An example of how the staff training on information security, data protection and privacy (IS/DPP) could look.
This part is on the acceptable use of the companies (and sometimes also own) means. Each company should add what is appropriate for it.
The slides come with notes that in short explain the visuals on the slides.
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security PitfallsDaniel Rivas
T security has become more of a concern to organizations big and small. Major security breaches or hacks are frequently reported in the media, and for every reported hack, dozens more are unreported. Small and medium-sized nonprofits are not immune to potential security breaches. Many nonprofit leaders consider the work they do of little or no value to hackers, since they’re not a bank or major retailer. Hackers prey on this naïve perception.
If you’re storing and working with data regarding members, donors, volunteers, clients or patrons, or credit cards, you could be at risk. Any breach could have severe ramifications, including loss of trust among your community or possible financial penalties.
Bad IT habits and practices make smaller nonprofits prime targets for hackers. Management, IT controls, and procedures introduce security risks to the organization. Hackers know that most small and medium-sized nonprofits don’t have the financial capacity or technical resources to implement security controls rivaling those of large organizations. Still, there are some basic sound IT practices and controls that can be put in place to provide a comfortable measure of control.
We’ll walk through the seven commonly-found bad habits and consider the potential IT security risk within each practice. We’ll also discuss effective IT policies, procedures, and tools to minimize security risks and transform bad habits into good ones.
This session is appropriate for any small or medium-sized nonprofit staff member responsible for making technology decisions, as well as nonprofit leaders influencing IT operations.
Open Source Intelligence Gathering (OSINT) is growing in popularity among attackers and defenders alike. When an attacker comes knocking on your network's front door, the warning lights go off in multiple systems (IDS, IPS, SIEM, WAF). More sophisticated attackers, however, spend considerable time gathering information using tools and techniques that never touch any of your systems. As a result, these attackers are able to execute their attacks and make off with proprietary data before you even know they are there. This presentation provides an introduction to many OSINT tools and techniques, as well as methods you can use to minimize your exposure.
An example of how the staff training on information security, data protection and privacy (IS/DPP) could look.
This part is on data classification, drilling a bit deeper into confidentiality, integrity, availability (=CIA), privacy (=CAPI), traceability, and retention (=PATRIC), to be amended to meet the specific organisation's setup.
The slides come with notes that in short explain the visuals on the slides.
An Ounce of Prevention is Worth a Pound of Cure: Key Elements for Social Medi...lorrainefleck
Social media has revolutionized how all organizations, including charities and non-profits, can promote their brands. While social media presents a novel marketing channel for charities and non-profits, as with any innovation, there are risks. This presentation will address and provide practical tips on risk management in social media by addressing the following questions.
(1) Why do social media policies matter?
(2) What issues should a social media policy address, and why?
(3) Is it possible to use social media to promote your charity or non-profit without being “anti-social”?
Cybersecurity has become an important issue for today's businesses. This presentation will review current scams and fraud, how to develop a plan to keep your business safe and secure, tips and resources.
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security PitfallsDaniel Rivas
T security has become more of a concern to organizations big and small. Major security breaches or hacks are frequently reported in the media, and for every reported hack, dozens more are unreported. Small and medium-sized nonprofits are not immune to potential security breaches. Many nonprofit leaders consider the work they do of little or no value to hackers, since they’re not a bank or major retailer. Hackers prey on this naïve perception.
If you’re storing and working with data regarding members, donors, volunteers, clients or patrons, or credit cards, you could be at risk. Any breach could have severe ramifications, including loss of trust among your community or possible financial penalties.
Bad IT habits and practices make smaller nonprofits prime targets for hackers. Management, IT controls, and procedures introduce security risks to the organization. Hackers know that most small and medium-sized nonprofits don’t have the financial capacity or technical resources to implement security controls rivaling those of large organizations. Still, there are some basic sound IT practices and controls that can be put in place to provide a comfortable measure of control.
We’ll walk through the seven commonly-found bad habits and consider the potential IT security risk within each practice. We’ll also discuss effective IT policies, procedures, and tools to minimize security risks and transform bad habits into good ones.
This session is appropriate for any small or medium-sized nonprofit staff member responsible for making technology decisions, as well as nonprofit leaders influencing IT operations.
Open Source Intelligence Gathering (OSINT) is growing in popularity among attackers and defenders alike. When an attacker comes knocking on your network's front door, the warning lights go off in multiple systems (IDS, IPS, SIEM, WAF). More sophisticated attackers, however, spend considerable time gathering information using tools and techniques that never touch any of your systems. As a result, these attackers are able to execute their attacks and make off with proprietary data before you even know they are there. This presentation provides an introduction to many OSINT tools and techniques, as well as methods you can use to minimize your exposure.
