What is ISO 27005? How is an ISO 27005 Risk Assessment done effectively? Find out in this presentation delivered at the ISACA Bangalore Chapter Office by Dharshan Shanthamurthy.
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Improve Cybersecurity posture by using ISO/IEC 27032PECB
Cybersecurity is a universal concern across today’s enterprise and the need for strategic approach is required for appropriate mitigation.
Adopting ISO 27032 will help to:
• Understanding the nature of Cyberspace and Cybersecurity
• Explore Cybersecurity Ecosystem – Roles & Responsibilities
• Achieve Cyber Resilience through implementing defensive and detective cybersecurity controls
Presenter:
Obadare Peter Adewale is a first generation and visionary cyberpreneur. He is a PECB certified Trainer, Fellow Chartered Information Technology Professional, the First Licensed Penetration Tester in Nigeria, second COBIT 5 Assessor in Africa and PCI DSS QSA. He is also an alumnus of Harvard Business School and MIT Sloan School of Management Executive Education.
Link of the recorded session published on YouTube: https://youtu.be/NX5RMGOcyBM
Jonathan Pollet and Mark Heard of Red Tiger Security at S4x15 OTDay.
The NIST Cybersecurity Framework (CSF) has been out for a year now, and some owner/operators have begun to use it to help create an ICS cyber security program. The Red Tiger Security team discusses what the CSF is and there experience in using it with real world clients.
PECB Webinar: Risk Treatment according to ISO 27005PECB
Summary:
Risk management is a trade-off between risks and costs. Risk treatment is no doubt essential for any business or individual to survive. ISO 27005 elaborates different methods on treating risk related to information security, which help organizations to mitigate risks. In this free PECB International webinar, the following areas will be covered:
• Risk treatment option
• Risk treatment plan
• Evaluation of residual risk
Presenter:
This webinar will be presented by Mohamad Khachab, an independent consultant and a managing partner of ICS SARL, a boutique management consulting, recruiting, and training firm in Lebanon. Khachab has a wide range of information risk management and IT procurement skills earned through more than 30 years of experience in the US and Middle East. Khachab has been performing consulting assignments since the late 80's (KPMG, AIC, ADETEF, Nielsen, World Bank, ITCILO, etc.). He has established a strong reputation and proven record of delivering benefits to clients by teaching information risk management and MIS to businesses and universities.
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Improve Cybersecurity posture by using ISO/IEC 27032PECB
Cybersecurity is a universal concern across today’s enterprise and the need for strategic approach is required for appropriate mitigation.
Adopting ISO 27032 will help to:
• Understanding the nature of Cyberspace and Cybersecurity
• Explore Cybersecurity Ecosystem – Roles & Responsibilities
• Achieve Cyber Resilience through implementing defensive and detective cybersecurity controls
Presenter:
Obadare Peter Adewale is a first generation and visionary cyberpreneur. He is a PECB certified Trainer, Fellow Chartered Information Technology Professional, the First Licensed Penetration Tester in Nigeria, second COBIT 5 Assessor in Africa and PCI DSS QSA. He is also an alumnus of Harvard Business School and MIT Sloan School of Management Executive Education.
Link of the recorded session published on YouTube: https://youtu.be/NX5RMGOcyBM
Jonathan Pollet and Mark Heard of Red Tiger Security at S4x15 OTDay.
The NIST Cybersecurity Framework (CSF) has been out for a year now, and some owner/operators have begun to use it to help create an ICS cyber security program. The Red Tiger Security team discusses what the CSF is and there experience in using it with real world clients.
