Decentralized Security! In this webinar, we discuss the current state of IT security and why we should be taking the decentralized approach for the new year.
A Summit to advance BAS cybersecurity
For the second year, the New Deal for Buildings is organizing a Cybersecurity Summit at AHR Expo. The event is designed to gather BAS leaders and facility practitioners to discuss and chart the way forward for the adoption of comprehensive cybersecurity policies, practices, and technologies in the BAS industry. Sponsors of this event are made up of the leading companies and organizations advocating for better cybersecurity in building automation systems.
The Summit comes at the heels of the release of BACnet/SC, a critical component to securing BAS networks.
IT outsourcing determines the accessibility of expert IT solutions irrespective of boundaries. They can be IT-based business, application services, IT infrastructure, cloud computing, web development & hosting etc.. As far as the benefits of IT outsourcing are concerned, it helps in remote access of the best IT solutions that economically suit the pocket of the users.
Learn about the mandate for NIST Special Publication 800-171 and the upcoming deadline for compliance of December 31, 2017. Get answers to questions such as: what is NIST, who needs to comply, what are the requirements, and how do I know if I’m already compliant?
Decentralized Security! In this webinar, we discuss the current state of IT security and why we should be taking the decentralized approach for the new year.
A Summit to advance BAS cybersecurity
For the second year, the New Deal for Buildings is organizing a Cybersecurity Summit at AHR Expo. The event is designed to gather BAS leaders and facility practitioners to discuss and chart the way forward for the adoption of comprehensive cybersecurity policies, practices, and technologies in the BAS industry. Sponsors of this event are made up of the leading companies and organizations advocating for better cybersecurity in building automation systems.
The Summit comes at the heels of the release of BACnet/SC, a critical component to securing BAS networks.
IT outsourcing determines the accessibility of expert IT solutions irrespective of boundaries. They can be IT-based business, application services, IT infrastructure, cloud computing, web development & hosting etc.. As far as the benefits of IT outsourcing are concerned, it helps in remote access of the best IT solutions that economically suit the pocket of the users.
Learn about the mandate for NIST Special Publication 800-171 and the upcoming deadline for compliance of December 31, 2017. Get answers to questions such as: what is NIST, who needs to comply, what are the requirements, and how do I know if I’m already compliant?
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FONandita Nityanandam
In today's competitive landscape where manufacturers need to seamlessly connect devices, departments, and people across geographical boundaries, Dynamics 365, with new-age collaboration, productivity, and intelligence features, allows them to streamline every aspect of their manufacturing business while constantly enhancing employee productivity and customer satisfaction. Go through this presentation to know the top reasons for moving to Dynamics 365FO.
NAC - A Solution for Disappearing Perimeter RiskNaut
Use of external portable devices by employees (BYOD) bypass the traditional multi-tier security. A case study on how Network Access Control (NAC) can be used as a solution to the disappearing perimeter.
Presenter: Rahul Desai
Data Security discusses about various practices, policies and security measures used for ensuring virtual and physical protection of a Data Center Facility
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
Presented @ 2016 ISA Process Control & Safety Symposium, November 10, 2016
The exchange of key information between business operations, suppliers, customers, production, and ultimately the production equipment itself can provide significant financial and productivity advantages. This presentation will discuss some practical approaches to utilizing the cyber security principles from ISA/IEC 62443 in order to integrate the business and production environments. It will also present some of the different solutions for meeting a variety of scenarios, such as data historians, patching/updating, and remote maintenance.
Cloak your critical industrial control systems before they get hackedTempered
Learn how cloaking allows you to safely connect your ICS networks and SCADA systems with end to end encryption. Easy to deploy, manage and maintain--without IT security skills.
The Biggest Mistake you can make with your Data Center LicensesIvanti
IT is spending more on software than ever before. This most likely leaves you looking for ways to make the most of the software licenses you already have. On top of that, increasingly complex data center environments compound spending on software assets. Limited visibility into those assets could expose your most valuable business-critical applications to significant risk and additional cost.
See how data center discovery ninja Matt Reardon, takes an aggressive approach to gain visibility on complex software licenses so you can start making the most of your IT investments.
IT Governance Roles and Data Governance - Hernan Huwyler - IT Governance for decisions, rights, and accoutnabilty
Funciones de gobierno de TI y gobierno de datos - Hernan Huwyler - Gobierno de TI para decisiones, derechos y responsabilidad
The GDPR requires organizations — both “data controllers” and “data processors” — to strengthen their data protection and security measures to protect the personally identifiable information (PII) of EU citizens, and to demonstrate their compliance at any time. See how Quest solutions can help make it easier to ensure that your customer on-premises, cloud or hybrid environment meets GDPR compliance requirements.
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
Donovan Tindall of Honeywell at the S4x15 Operations Technology Day (OTDay). A meaty, but practical technical session on how to use Active Directory to help manage and secure your ICS.
