ISO 27001 SSDLC

•Download as PPTX, PDF•

0 likes•94 views

Mouhammad Esayed

Getting Benefit from ISO27001 in application Development

Getting Benefit from
ISO27001 in application
Development
Presented by Mouhammad Esayed
Mouhammad Esayed 5/30/2020

Presented by Mouhammad Esayed
5/30/2020Mouhammad Esayed
1.Define the Risk that the user might face while using this
application.
2.How to minimize this risk
3.Follow a SSDLC
4.Maintain the CIA
5.Implementing the ISO 27001 controls

Presented by Mouhammad Esayed
5/30/2020Mouhammad Esayed
Define the Risk that the user might face while using this
application
This should be done by making an assessment to define all probable risks that the
user might be in when using our application.
• Define the users of the application; the patient the Medical staff and the patient’s
relatives
• Define the risks that our users might be in if they use our application.
• User’s sensitive data might be leaked.
• An attacker might disclose sensitive data for a well known person to public
• Mobile phone might be lost or stolen
• Source code might contain a vulnerability
• Mobile application might be unavailable, or server is down
• User’s data might be changed or altered by an attacker or user misused

Presented by Mouhammad Esayed
5/30/2020Mouhammad Esayed
How to minimize this Risk
By Applying security controls to the application
These security controls should be for the development, implementation, Usage and
maintenance of the application.
You have to follow a secure Development lifecycle

Presented by Mouhammad Esayed
5/30/2020Mouhammad Esayed
SDLC
Software Development Lifecycle
 Definition: methodologies provide a systematic framework
to design, develop and deliver software applications, from
beginning to end.
We need to add the value of the security to this lifecycle.

Presented by Mouhammad Esayed
5/30/2020Mouhammad Esayed
Maintain the CIA triad
What is the CIA?
Confidentiality
Integrity
Availability
The CIA triad is the backbone that we will depend on it when talking about security.

Presented by Mouhammad Esayed
5/30/2020Mouhammad Esayed
Implementing the ISO 27001 controls
What are the controls that we can use from ISO27001 that will help in securing our
application.
A.10 Cryptography
A.12 Operations Security
A.13 Communication Security
A.14 System acquisition, development and maintenance
A.17 Information security aspects of business continuity
A.18 Compliance

5/30/2020Mouhammad Esayed
Thank you!
Questions

More Related Content

What's hot

BYOD and Security Trends

BYOD and Security Trends

BYOD and Security Trends

MobileSecurityInfographic_v3

MobileSecurityInfographic_v3

MobileSecurityInfographic_v3

Carlos Villafane

Owasp and friends

Owasp and friends

Owasp and friends

Mažvydas Skuodas

East Surrey College Case Study

East Surrey College Case Study

East Surrey College Case Study

a)Hazard Analysis Methodology b)Safety and environmental information is the basis for your management system design c)BSEE and others provide you notes (Safety Alerts) for your sheet of music (Management System) d)Risk Based Approach to Hazard Analysis e)Software tools to access environmental regulations such as Sub part S, O, G ,H and API standards can help stream line your SEMs compliance We explain how the API RP 14J is your bible for Hazard Analysis Methodology. The safety and environmental information you utilize is the basis for your management system design. There are numerous “lessons learned” out there that are public knowledge; learn how these can provide you a road map.

10 SEMSinar™ Series, Part 4 Element 2 & 3 - Safety and Environmental Informat...

10 SEMSinar™ Series, Part 4 Element 2 & 3 - Safety and Environmental Informat...

10 SEMSinar™ Series, Part 4 Element 2 & 3 - Safety and Environmental Informat...

Wordpress security

Wordpress security

Wordpress security

The leading cause of data breaches in the cloud aren’t application or OS vulnerabilities--it’s cloud misconfiguration, which are almost always due to customer error. Unfortunately, these mistakes are easy to make and extraordinarily common in enterprise cloud environments. We’ve moved beyond simple “misconfigured S3 bucket” incidents and into more advanced attacks that exploit a series of common cloud misconfiguration vulnerabilities--many of which are often missed or not even categorized as misconfigurations by security teams.

Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks

Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks

Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks

Task 7 Interactive

Task 7 Interactive

Task 7 Interactive

Derick Peterson

In DevSecOps “shift left” applies to application security too: developers should commit to provide API security at the earliest stages of development. In this session, Isabelle will propose an innovative strategy to address API security, in which developers collaborate with security teams and bring their business knowledge of the APIs to: 1/ Assess the API risk in terms of data and operation sensitivity 2/ Specify the input/output data formats 3/ Describe the application flow logic From the data gathered previously, tools can then generate automatically the appropriate security policies, respecting the rules set by the security teams. Isabelle will also explain how the CI/CD pipeline can leverage a containerized PEP (Policy Enforcement Point) in the different testing / QA / Pre-Production / Production environments.

LF_APIStrat17_Practical DevSecOps for APIs

LF_APIStrat17_Practical DevSecOps for APIs

LF_APIStrat17_Practical DevSecOps for APIs

Veracode ciso riyadh

Veracode ciso riyadh

Veracode ciso riyadh

Salil Kumar Subramony

Equifax & Apache Struts Vulnerability CVE-2017-5638

Equifax & Apache Struts Vulnerability CVE-2017-5638

Equifax & Apache Struts Vulnerability CVE-2017-5638

Black Duck by Synopsys

Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi

Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi

Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi

Web Application Penetration

Web Application Penetration

Web Application Penetration

Security

How Malware Works - Understanding Software Vulnerabilities

How Malware Works - Understanding Software Vulnerabilities

How Malware Works - Understanding Software Vulnerabilities

07 end

Ministry of Education Malaysia

What's hot (16)

BYOD and Security Trends

BYOD and Security Trends

BYOD and Security Trends

MobileSecurityInfographic_v3

MobileSecurityInfographic_v3

MobileSecurityInfographic_v3

Owasp and friends

Owasp and friends

Owasp and friends

East Surrey College Case Study

East Surrey College Case Study

East Surrey College Case Study

10 SEMSinar™ Series, Part 4 Element 2 & 3 - Safety and Environmental Informat...

10 SEMSinar™ Series, Part 4 Element 2 & 3 - Safety and Environmental Informat...

10 SEMSinar™ Series, Part 4 Element 2 & 3 - Safety and Environmental Informat...

Wordpress security

Wordpress security

Wordpress security

Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks

Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks

Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks

Task 7 Interactive

Task 7 Interactive

Task 7 Interactive

LF_APIStrat17_Practical DevSecOps for APIs

LF_APIStrat17_Practical DevSecOps for APIs

LF_APIStrat17_Practical DevSecOps for APIs

Veracode ciso riyadh

Veracode ciso riyadh

Veracode ciso riyadh

Equifax & Apache Struts Vulnerability CVE-2017-5638

Equifax & Apache Struts Vulnerability CVE-2017-5638

Equifax & Apache Struts Vulnerability CVE-2017-5638

Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi

Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi

Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi

Web Application Penetration

Web Application Penetration

Web Application Penetration

Security

How Malware Works - Understanding Software Vulnerabilities

How Malware Works - Understanding Software Vulnerabilities

How Malware Works - Understanding Software Vulnerabilities

07 end

Similar to ISO 27001 SSDLC

This webinar gives an idea of what is the relation of ISO 27032 with ISO 55001, and how these two standards cover one another. Get more information on Cybersecurity as the importance is given more to the security industry nowadays. Main points covered: • Protection assets in Cyberspace • Covering ISO 27032 in ISO 55001 and ISO 55001 in ISO 27032 • Sample of Cybersecurity Risks in Assets • Highlights of the Implementation of the Cyber Security program Framework Presenter: This webinar was presented by PECB Partner and Trainer Mr. Claude Essomba, who is a Managing Director at GETSEC SARL, and has more than 9 years of experience in IT and Information Security. Link of the recorded session published on YouTube: https://youtu.be/_280jG77iKY

Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001

Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001

Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001

Information Security Assurance Capability Maturity Model (ISA-CMM) Version 3.2 February 2012 Copyright © 1999 Permission to reproduce this product and to prepare derivative works from this product is granted royalty-free, provided the copyright is included with all reproductions and derivative works. This document includes excerpts from “A Systems Engineering Capability Maturity Model, Version 1.1,” CMU/SEI-95-MM-003, published in November 1995 and version 2.0 of the Systems Security Engineering CMM (SSE-CMM), published in April 1999 and is now ISO Standard ISO/IEC DIS 21827. The Systems Engineering CMM is “Copyright © 1995 by Carnegie Mellon University and the SSE-CMM is held and maintained by the International System Security Engineering Association (ISSEA). Permission to reproduce this product and to prepare derivative works from this product is granted royalty-free, provided this copyright is included with all reproductions and derivative works.” TABLE OF CONTENTS 1.INTRODUCTION4 Information Security ASSUrance5 Information Security AssURANCE Training and Rating Program (ISATRP)6 Information Security Assessment Methodology (ISAM)7 Information Security RED TEAM Methodology (ISRM)9 Information Security ASSURANCE – Capability Maturity Model (ISA-CMM)11 Acknowledgments13 Points of Contact14 2.ISA-CMM Overview15 Expected Results17 Key Concepts18 ISA-CMM Architecture Description22 The Basic Model23 The Base Practices and Process Areas25 The Generic PRACTICES27 The Capability Levels28 3.Process Area Format31 ISA-PA01: Provide Training32 ISA-BP01.01 – Identify Training Needs34 ISA-BP01.02 – Select method of Information Security training35 ISA-BP01.03 – Ensure availability of Information Security training36 ISA-BP01.04 – Train Personnel37 ISA-BP01.05 – Assess Training Effectiveness38 ISA-PA02: Coordinate with Customer Organization39 ISA-BP02.01 – Identify coordination mechanisms40 ISA-BP02.02 – Facilitate coordination41 ISA-BP02.03 – Coordinate decisions and recommendations42 ISA-PA03: Specify Initial Information Security Needs43 ISA-BP03.01 – Understand criticality of the customer’s assets44 ISA-BP03.02 – Identify applicable constraints45 ISA-BP03.03 – Identify customer's concerns46 ISA-BP03.04 – Capture high-level OBJECTIVES47 ISA-BP03.05 Identify initial Information Security needs48 ISA-PA04: Assess Threat49 ISA-BP04.01 – Identify applicable threats50 ISA-BP04.02 – Identify threat impact potential51 ISA-BP04.03 – Assess threat agent capability52 ISA-BP04.04 – Assess threat likelihood53 ISA-BP04.05 – Monitor threats54 ISA-PA05: Assess Vulnerability55 ISA-BP05.01 – Identify Applicable Vulnerabilities56 ISA-BP05.02 – Define Exploitation Potential57 ISA-BP05.03 – Determine Overall Vulnerability58 ISA-BP05.04 – Monitor Exploitation Potential59 ISA-PA06: Assess Impact60 ISA-BP06.01 – Analyze Capabilities61 ISA-BP06.02 – Identify Potential Impacts62 ISA-BP06.03 – Monitor Impacts63 ISA-PA07: Assess Information Security Risk64 ISA-BP07.01 ...