PECB Webinar: Risk Treatment according to ISO 27005PECB
Summary:
Risk management is a trade-off between risks and costs. Risk treatment is no doubt essential for any business or individual to survive. ISO 27005 elaborates different methods on treating risk related to information security, which help organizations to mitigate risks. In this free PECB International webinar, the following areas will be covered:
• Risk treatment option
• Risk treatment plan
• Evaluation of residual risk
Presenter:
This webinar will be presented by Mohamad Khachab, an independent consultant and a managing partner of ICS SARL, a boutique management consulting, recruiting, and training firm in Lebanon. Khachab has a wide range of information risk management and IT procurement skills earned through more than 30 years of experience in the US and Middle East. Khachab has been performing consulting assignments since the late 80's (KPMG, AIC, ADETEF, Nielsen, World Bank, ITCILO, etc.). He has established a strong reputation and proven record of delivering benefits to clients by teaching information risk management and MIS to businesses and universities.
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
Cyber Security is one of the major challenges facing organisations within all industries. This presentation will examine the integration of an Enterprise Architecture approach with an Enterprise Security Architecture approach (TOGAF and SABSA) and propose a generic framework.
Download this presentation at http://opengroup.co.za/presentations
Information Security between Best Practices and ISO StandardsPECB
Main points covered:
• Information Security best practices (ESA, COBIT, ITIL, Resilia)
• NIST security publications (NIST 800-53)
• ISO standards for information security (ISO 20000 and ISO 27000 series)
- Information Security Management in ISO 20000
- ISO 27001, ISO 27002 and ISO 27005
• What is best for me: Information Security Best Practices or ISO standards?
Presenter:
This webinar was presented by Mohamed Gohar. Mr.Gohar has more than 10 years of experience in ISM/ITSM Training and Consultation. He is one of the expert reviewers of CISA RM 26th edition (2016), ISM Senior Trainer/Consultant at EGYBYTE.
Link of the recorded session published on YouTube: https://youtu.be/eKYR2BG_MYU
The underlying premise of enterprise risk management is that the Company exists to provide value for its stakeholders – customers, employees, and shareholders. Like any business, every Company faces some uncertainty, and the challenge for management is to determine how much uncertainty to accept as it strives to grow stakeholder value. Uncertainty presents both risk and opportunity, with the potential to erode or enhance value. Enterprise risk management enables senior management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value. Value is maximized when management sets strategy and objectives to strike an optimal balance between growth and return goals and related risks, and efficiently and effectively deploys resources in pursuit of the entity’s objectives. These capabilities inherent in enterprise risk management help management achieve the Company’s performance and profitability targets, and minimize loss of resources. Enterprise risk management helps ensure effective reporting and compliance with laws and regulations, and helps avoid damage to the Company’s reputation and associated consequences. In sum, enterprise risk management helps the Company get to where it wants to go and avoid pitfalls and surprises along the way. Enterprise risk management encompasses:
• Aligning Risk Appetite and Strategy
• Enhancing Risk Response Decisions
• Reducing Operational Surprises and Losses
• Identifying and Managing Multiple and Cross-Enterprise Risks
• Seizing Opportunities
• Improving Deployment of Capital
• Leveraging Talent, Structure, Process, and Capital
2022 Webinar - ISO 27001 Certification.pdfControlCase
ControlCase Introduction
What is ISO 27001?
What is ISO 27002?
What is ISO 27701, ISO 27017, & ISO 27018?
What is an ISMS?
What is ISO 27001 Certification?
Who Needs ISO 27001?
What is Covered in ISO 27001?
How Many Controls in ISO 27001?
What is the ISO 27001 Certification Process?
How Often Do You Need ISO 27001 Certification?
What are the Challenges to ISO 27001 Compliance?
Why ControlCase?
The Cybersecurity Risk Management Framework Strategy for Defense Platform Systems course prepares command leadership to implement the National Institute of Standards and Technology’s (NIST) cybersecurity Risk Management Framework (RMF) from a Platform Information Technology (PIT) perspective.
This one-day workshop reviews the five functions of cybersecurity that leadership must consider when making decisions about program resources and requirements.
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.
While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
This session intends to address business risks related to the use of IT, looking at industry standards, frameworks and best practices, as well as focusing on real world examples and specific plans on how to implement IT Risk Management on every level of your company.
