve your organization needs. In this webinar, we’ll discuss the need for managed application security testing, the sweet spots where it offers maximum value, what you should look for in a managed application security testing provider, and highlights from Synopsys’ Managed Services offering.
For more information, please visit our website at https://www.synopsys.com/software-integrity/managed-services.html
This presentation was given at GRC Conference in Boston (October 2010) and explains the importance of measuring performance for real value. It goes into the world of metrics and balanced scorecards
Information technology is a complex business, at best. While IT can provide amazing benefits, it still requires vigilance and diligence to ensure it is running correctly and that it is secure. A security framework can be an excellent tool to evaluate what you might be missing and confirm that what you are already doing is spot-on correct. This session will discuss the importance of using security frameworks and walk attendees through the NIST Cyber Security Framework to review how the framework functions, how to use a framework, and most importantly, how the use of a framework can and will benefit their organization.
Lexcomply - ERM enables organizations to implement an Enterprise Risk management (ERM) & Internal Controls framework. Risk Manager captures information such as loss events, key risk indicators (KRIs), assessment responses and scenario analysis data in a flexible and connected way. Connecting the entire risk eco system including internal and external stakeholders, it allows Risk managers to analyse risk intelligence and communicate effectively.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Key Trends Shaping the Future of Infrastructure.pdf
Integrating Internal Controls
1. Integrating Internal
Controls
Save money and increase the effectiveness of internal
controls and risk management processes by
coordinating compliance, enterprise risk management,
privacy, information security, internal audit, and
financial reporting control assessment.
MOSS ADAMS LLP | 1
2. A TALE OF INEFFICIENCY. OR: WHY WE
CARE
o Performs and updates an IT security risk assessment
• Information Security Manager, Brian
o Designs and enforces IT policies and governance processes to ensure system security
o Tests the effectiveness of the information security management program (ISMS)
o Deals with constant requests from 4 different “audit”, “compliance”, or “security” stakeholders
• Network Security Engineer, Bill
o Ignores the various risk assessments, and just does what “he thinks is right”.
o Performs an annual risk assessment of the audit universe
• Internal Auditor, Mary
o Examines internal controls for design and operating effectiveness.
o Performs a risk assessment focused on financial reporting
• Financial Auditor, John
o Tests the operating effectiveness of key ICOFR controls
o Keeps up to date with changing regulations, and communicates new requirements throughout
• Compliance Manager, Sally
the organization
o Maintains a compliance management system to ensure that the organization is not breaking the
law
MOSS ADAMS LLP | 2
3. • Integrate your risk-
WHAT CAN I DO?
centric business
processes
Enterprise Risk Management
Risk Assessment Risk Management
o Get your colleagues
onboard
o Develop a Map
Assurance
o Create touchpoints
Control Design and Self Operating Effectiveness
between departments
Assessment Testing
o Crosswalk controls or
testing at key
touchpoints
Program Management
Compliance Information Security
MOSS ADAMS LLP | 3
4. THE GENERIC RISK MANAGEMENT CYCLE
Assess Risks
Perform
Implement Assessment
Improvements of Controls’
Design and
Operation
Report Results
MOSS ADAMS LLP | 4
5. • Internal Auditor, Mary: “You know Brian, I noticed that you are
WHAT DOES IT LOOK LIKE?
looking at new multi-factor authentication technologies for our
internet banking customers. I was thinking about doing an audit
to examine those controls.”
• Information Security Manager, Brian: “Interesting! That would
be great! I did a risk assessment last year, and identified that as
a key fraud risk.”
• Mary: “Let’s start by letting me evaluate your risk assessment as
I plan my audit.”
• Brian: “OK. Also, I map my risk assessment to ISO 27002
controls. Do you think you could report your audit against that
standard to help me evaluate risks more effectively?”
MOSS ADAMS LLP | 5
6. • The format is not critical.
WHAT IT LOOKS LIKE (CONTINUED)
• Just keep it simple, and manageable.
MOSS ADAMS LLP | 6
7. HOW WILL THIS IMPACT MY
• Watch out. The auditors will start to pay heed
INFORMATION SECURITY PROGRAM?
to your risk assessments, and will start to audit
the areas you are concerned about.
MOSS ADAMS LLP | 7
8. HOW WILL THIS IMPACT INTERNAL
• Your internal audit program will be challenged with
AUDITS?
new sources of information for risk assessment and
internal controls documentation.
• There may be messy conflicts of interest to be worked
out.
o This is a good sign that Internal Audit is valuable within your
organization.
• You do not need to rely only on your own judgment or a
simple survey as the only source to identify key risks in
the organization.
o Don’t let this be you:
How many Information Security pros does it take to change a light
bulb?
How many did it take last year?