Integrating the Alphabet Soup of StandardsJim Gilsinn
Presented @ 2014 ICS Cyber Security Conference
October 21, 2014
It’s been over a year since the NIST Cybersecurity Framework and ISA-62443-3-3 were published, ISA-62443-2-1 has been out for almost 5 years, and ISO/IEC 27001 & 27002 have been out for nearly a decade. NIST has already started their process for revisions, ISA is actively working to overhaul 62443-2-1, and ISO/IEC just published a major revision to their standard. In addition to these cross-domain standards, there are a multitude of local and sector-specific standards as well. As a consultant, we are often asked to use one of these as a baseline to help our customers generate an ICS cyber security program. This presentation will discuss some of the strengths and weaknesses of these different standards and the effort to integrate them into a realistic set of ICS cyber security program requirements.
Most organizations have made significant investments in security controls to enable prevention and detection. But when incidents occur, is your firm able to quickly mitigate them? The best security teams are. And as a result their organizations can learn from them and improve their performance next time.
This webinar will review critical components of proper incident mitigation including:
- Conducting post mortem and updating SOPs
- Evaluating historical response performance
- Generating reports for management, auditors, and authorities
Our featured speakers for this webinar will be:
- Stephen Brennan, Global Technical Consulting Lead - Managing Partner, CSC
- Ted Julian, Chief Marketing Officer, Co3 Systems
Security and Compliance in Regulated IndustriesDreamforce
Healthcare, Financial Services, Government, and all other regulated industries move their data and apps to the cloud to run business faster. With more data unlocked to automate business, managing and tracking user access becomes a paramount task. Join security and compliance experts from Salesforce, Accenture, Deloitte, PWC and Workday to learn best practices on complying with data security and integrity standards in highly regulated industries.
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FONandita Nityanandam
In today's competitive landscape where manufacturers need to seamlessly connect devices, departments, and people across geographical boundaries, Dynamics 365, with new-age collaboration, productivity, and intelligence features, allows them to streamline every aspect of their manufacturing business while constantly enhancing employee productivity and customer satisfaction. Go through this presentation to know the top reasons for moving to Dynamics 365FO.
NAC - A Solution for Disappearing Perimeter RiskNaut
Use of external portable devices by employees (BYOD) bypass the traditional multi-tier security. A case study on how Network Access Control (NAC) can be used as a solution to the disappearing perimeter.
Presenter: Rahul Desai
Data Security discusses about various practices, policies and security measures used for ensuring virtual and physical protection of a Data Center Facility
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
Presented @ 2016 ISA Process Control & Safety Symposium, November 10, 2016
The exchange of key information between business operations, suppliers, customers, production, and ultimately the production equipment itself can provide significant financial and productivity advantages. This presentation will discuss some practical approaches to utilizing the cyber security principles from ISA/IEC 62443 in order to integrate the business and production environments. It will also present some of the different solutions for meeting a variety of scenarios, such as data historians, patching/updating, and remote maintenance.
Cloak your critical industrial control systems before they get hackedTempered
Learn how cloaking allows you to safely connect your ICS networks and SCADA systems with end to end encryption. Easy to deploy, manage and maintain--without IT security skills.
The Biggest Mistake you can make with your Data Center LicensesIvanti
IT is spending more on software than ever before. This most likely leaves you looking for ways to make the most of the software licenses you already have. On top of that, increasingly complex data center environments compound spending on software assets. Limited visibility into those assets could expose your most valuable business-critical applications to significant risk and additional cost.
See how data center discovery ninja Matt Reardon, takes an aggressive approach to gain visibility on complex software licenses so you can start making the most of your IT investments.
IT Governance Roles and Data Governance - Hernan Huwyler - IT Governance for decisions, rights, and accoutnabilty
Funciones de gobierno de TI y gobierno de datos - Hernan Huwyler - Gobierno de TI para decisiones, derechos y responsabilidad
The GDPR requires organizations — both “data controllers” and “data processors” — to strengthen their data protection and security measures to protect the personally identifiable information (PII) of EU citizens, and to demonstrate their compliance at any time. See how Quest solutions can help make it easier to ensure that your customer on-premises, cloud or hybrid environment meets GDPR compliance requirements.
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
Donovan Tindall of Honeywell at the S4x15 Operations Technology Day (OTDay). A meaty, but practical technical session on how to use Active Directory to help manage and secure your ICS.
Integrating the Alphabet Soup of StandardsJim Gilsinn
Presented @ 2014 ICS Cyber Security Conference
October 21, 2014
It’s been over a year since the NIST Cybersecurity Framework and ISA-62443-3-3 were published, ISA-62443-2-1 has been out for almost 5 years, and ISO/IEC 27001 & 27002 have been out for nearly a decade. NIST has already started their process for revisions, ISA is actively working to overhaul 62443-2-1, and ISO/IEC just published a major revision to their standard. In addition to these cross-domain standards, there are a multitude of local and sector-specific standards as well. As a consultant, we are often asked to use one of these as a baseline to help our customers generate an ICS cyber security program. This presentation will discuss some of the strengths and weaknesses of these different standards and the effort to integrate them into a realistic set of ICS cyber security program requirements.