Presentation for March 2017 webcast by NIST.
www.nist.gov/cyberframework
Webcast video: https://www.nist.gov/news-events/events/2017/03/cybersecurity-framework-virtual-events
This presentation introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). It provides a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). It covers potential benefits of Framework, and how the Framework can be used. It highlights industry resources, progress in Roadmap areas, and future direction of the Framework program.
Presentation från GRC 2014 den 15 maj. Kontakta gärna talaren om du har några frågor. Hela schemat för eventet hittar du här: http://www.transcendentgroup.com/sv/har-har-du-hela-schemat-for-grc-2014/
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
Cyber Security is one of the major challenges facing organisations within all industries. This presentation will examine the integration of an Enterprise Architecture approach with an Enterprise Security Architecture approach (TOGAF and SABSA) and propose a generic framework.
Download this presentation at http://opengroup.co.za/presentations
Information Security between Best Practices and ISO StandardsPECB
Main points covered:
• Information Security best practices (ESA, COBIT, ITIL, Resilia)
• NIST security publications (NIST 800-53)
• ISO standards for information security (ISO 20000 and ISO 27000 series)
- Information Security Management in ISO 20000
- ISO 27001, ISO 27002 and ISO 27005
• What is best for me: Information Security Best Practices or ISO standards?
Presenter:
This webinar was presented by Mohamed Gohar. Mr.Gohar has more than 10 years of experience in ISM/ITSM Training and Consultation. He is one of the expert reviewers of CISA RM 26th edition (2016), ISM Senior Trainer/Consultant at EGYBYTE.
Link of the recorded session published on YouTube: https://youtu.be/eKYR2BG_MYU
The underlying premise of enterprise risk management is that the Company exists to provide value for its stakeholders – customers, employees, and shareholders. Like any business, every Company faces some uncertainty, and the challenge for management is to determine how much uncertainty to accept as it strives to grow stakeholder value. Uncertainty presents both risk and opportunity, with the potential to erode or enhance value. Enterprise risk management enables senior management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value. Value is maximized when management sets strategy and objectives to strike an optimal balance between growth and return goals and related risks, and efficiently and effectively deploys resources in pursuit of the entity’s objectives. These capabilities inherent in enterprise risk management help management achieve the Company’s performance and profitability targets, and minimize loss of resources. Enterprise risk management helps ensure effective reporting and compliance with laws and regulations, and helps avoid damage to the Company’s reputation and associated consequences. In sum, enterprise risk management helps the Company get to where it wants to go and avoid pitfalls and surprises along the way. Enterprise risk management encompasses:
• Aligning Risk Appetite and Strategy
• Enhancing Risk Response Decisions
• Reducing Operational Surprises and Losses
• Identifying and Managing Multiple and Cross-Enterprise Risks
• Seizing Opportunities
• Improving Deployment of Capital
• Leveraging Talent, Structure, Process, and Capital
2022 Webinar - ISO 27001 Certification.pdfControlCase
ControlCase Introduction
What is ISO 27001?
What is ISO 27002?
What is ISO 27701, ISO 27017, & ISO 27018?
What is an ISMS?
What is ISO 27001 Certification?
Who Needs ISO 27001?
What is Covered in ISO 27001?
How Many Controls in ISO 27001?
What is the ISO 27001 Certification Process?
How Often Do You Need ISO 27001 Certification?
What are the Challenges to ISO 27001 Compliance?
Why ControlCase?
The Cybersecurity Risk Management Framework Strategy for Defense Platform Systems course prepares command leadership to implement the National Institute of Standards and Technology’s (NIST) cybersecurity Risk Management Framework (RMF) from a Platform Information Technology (PIT) perspective.
This one-day workshop reviews the five functions of cybersecurity that leadership must consider when making decisions about program resources and requirements.
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.
While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
This session intends to address business risks related to the use of IT, looking at industry standards, frameworks and best practices, as well as focusing on real world examples and specific plans on how to implement IT Risk Management on every level of your company.