MOSS ADAMS LLP | 8
9. SHARED RISK ASSESSMENTS?
Entity Audit Process Audit Dollar Operational Compliance Nature/ Strategic Last time
Total Volume Risk Risk Sensitivity Audited
Objective
Score
Information Technology 4.10 4.00 4.00 5.00 4.00 4.00 3.00
– Enterprise Applications
Accounting and Billing 4.30 4.00 5.00 4.00 5.00 3.00 4.00
Facilities 3.80 5.00 4.00 3.00 2.00 4.00 5.00
MOSS ADAMS LLP | 9
10. SHARE A CONTROL FRAMEWORK?
COSO
CobIT
ISO 27000/27002
•
NIST 800
•
PMBOK
•
CMMI
•
CIS
•
ITIL
•
PCI
•
Industry-Specific Compliance
•
•
Do we pick one, or do we integrate several?
•
MOSS ADAMS LLP | 10
11. THE COSO INTERNAL CONTROL MODEL
MONITORING:
throughout
CONTROL
ACTIVITIES:
processes, procedures,
safeguards, access security,
authorization
RISK ASSESSMENT:
identify, prioritize, mitigate risks;
ongoing;
wide participation
CONTROL ENVIRONMENT:
tone at the top, infrastructure, compliance;
culture: integrity and competence of people
MOSS ADAMS LLP | 11
Adapted from Committee of Sponsoring Organizations of the Treadway Commission (COSO)
12. • Code of Practice for Information Security
ISO 27002
Management
• Divides IT Security into 11 Categories (Domains)
• Defines key controls over specific sub-categories
• Defines implementation guidance for each key
control
• 39 Control Objectives with 139 Controls
• Control objectives are generic functional
requirement specifications for an organization’s
information and information system security
management control architecture
MOSS ADAMS LLP | 12
13. • NIST offers security guidance in many areas
NIST
• Special Publications 800 Series
• Useful high level governance standards and
practices
• Practically every IT security subject is covered
here
• Written for the Federal Government but very
useful for any organization
MOSS ADAMS LLP | 13
15. • Value of IT, Risk, and Control
COBIT
• Links IT service delivery to business requirements
(already defined, right?)
• A lifecycle; constantly adapting, improving, re-
adapting
• Four Responsibility Domains:
o Plan and Organize (PO)
o Acquire and Implement (AI)
o Deliver and Support (DS)
o Monitor and Evaluate (ME)
• Make a grocery list of needs and then go shopping
MOSS ADAMS LLP | 15
16. • CIS Benchmarks provide guidelines for operating
CENTER FOR INTERNET SECURITY (CIS)
systems and databases;
• User originated, widely accepted, and reflect the
consensus of expert users worldwide;
• Compliance with these benchmarks will reduce
findings and lead to more secure computing
platforms
• Some benchmarks include :
Windows Server
Solaris
o
Oracle
o
Exchange
o
o
MOSS ADAMS LLP | 16
17. • When you don’t have a good understanding of
ITIL - PROCESS MODELING
“what right looks like”
• Models most “Industry Standard” information and
information system technology processes
• When in doubt “check it out and test it out”
Maps to COBIT
Complimentary to NIST and ISO
o
Helps to provide a starting place
o
Caution - can be complicated
o
o
MOSS ADAMS LLP | 17
18. CAPABILITY MATURITY
UNRELIABLE INFORMAL STANDARDIZED MONITORED OPTIMIZED
Level 1 – Unreliable Level 2 – Informal Level 3 – Level 4 – Monitored Level 5 – Optimized
Standardized
Unpredictable Disclosure activities Standardized controls An integrated internal
environment where and controls are Control activities are with periodic testing control framework
control activities are designed and designed and in place. for effective design with
not designed in place. and operation with real-time monitoring
Control activities have
or in place. reporting to by management
Controls are been documented and
management. with continuous
not adequately communicated to
improvement
documented; employees. Automation and tools
(Enterprise-Wide Risk
controls mostly may be used in a
Deviations from control Management).
dependent on limited way to support
activities will likely not be
people. control activities.
detected.
No formal training
or communication
of control activities.
MOSS ADAMS LLP | 18
19. CONCLUDING ON THE FRAMEWORKS
• Don’t spend all your time mapping
• Use what works
• Focus on the ‘key’ controls for your
organization
• Focus on the risk assessment process first
MOSS ADAMS LLP | 19
20. WHAT SOFTWARE SHOULD I BUY?
• Microsoft Excel
• Enterprise-grade GRC software
• Online internal control and risk management
packages
MOSS ADAMS LLP | 20
21. CONCLUDING
• In organizations where multiple groups have
responsibilities for enterprise risk, internal
control, information security, compliance:
o Team up
o Create touch points
Risk Assessment
Testing
Controls documentation
o Use the tools, don’t let them use you
MOSS ADAMS LLP | 21