An example of how the staff training on information security, data protection and privacy (IS/DPP) could look.
This part is on data classification, drilling a bit deeper into confidentiality, integrity, availability (=CIA), privacy (=CAPI), traceability, and retention (=PATRIC), to be amended to meet the specific organisation's setup.
The slides come with notes that in short explain the visuals on the slides.
An Ounce of Prevention is Worth a Pound of Cure: Key Elements for Social Medi...lorrainefleck
Social media has revolutionized how all organizations, including charities and non-profits, can promote their brands. While social media presents a novel marketing channel for charities and non-profits, as with any innovation, there are risks. This presentation will address and provide practical tips on risk management in social media by addressing the following questions.
(1) Why do social media policies matter?
(2) What issues should a social media policy address, and why?
(3) Is it possible to use social media to promote your charity or non-profit without being “anti-social”?
Cybersecurity has become an important issue for today's businesses. This presentation will review current scams and fraud, how to develop a plan to keep your business safe and secure, tips and resources.
10 Tips to Strengthen Your Insider Threat Program Dtex Systems
Insider threats are notoriously difficult to fight, but there are some simple things you can do to build a stronger, more bulletproof insider threat program. Here are our top 10 tips to consider.
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
Open Source Intelligence Gathering (OSINT) is growing in popularity among attackers and defenders alike. When an attacker comes knocking on your network's front door, the warning lights go off in multiple systems (IDS, IPS, SIEM, WAF). More sophisticated attackers, however, spend considerable time gathering information using tools and techniques that never touch any of your systems. As a result, these attackers are able to execute their attacks and make off with proprietary data before you even know they are there. This presentation provides an introduction to many OSINT tools and techniques, as well as methods you can use to minimize your exposure.
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
Agenda:
What are mobile devices?
Mobile device threads
BYOD
BYOD Pros and Cons
4 Steps to design BYOD:
BYOD Strategy
Mobile Hacking techniques demo:
Android Phone
Mobile Application Security
Laptop
Pendrives
BYOD or BYOA
How to Secure the data storages and transportation
App rejection on the App Store is very common and most of the reasons are trivial if the developer is aware. We bring you the top reasons why your app might be rejected.
This is a good point of reference to take into consideration before planning out an app's functionality or before submitting an app to the App Store.
There might be other reasons why your app is rejected by Apple, more specific to the app's use cases and functionality. But we can always help with that if needed.
Micheal Green - JustTech
Mary O'Shaughnessy - Her Justice
Sart Rowe - LSNTAP
In this webinar we look at what phishing is, how it impacts legal aid organizations, and how to take steps to reduce the likelihood and impact of getting hit with an attack.
Building a Mobile App Pen Testing BlueprintNowSecure
Mobile penetration testing helps uncover app exploits and vulnerabilities and is a crucial component of risk assessment. However, many people fear the complexity and don’t know where to get started.
It all begins with a solid plan of attack. NowSecure veterans of hundreds of mobile app pen tests will walk you through the process of assembling a pen testing playbook to hack your app.
This webinar covers:
+Tips and tricks for targeting common issues
+The best tools for the job
+How to document findings to close the loop on vulnerabilities.
5 ways to enhance your business using ai venkat k - mediumusmsystem
Artificial intelligence (AI) is fast becoming a competitive tool in business. Companies have been discussing the pros and cons of AI in the past. From enhanced chatbots to customer service to data analytics to recommendations, deep learning and artificial intelligence are seen as an important tool for business leaders in their many forms.
Gegevensbescherming-clausule in (overheids)opdrachtTommy Vandepitte
Voorbeeld van een Nederlandstalige clausule die in een overheidsopdracht of Request for Proposal (RFP) kan worden ingesloten om alle verschillende mogelijke samenwerkingsvormen (joint controller, controller-to-controller of controller-to-processor) af te dekken of dat althans te pogen.
10 Tips to Strengthen Your Insider Threat Program Dtex Systems
Insider threats are notoriously difficult to fight, but there are some simple things you can do to build a stronger, more bulletproof insider threat program. Here are our top 10 tips to consider.
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
Open Source Intelligence Gathering (OSINT) is growing in popularity among attackers and defenders alike. When an attacker comes knocking on your network's front door, the warning lights go off in multiple systems (IDS, IPS, SIEM, WAF). More sophisticated attackers, however, spend considerable time gathering information using tools and techniques that never touch any of your systems. As a result, these attackers are able to execute their attacks and make off with proprietary data before you even know they are there. This presentation provides an introduction to many OSINT tools and techniques, as well as methods you can use to minimize your exposure.
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
Agenda:
What are mobile devices?