Presentation for March 2017 webcast by NIST.
www.nist.gov/cyberframework
Webcast video: https://www.nist.gov/news-events/events/2017/03/cybersecurity-framework-virtual-events
This presentation introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). It provides a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). It covers potential benefits of Framework, and how the Framework can be used. It highlights industry resources, progress in Roadmap areas, and future direction of the Framework program.
Presentation från GRC 2014 den 15 maj. Kontakta gärna talaren om du har några frågor. Hela schemat för eventet hittar du här: http://www.transcendentgroup.com/sv/har-har-du-hela-schemat-for-grc-2014/
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
Customs-Trade Partnership Against Terrorism (C-TPAT): Supply Chain SecurityLivingston International
Did you know that U.S. importers often see reduced inspections and faster release times after becoming Customs-Trade Partnership Against Terrorism program members? This presentation covers the benefits and requirements of participation in the C-TPAT supply chain security program, including who can participate, who should participate, and the overall importance of supply chain security in today's world trade environment.
Register for our next webinar here: http://bit.ly/1Qfojnb
Risk Management Insights in a World Gone MadIvanti
Join Phil Richards, CISO for Ivanti, as we discuss key concepts and strategies for Risk Management. A few of the questions to be addressed in this session include: Is risk always a bad thing? How do you categorize risk according to your company’s objectives? Do data breaches really impact the big companies? What are the steps to recognizing, assessing and managing risk? The answers to these and many other questions will be discussed in this very important and timely session.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
ISO 27005 Risk Assessment
1. Risk Assessment as per ISO 27005
Presented by Dharshan Shanthamurthy,
Risk Assessment Evangelist
WWW.SMART‐RA.COM
SMART‐RA.COM is a patent pending product of SISA Information Security Pvt. Ltd.
2. What is Risk Assessment?
What is Risk Assessment?
• NIST SP 800‐30
Risk Assessment is the analysis of threats in conjunction with
vulnerabilities and existing controls.
l biliti d i ti t l
• OCTAVE
A Risk Assessment will provide information needed to make
risk management decisions regarding the degree of security
remediation.
remediation
• ISO 27005
Risk Assessment = Identification, Estimation and
Risk Assessment Identification Estimation and
Evaluation
3. Why Risk Assessment?
Regulatory Compliance
Compliance Risk Assessment Requirement
Standard
St d d
PCI DSS Formal and structured risk assessment based on methodologies like ISO 27005,
Requirement NIST SP 800‐30, OCTAVE, etc.
12.1.2
12 1 2
HIPAA Section Conduct an accurate and thorough assessment of the potential risks and
164.308(a)(1) vulnerabilities to the confidentiality, integrity, and availability of electronic
protected health information held by the covered entity.
protected health information held by the covered entity
FISMA 3544 Periodic testing and evaluation of the effectiveness of information security
policies, procedures, and practices, to be performed at least annually.
ISO 27001 Clause Risk assessments should identify risks against risk acceptance criteria and
4.1 organizational objectives. Risk assessments should also be performed
periodically to address changes in the security requirements and in the risk
situation.
GLBA, SOX, FISMA, Data Protection Act, IT Act Amendment 2008, Privacy Act, HITRUST……
4. Why Risk Assessment?
y
Business Rationale
Function Explanation
Return on Structured RA Methodology follows a systematic and pre‐defined
Investment approach, minimizes the scope of human error, and emphasizes
process driven, rather than human driven activities.
process driven rather than human driven activities
Budget Allocation Assists in controls cost planning and justification
Controls Cost and effort optimization by optimizing controls selection and
implementation
Efficient Resource optimization by appropriate delegation of actions related to
utilization of
utilization of controls implementation.
controls implementation
resources
5. What is IS-RA?
IS RA?
Risk assessment is the cornerstone of any information
security program, and it is the fastest way to gain a
complete understanding of an organization's security
profile – its strengths and weaknesses its vulnerabilities
weaknesses,
and exposures.
“IF YOU CAN’T MEASURE IT
…YOU CAN’T MANAGE IT!”