Information Security Assurance Capability Maturity Model (ISA-.docx

Information Security Assurance Capability Maturity Model (ISA-.docx

Information Security Assurance Capability Maturity Model (ISA-.docx

ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map? Because of the ongoing increase in consumer data collection, breaches have also been increasing. In this regards the information security, data privacy, and cybersecurity standards provide some guidelines and requirements on how to better manage and deal with such breaches. Amongst others, the webinar covers: • ISO 27032:2012 – A Framework for Cybersecurity Risks • ISO/IEC 27000-series, Standards, 27001 vs 27002 • ISO 27002:2022 and 27001:2022 Updates Presenters: Danny Manimbo Danny Manimbo is a Principal with Schellman, based in Denver, Colorado. As a member of Schellman’s West Coast/Mountain region management team, Danny is primarily responsible for co-leading Schellman's ISO practice and the development and oversight of Schellman's SOC practice line, as well as specialty practices such as HIPAA. Danny has been with Schellman for nine years and has over 11 years of experience in providing data security audit and compliance services. Erik Tomasi Erik Tomasi is the Managing Partner at EMTsec, a security consulting firm based in Miami and New York. He leads the firm’s consulting division and manages client relationships across several industry sectors. Mr. Tomasi is considered an expert in information security, risk management, and technology management. Sawyer Miller Sawyer is a Senior Manager who oversees the ISO practice for risk3sixty, an Atlanta-based Security, Privacy, and Compliance firm helping clients implement business-first information security and compliance programs. Date: June 22, 2022 Tags: ISO, ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27032, Data protection, Data Privacy, Cybersecurity, Information Security ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/whitepaper/isoiec-270022022--information-security-cybersecurity-and-privacy-protection https://pecb.com/whitepaper/no-iso-27001-certified-companies-among-largest-data-breaches-2014-2015 https://pecb.com/whitepaper/isoiec-270022013-information-technology---security-techniques-code-of-practice-for-information-security-controls Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/fE3DqISAfQY

ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?

ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?

ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?

ISO 27001:2022 Introduction

ISO 27001:2022 Introduction

ISO 27001:2022 Introduction

Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

Developing Secure Apps

Developing Secure Apps

Developing Secure Apps

Livares Technologies Pvt Ltd

Curriculum Vitae Summary

Curriculum Vitae Summary

Curriculum Vitae Summary

What is needed to start trusting the security of your applications in the cloud?

What is needed to start trusting the security of your applications in the cloud?

What is needed to start trusting the security of your applications in the cloud?

Matteo meucci Software Security - Napoli 10112016

Matteo meucci Software Security - Napoli 10112016

Matteo meucci Software Security - Napoli 10112016

Minded Security

Integrating of security activates in agile process

Integrating of security activates in agile process

Integrating of security activates in agile process

Becoming Secure By Design: Questions You Should Ask Your Software Vendors

Becoming Secure By Design: Questions You Should Ask Your Software Vendors

Becoming Secure By Design: Questions You Should Ask Your Software Vendors

Symantec Migration infographic

Symantec Migration infographic

Symantec Migration infographic

BHD Creative Ltd

Developing programs that are inherently immune to attack requires sound software engineering practices. This session looks at the overall software engineering lifecycle and the critical points at which software security is a specific consideration. From the requirements for third-party suppliers to in-house development, your process must offer a level of confidence that the software functions as intended and is free of vulnerabilities. The presentation shows how using threat models, code pattern analysis tooling, targeted reviews, and more enhances Java security.

JavaOne2013: Secure Engineering Practices for Java

JavaOne2013: Secure Engineering Practices for Java

JavaOne2013: Secure Engineering Practices for Java

ET4045-Information Security Management System-2018

ET4045-Information Security Management System-2018

ET4045-Information Security Management System-2018

Wervyan Shalannanda

ISO/IEC 27001.pdf

ISO/IEC 27001.pdf

ISO/IEC 27001.pdf

In this article I will provide an Overview of A new Information Security Management System Standard ISO/IEC 27001:2013 , The new standard just Published from a few Days Earlier . ISO/IEC 27001:2013 Provides requirements for Establishing, Implementing, Maintaining and Continually Improving an Information Security Management System. ISO/IEC 27001:2013 gives Organization a Perfect Information Security management framework for implementing and maintaining security. In this Article, I tried to shed some light on new standard and its Mandatory Requirements, Optional Requirements , Structure , Benefits , Certification Process and Estimated time for Implementation and Certification.

ISO/IEC 27001:2013 An Overview

ISO/IEC 27001:2013 An Overview

ISO/IEC 27001:2013 An Overview

Boosting IoT Protection: An Enterprise Risk Imperative

Boosting IoT Protection: An Enterprise Risk Imperative

Boosting IoT Protection: An Enterprise Risk Imperative

National Retail Federation

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare ☁

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare ☁

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare ☁

Cybersecurity is a universal concern across today’s enterprise and the need for strategic approach is required for appropriate mitigation. Adopting ISO 27032 will help to: • Understanding the nature of Cyberspace and Cybersecurity • Explore Cybersecurity Ecosystem – Roles & Responsibilities • Achieve Cyber Resilience through implementing defensive and detective cybersecurity controls Presenter: Obadare Peter Adewale is a first generation and visionary cyberpreneur. He is a PECB certified Trainer, Fellow Chartered Information Technology Professional, the First Licensed Penetration Tester in Nigeria, second COBIT 5 Assessor in Africa and PCI DSS QSA. He is also an alumnus of Harvard Business School and MIT Sloan School of Management Executive Education. Link of the recorded session published on YouTube: https://youtu.be/NX5RMGOcyBM