Mobile device threads
BYOD
BYOD Pros and Cons
4 Steps to design BYOD:
BYOD Strategy
Mobile Hacking techniques demo:
Android Phone
Mobile Application Security
Laptop
Pendrives
BYOD or BYOA
How to Secure the data storages and transportation
App rejection on the App Store is very common and most of the reasons are trivial if the developer is aware. We bring you the top reasons why your app might be rejected.
This is a good point of reference to take into consideration before planning out an app's functionality or before submitting an app to the App Store.
There might be other reasons why your app is rejected by Apple, more specific to the app's use cases and functionality. But we can always help with that if needed.
Micheal Green - JustTech
Mary O'Shaughnessy - Her Justice
Sart Rowe - LSNTAP
In this webinar we look at what phishing is, how it impacts legal aid organizations, and how to take steps to reduce the likelihood and impact of getting hit with an attack.
Building a Mobile App Pen Testing BlueprintNowSecure
Mobile penetration testing helps uncover app exploits and vulnerabilities and is a crucial component of risk assessment. However, many people fear the complexity and don’t know where to get started.
It all begins with a solid plan of attack. NowSecure veterans of hundreds of mobile app pen tests will walk you through the process of assembling a pen testing playbook to hack your app.
This webinar covers:
+Tips and tricks for targeting common issues
+The best tools for the job
+How to document findings to close the loop on vulnerabilities.
5 ways to enhance your business using ai venkat k - mediumusmsystem
Artificial intelligence (AI) is fast becoming a competitive tool in business. Companies have been discussing the pros and cons of AI in the past. From enhanced chatbots to customer service to data analytics to recommendations, deep learning and artificial intelligence are seen as an important tool for business leaders in their many forms.
Gegevensbescherming-clausule in (overheids)opdrachtTommy Vandepitte
Voorbeeld van een Nederlandstalige clausule die in een overheidsopdracht of Request for Proposal (RFP) kan worden ingesloten om alle verschillende mogelijke samenwerkingsvormen (joint controller, controller-to-controller of controller-to-processor) af te dekken of dat althans te pogen.
20190131 - Presentation Q&A on legislation's influence (on travel management)Tommy Vandepitte
Presentation given at the event organised by ACTE and BATM on 31 January 2019 addressing a few questions on the payments legislation that are relevant for travel and expense manager.
A presentation given at the legal hackers meetup of 19 June 2018 on common issues with controller-to-processor agreements aka "data processor agreement" (DPA). We revisit the distinction controller v processor. We then look at the directly applicable duties for processors, which do not need to be inserted in a contract. Finally we look at the different mandatory and "forgotten" components of the agreement.
De slides van een presentatie voor makelaars in de verzekeringssector. Gepresenteerd op 12 juni 2018 voor de Kempische Verzekeringskring (https://www.kempischeverzekeringskring.be/activiteit/gdpr-wat-u-als-makelaar-nog-niet-wist/).
As the last speaker on the day after the Data Protection Day, I tried a different approach to the story of data protection and information security. I assembles a selection of movies, series, books (fiction and non-fiction) and games that any staff member should be able to go through themselves - as they please and at their own rhythm - and piece by piece learn about data protection and information security. In a way they can cultivate their own data protection awareness.
Presentation given on the experience of privacy design labs on the LSEC Belgium GDPR event of 30 November 2017.
Event page: https://www.leadersinsecurity.org/events-old/icalrepeat.detail/2017/11/30/186/-/gdpr-plan-to-be-ready-prepare-to-set-change-to-go-session-3-privacy-impact-assessment-scenario-planning-data-loss-management.html?filter_reset=1
Privacy Design lab page: https://sites.google.com/site/pbd20171106
Example of a privacy design jam by Facebook (Berlin 2017) : https://www.facebook.com/facebookbrussels/videos/1419793831400471/
Hoe breng je de nieuwigheden van de Algemene Gegevensbeschermingsverordening (AGV) of General Data Protection Regulation (GDPR) aan bij jouw stad of gemeente? Dit is een voorbeeld van slidedeck.
This is an example of a deck for the decision makers (generally the board of directors) to first explain that data protection is a (reputational, legal, operational) risk that - like any other business risk needs to be managed. Then it allows for some explanation of the status of data protection (law) and the main novelties under the GDPR. It then highlights the main changes required in project mode and (later on, after the handover) in business-as-usual mode.
Extra reference to the Vlerick reference (because published after the publication of this slide deck): http://www.vlerick.com/en/programmes/management-programmes/digital-transformation/digital-transformation-insights/insight-1)
An example of how the staff training on information security, data protection and privacy (IS/DPP) could look.
This part is on an aspect that overarches all previous ones: monitoring. It touches on both perspectives of staff involvement:
- staff works with the data, processes it, etc. and thus is the agent of the company
- the company, to show accountability, should set up a balanced way of controlling the staff, which per se involves processing personal data of the staff members
The slides come with notes that in short explain the visuals on the slides.