YOU
6. Reality Check
Reality Check
• ISRA– a need more than a want
• Each organization has their own ISRA
Each organization has their own ISRA
• ISRA learning curve
• Cumbersome – 1000 assets, 20 worksheets
• Two months efforts
Two months efforts
• Complicated report
9. ISO 27005 Introduction
ISO 27005 Introduction
• ISO 27005 i
ISO 27005 is an Information Security Risk Management guideline.
I f ti S it Ri k M t id li
• Lays emphasis on the ISMS concept of ISO 27001: 2005.
• Drafted and published by the International Organization for
Standardization (ISO) and the International Electrotechnical
Standardization (ISO) and the International Electrotechnical
Commission (IEC)
• Provides a RA guideline and does not recommend any RA
Provides a RA guideline and does not recommend any RA
methodologies.
• Applicable to organizations of all types.
f
10. ISO 27005 Workflow
ISO 27005 Workflow
• Advocates an iterative approach
pp
to risk assessment
• Aims at balancing time and
Aims at balancing time and
effort with controls efficiency in
mitigating high risks
• Proposes the Plan‐Do‐Check‐Act
cycle.
Source: ISO 27005 Standard
11. ISO 27005 Risk Assessment
ISO 27005 Risk Assessment
Information Security Risk Assessment = Risk Analysis +
I f i S i Ri k A Ri k A l i
Risk Evaluation
Risk Analysis:
Risk Analysis:
Risk Analysis = Risk Identification + Risk Estimation
1. Risk Identification
Risk characterized in terms of organizational conditions
Risk characterized in terms of organizational conditions
• Identification of Assets: Assets within the defined scope
• Identification of Threats: Based on Incident Reviewing, Asset
Owners, Asset Users, External threats, etc.
12. ISO 27005 Risk Assessment Contd.
ISO 27005 Risk Assessment Contd.
• Identification of Existing Controls: Also check if the controls are working
Identification of Existing Controls: Also check if the controls are working
correctly.
• Identification of Vulnerabilities: Vulnerabilities are shortlisted in
organizational processes, IT, personnel, etc.
• Identification of Consequences: The impact of loss of CIA of assets.
2. Risk Estimation
– Specifies the measure of risk.
• Qualitative Estimation
Qualitative Estimation
• Quantitative Estimation
Risk Evaluation:
Risk Evaluation:
• Compares and prioritizes Risk Level based on Risk Evaluation Criteria and Risk
Acceptance Criteria.
13. ISO 27005 RA Workflow
Step 1 Step 2 Step 3 Step 4
General
General Risk Analysis:
Risk Analysis:
Description of Risk Analysis:
Risk Risk Evaluation
ISRA Risk Estimation
Identification
14. Step 1
General
Risk Analysis: Risk
Risk Analysis: Risk Risk Analysis: Risk
Risk Analysis Risk
Description of Identification Estimation
Risk Evaluation
ISRA
1. General Description of ISRA
Identify, Describe
d f b Assessed risks
d ik
Basic Criteria
(quantitatively or prioritized according to
Scope and Boundaries
qualitatively) and Risk Evaluation
Organization for ISRM
g
Prioritize Risks
P i iti Ri k Criteria.
C it i
15. Step 2
Risk Analysis:
General Description
General Description Risk Analysis: Risk
Risk Analysis Risk
of ISRA Risk
Ri k Estimation
Risk Evaluation
Identification
2. Risk Analysis: Risk Identification
Identification of Assets
Scope and Boundaries
S d d i
List of Assets.
Asset owners
Assets are defined List of associated
Asset Location
business processes.
p
Asset function
A t f ti
16. Step 2
Risk Analysis:
General Description
General Description Risk Analysis: Risk
Risk Analysis Risk
of ISRA Risk
Ri k Estimation
Risk Evaluation
Identification
2. Risk Analysis: Risk Identification
Identification of Threats
Threat Information
Threat Information
from • Threats
• Review of Incidents Threats are defined • Threat source
• Asset Owners • Threat type
yp
• Asset Users, etc.