Improve Cybersecurity posture by using ISO/IEC 27032

Improve Cybersecurity posture by using ISO/IEC 27032

Improve Cybersecurity posture by using ISO/IEC 27032

Similar to ISO 27001 SSDLC (20)

Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001

Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001

Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001

Information Security Assurance Capability Maturity Model (ISA-.docx

Information Security Assurance Capability Maturity Model (ISA-.docx

Information Security Assurance Capability Maturity Model (ISA-.docx

ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?

ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?

ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?

ISO 27001:2022 Introduction

ISO 27001:2022 Introduction

ISO 27001:2022 Introduction

Developing Secure Apps

Developing Secure Apps

Developing Secure Apps

Curriculum Vitae Summary

Curriculum Vitae Summary

Curriculum Vitae Summary

What is needed to start trusting the security of your applications in the cloud?

What is needed to start trusting the security of your applications in the cloud?

What is needed to start trusting the security of your applications in the cloud?

Matteo meucci Software Security - Napoli 10112016

Matteo meucci Software Security - Napoli 10112016

Matteo meucci Software Security - Napoli 10112016

Integrating of security activates in agile process

Integrating of security activates in agile process

Integrating of security activates in agile process

Becoming Secure By Design: Questions You Should Ask Your Software Vendors

Becoming Secure By Design: Questions You Should Ask Your Software Vendors

Becoming Secure By Design: Questions You Should Ask Your Software Vendors

Symantec Migration infographic

Symantec Migration infographic

Symantec Migration infographic

JavaOne2013: Secure Engineering Practices for Java

JavaOne2013: Secure Engineering Practices for Java

JavaOne2013: Secure Engineering Practices for Java

ET4045-Information Security Management System-2018

ET4045-Information Security Management System-2018

ET4045-Information Security Management System-2018

ISO/IEC 27001.pdf

ISO/IEC 27001.pdf

ISO/IEC 27001.pdf

ISO/IEC 27001:2013 An Overview

ISO/IEC 27001:2013 An Overview

ISO/IEC 27001:2013 An Overview

Boosting IoT Protection: An Enterprise Risk Imperative

Boosting IoT Protection: An Enterprise Risk Imperative

Boosting IoT Protection: An Enterprise Risk Imperative

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Improve Cybersecurity posture by using ISO/IEC 27032

Improve Cybersecurity posture by using ISO/IEC 27032

Improve Cybersecurity posture by using ISO/IEC 27032

Recently uploaded

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

🐬 The future of MySQL is Postgres 🐘

🐬 The future of MySQL is Postgres 🐘

🐬 The future of MySQL is Postgres 🐘

Scaling API-first – The story of a global engineering organization

Scaling API-first – The story of a global engineering organization

Scaling API-first – The story of a global engineering organization

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

IAC 2024 - IA Fast Track to Search Focused AI Solutions

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Friends Colony Women Seeking Men

08448380779 Call Girls In Friends Colony Women Seeking Men

08448380779 Call Girls In Friends Colony Women Seeking Men

Delhi Call girls

Advantages of Hiring UIUX Design Service Providers for Your Business

Advantages of Hiring UIUX Design Service Providers for Your Business

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

Explore 'The Codex of Business: Writing Software for Real-World Solutions,' a compelling SlideShare presentation that delves into digital transformation in healthcare. Discover through a detailed case study how Agile methodologies empower healthcare providers to develop, iterate, and refine digital solutions that address real-world challenges. Learn how strategic planning, user feedback, and continuous improvement drive success in deploying technologies that enhance patient care and operational efficiency. Ideal for healthcare professionals, IT specialists, and digital transformation advocates seeking actionable insights and practical examples of technology making a real difference.