An example of how the staff training on information security, data protection and privacy (IS/DPP) could look.
This part is on incident management. How should staff react? How can an incident be effectively escalated?
The slides come with notes that in short explain the visuals on the slides.
An example of how the staff training on information security, data protection and privacy (IS/DPP) could look.
The part focusses on authentication, and more particularly on passwords.
The slides come with notes that in short explain the visuals on the slides.
An example of how the staff training on information security, data protection and privacy (IS/DPP) could look.
This part is on authorization and access rights, focussing on the staff's part in that.
The slides come with notes that in short explain the visuals on the slides.
An example of how the staff training on information security, data protection and privacy (IS/DPP) could look.
This part is on the concept of data, reasons for protecting data, personal data and data processing.
The slides come with notes that in short explain the visuals on the slides.
An example of how the staff training on information security, data protection and privacy (IS/DPP) could look.
This part is on the reason why we should live up to the rules of IS/DPP, from a "negative" perspective (what do we want to avoid?) and from a "positive" perspective (what do we want to accomplish?).
The slides come with notes that in short explain the visuals on the slides.
An example of how the staff training on information security, data protection and privacy (IS/DPP) could look.
This is an introduction explaining
- the difference between information security, data protection and privacy,
- the need and usefulness for staff engagement
The slides come with notes that in short explain the visuals on the slides.
This is an example training in the context of IS/DPP, information security, data protection and privacy.
It is a training directed to procurement officers and outsourcing managers.
The generic idea is that procurement officers and outsourcing managers support the inventory and overview of the company or group on third party relationships. By a well implemented governance through procurement officers and outsourcing managers it should be easier to upkeep the overview through the existing processes of managing (most) third party relationships, thus increasing ownership and awareness of information security and privacy.
This is an example training in the context of IS/DPP, information security, data protection and privacy.
It is a training directed to IAOs, information assets owners.
The generic idea is that IAOs support the inventory and overview of the company or group on information assets (which can, but don't per se have to include personal data). By a well implemented governance through IAOs it should be easier to upkeep the overview close to the actual users, thus increasing ownership and awareness of information security and privacy.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
2. 2
- Internal - Page
Purpose Driven
Respect the purpose-bound
nature of Information Assets,
applications, devices, access
rights,…
Professional use. No private
use. No “private interest”
snooping.
Need-to-know. Do you really
need it to perform your job?
Specific purpose: e.g. fraud
prevention is not to be re-
used for marketing.
5. 5
- Internal - Page
Internet
Do not use internet-based applications
for the manipulation or storage of
confidential data, unless you have an
exception approval of the ISO or DPO.
6. 6
- Internal - Page
Internet
Do not use internet-based applications
for the manipulation or storage of
confidential data, unless you have an
exception approval of the ISO or DPO.
Do not visit inappropriate
websites on the internet.
For private use of the internet,
you should use the computers in
the cafeteria.
Only download and install
applications from the internet
with the approval of IT.
8. 8
- Internal - Page
Key Takeaways
Respect the purpose-bound nature of
(information) assets.
Write nicely.
Don’t use internet-based applications with
confidential data.
Be careful on social media.
30 sec IS/DPP survival kit
WrapUp
Editor's Notes
Welcome to the sixth part of the baseline training IS/DPP.
Herein we look at overarching requirement of accaptable use of the data, your access rights, the devices, etc.
Some aspects are already covered in the different layers.
Herein we focus on a few things that were not addressed yet.
You should always be aware of and respect the purpose bound nature of the data, the applications, devices, access rights,…
That applies on three levels: You should use the data, the applications, devices, access rights,…
only for professional purposes;
only to perform your specific function / role / task; and
only for the specific purpose it can be used for.
That also means that you should only give access to people that have a need-to-know and are authorized.
If you put data on the intranet, sharepoint, or servers, or pass it on to colleagues or third parties,
YOU must ensure that the access rights are properly limited.
If you insert information in the ABC Group systems you should also write “nicely”. That means:
that should it be requested or required, we can show it without having to redact it;
as much as possible, write objectively and include the source;
If you include an opinion, indicate that it is an opinion;
do not include medical data or judicial data, unless there is a (general) sign-off of the DPO.
Do not use internet-based applications like dropbox for the manipulation or storage of confidential data, unless you have an exception approval of the ISO or DPO.
Do not visit inappropriate websites on the internet.
For private use of the internet, you should use the computers in the cafeteria.
Only download and install applications from the internet with the approval of IT.
Be careful on social media. The world is watching.
That entails:
do not discuss (confidential) ABC Group business on social media, not even with customers;
If you refer to ABC Group (marketing) actions, make a hyperlink to the official communication;
…
That is it for this section. Here are a few key takeaways.