17. Step 2
Risk Analysis:
General Description
General Description Risk Analysis: Risk
Risk Analysis Risk
of ISRA Risk
Ri k Estimation
Risk Evaluation
Identification
2. Risk Analysis: Risk Identification
Identification of Existing Controls
• Existing and
Existing and
• Documentation of planned controls
Existing and planned
controls • Implementation
controls are defined
• RTP status
• Usage status
18. Step 2
Risk Analysis:
General Description
General Description Risk Analysis: Risk
Risk Analysis Risk
of ISRA Risk
Ri k Estimation
Risk Evaluation
Identification
2. Risk Analysis: Risk Identification
Identification of Vulnerabilities
• Vulnerabilities related
Vulnerabilities related
• Identified Assets
d ifi d
to assets, threats,
• Identified Threats Vulnerabilities are
controls.
• Identified Existing identified
• Vulnerabilities not
Controls
C t l
related to any threat.
19. Step 2
Risk Analysis:
General Description
General Description Risk Analysis: Risk
Risk Analysis Risk
of ISRA Risk
Ri k Estimation
Risk Evaluation
Identification
2. Risk Analysis: Risk Identification
Identification of Consequences
• Incident scenarios
Incident scenarios
• Assets and business
db i
with their
processes The impact of the loss
consequences related
• Threats and of CIA is identified
to assets and
vulnerabilities
l biliti
business processes
20. Step 3
Risk Analysis:
General Description
General Description Risk Analysis: Risk
Risk Analysis: Risk
of ISRA Identification Risk
Ri k Risk Evaluation
Estimation
3. Risk Analysis: Risk Estimation
Risk Estimation Methodologies
(a) Qualitative Estimation: High, Medium, Low
( ) Q lit ti E ti ti Hi h M di L
( )
(b) Quantitative Estimation: $, hours, etc.
21. Step 3
Risk Analysis:
General Description
General Description Risk Analysis: Risk
Risk Analysis: Risk
of ISRA Identification Risk
Ri k Risk Evaluation
Estimation
3. Risk Analysis: Risk Estimation
Assessment of consequences
• Assets and business
Assets and business Assessed consequences
Assessed consequences
The business impact
h b
processes of an incident scenario
from information
• Threats and expressed in terms of
security incidents is
vulnerabilities p
assets and impact
assessed.
d
• Incident scenarios criteria.
22. Step 3
Risk Analysis:
General Description
General Description Risk Analysis: Risk
Risk Analysis: Risk
of ISRA Identification Risk
Ri k Risk Evaluation
Estimation
3. Risk Analysis: Risk Estimation
Level of Risk Estimation
• Incident scenarios
with their Level of risk is
l f k
consequences estimated for all List of risks with value
• Their likelihood relevant incident levels assigned.
(quantitative or scenarios
i
qualitative).
23. Step 4
General Description
General Description Risk Analysis: Risk
Risk Analysis: Risk Risk Analysis: Risk
Risk Analysis: Risk Risk
Risk
of ISRA Identification Estimation
Evaluation
4. Risk Analysis: Risk Estimation
Level of Risk Estimation
Risks prioritized
Risks prioritized
Level of risk is
l f k
• Risks with value levels according to risk
compared against risk
assigned and risk evaluation criteria in
evaluation criteria and
evaluation criteria. relation to the incident
risk acceptance criteria
ik t it i
scenarios.
24. Summary
• Keep it Simple and Systematic
• Comprehensive
• Risk sensitive culture in the organization.
• Drive security from a risk management
p p
perspective, rather only a compliance
, y p
perspective.
• H l RA t h l
Help RA to help you…
25. Questions?
Be a Risk Assessment Evangelist!
Be a Risk Assessment Evangelist!
IS‐RA Forum on Linkedin
SMART‐RA Forum on Linkedin
SMART RA Forum on Linkedin
Dharshan Shanthamurthy,
E‐mail: dharshan.shanthamurthy@sisa.in
y
Phone: +91‐99451 22551