The Codex of Business Writing Software for Real-World Solutions 2.pptx

The Codex of Business Writing Software for Real-World Solutions 2.pptx

The Codex of Business Writing Software for Real-World Solutions 2.pptx

Malak Abu Hammad

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Presentation on how to chat with PDF using ChatGPT code interpreter

Presentation on how to chat with PDF using ChatGPT code interpreter

Presentation on how to chat with PDF using ChatGPT code interpreter

Finology Group – Insurtech Innovation Award 2024

Finology Group – Insurtech Innovation Award 2024

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Recently uploaded (20)

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

🐬 The future of MySQL is Postgres 🐘

🐬 The future of MySQL is Postgres 🐘

🐬 The future of MySQL is Postgres 🐘

Scaling API-first – The story of a global engineering organization

Scaling API-first – The story of a global engineering organization

Scaling API-first – The story of a global engineering organization

IAC 2024 - IA Fast Track to Search Focused AI Solutions

IAC 2024 - IA Fast Track to Search Focused AI Solutions

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

08448380779 Call Girls In Friends Colony Women Seeking Men

08448380779 Call Girls In Friends Colony Women Seeking Men

08448380779 Call Girls In Friends Colony Women Seeking Men

Advantages of Hiring UIUX Design Service Providers for Your Business

Advantages of Hiring UIUX Design Service Providers for Your Business

Advantages of Hiring UIUX Design Service Providers for Your Business

The Codex of Business Writing Software for Real-World Solutions 2.pptx

The Codex of Business Writing Software for Real-World Solutions 2.pptx

The Codex of Business Writing Software for Real-World Solutions 2.pptx

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Presentation on how to chat with PDF using ChatGPT code interpreter

Presentation on how to chat with PDF using ChatGPT code interpreter

Presentation on how to chat with PDF using ChatGPT code interpreter

Finology Group – Insurtech Innovation Award 2024

Finology Group – Insurtech Innovation Award 2024

Finology Group – Insurtech Innovation Award 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

ISO 27001 SSDLC

1. Getting Benefit from ISO27001 in application Development Presented by Mouhammad Esayed Mouhammad Esayed 5/30/2020

2. Presented by Mouhammad Esayed 5/30/2020Mouhammad Esayed 1.Define the Risk that the user might face while using this application. 2.How to minimize this risk 3.Follow a SSDLC 4.Maintain the CIA 5.Implementing the ISO 27001 controls

3. Presented by Mouhammad Esayed 5/30/2020Mouhammad Esayed Define the Risk that the user might face while using this application This should be done by making an assessment to define all probable risks that the user might be in when using our application. • Define the users of the application; the patient the Medical staff and the patient’s relatives • Define the risks that our users might be in if they use our application. • User’s sensitive data might be leaked. • An attacker might disclose sensitive data for a well known person to public • Mobile phone might be lost or stolen • Source code might contain a vulnerability • Mobile application might be unavailable, or server is down • User’s data might be changed or altered by an attacker or user misused

4. Presented by Mouhammad Esayed 5/30/2020Mouhammad Esayed How to minimize this Risk By Applying security controls to the application These security controls should be for the development, implementation, Usage and maintenance of the application. You have to follow a secure Development lifecycle

5. Presented by Mouhammad Esayed 5/30/2020Mouhammad Esayed SDLC Software Development Lifecycle  Definition: methodologies provide a systematic framework to design, develop and deliver software applications, from beginning to end. We need to add the value of the security to this lifecycle.

6. Presented by Mouhammad Esayed 5/30/2020Mouhammad Esayed Maintain the CIA triad What is the CIA? Confidentiality Integrity Availability The CIA triad is the backbone that we will depend on it when talking about security.

7. Presented by Mouhammad Esayed 5/30/2020Mouhammad Esayed Implementing the ISO 27001 controls What are the controls that we can use from ISO27001 that will help in securing our application. A.10 Cryptography A.12 Operations Security A.13 Communication Security A.14 System acquisition, development and maintenance A.17 Information security aspects of business continuity A.18 Compliance

8. 5/30/2020Mouhammad Esayed Thank you! Questions