Most organizations have made significant investments in security controls to enable prevention and detection. But when incidents occur, is your firm able to quickly mitigate them? The best security teams are. And as a result their organizations can learn from them and improve their performance next time.
This webinar will review critical components of proper incident mitigation including:
- Conducting post mortem and updating SOPs
- Evaluating historical response performance
- Generating reports for management, auditors, and authorities
Our featured speakers for this webinar will be:
- Stephen Brennan, Global Technical Consulting Lead - Managing Partner, CSC
- Ted Julian, Chief Marketing Officer, Co3 Systems
Security and Compliance in Regulated IndustriesDreamforce
Healthcare, Financial Services, Government, and all other regulated industries move their data and apps to the cloud to run business faster. With more data unlocked to automate business, managing and tracking user access becomes a paramount task. Join security and compliance experts from Salesforce, Accenture, Deloitte, PWC and Workday to learn best practices on complying with data security and integrity standards in highly regulated industries.
Deloitte Federal Technology Case Competition - Team PKSJohn Matthews
Our team presented a hybrid technology platform to a board of five Deloitte executives at a Temple University wide competition, finishing in second place overall.
Benoit Long, Senior Assistant Deputy Minister, Transformation, Service Strategy and Design at Shared Services Canada (SSC), provides an update on the Department’s transformation initiatives and share information on the SSC transformation model that will enable the government to generate savings, increase security, and improve services to Canadians. Mr. Long explains how engagement, within the Department, the government and with the industry, is intrinsic to harnessing a more effective technology platform for the Government of Canada and to SSC’s ability to achieve the desired outcomes.
Global research report exploring the drivers for and barriers to digital transformation in the public sector. Poses the 5 key questions every leader should be asking.
Find out more http://www2.deloitte.com/uk/en/pages/public-sector/articles/the-journey-to-governments-digital-transformation.html
Digital Government Transformation: The journey to government’s digital futureDeloitte United States
Deloitte’s global survey which includes responses from more than 1,200 government officials from over 70 countries and interviewed an additional 130 government leaders and digital experts to gain insight to the policies and practices affecting organizations’ “digital maturity”.
To read the full report, please visit: http://deloi.tt/1OcX9i3
PowerPoint Hacks for Rookies: 4 Must Consider Aspects24Slides
While there are many things you should consider to create a spectacular presentation, there are 4 non-negotiable aspects you should keep in mind first.
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Schneider Electric
As presented at AIST 2014: The proliferation of cyber threats and recent facts have prompted asset owners in industrial environments to search for security solutions that can protect plant assets and prevent potentially significant monetary loss and safety issues
While some industries have made progress in reducing the risk of cyber attacks, the barriers to improving cybersecurity remain high. More open architectures and different networks exchanging data among different levels have made systems more vulnerable to attack.
With the increased use of commercial off-the-shelf IT solutions in industrial environments, control system integrity started to be vulnerable to malware originally targeted for commercial applications and already opened a new world of new threats dedicated for control systems.
The objective of this presentation is to describe a multi-layered Defense-in-Depth approach through a holistic, step-by-step plan to mitigate risk.
Advanced IT and Cyber Security for Your BusinessInfopulse
Infopulse delivers advanced IT and cyber security and data protection services, ensuring financial, technical and strategic benefits for your business. Check out the presentation to learn more.
Cyber Security in the market place: HP CTO DaySymantec
Cyber Security in the market place overview presented at HP CTO Day,covering: the current cyber-security threats to Enterprise Businesses and Government Departments, along with the board-level concerns and priorities for investment in systems and services to protect and secure their information.
Effective Security Monitoring for IBM i: What You Need to KnowPrecisely
Defending against the increasing sophistication and complexity of today’s security threats requires a comprehensive, multi-layered approach. The key is to maximize the strength of each layer of your defenses, and then ask yourself “If this layer is breached, what do I have in place to prevent further damage?”
Even if you have implemented the proper layers of protection, effective security still requires a thoughtful and comprehensive approach to monitoring and reporting. Monitoring plays a critical role in any effective IT security strategy. It's like having a security guard constantly patrolling your digital infrastructure, vigilantly watching for suspicious activity and potential threats. Security monitoring allows you to detect threats as soon as possible, giving you a better chance of responding quickly and effectively.
Join us for this webinar we will cover:
• The best practices for monitoring your IBM i environment.
• The benefits of combining your IBM i monitoring with other IT systems
• A demonstration of a new Assure Security Monitoring and Reporting interface
This presentation from the NTXISSA June 2015 Lunch and Learn meeting covers: “Survival in an evolving threat landscape” and “How to talk security in the boardroom”
Studies have found that organized crime is increasingly targeting health care entities because health records are worth more and easier to obtain. UDT offers a complete spectrum of technical, professional and managed services to protect your organization’s ePHI and comply with regulations.
Discussses contemporary security challenges and explores how the zero trust approach can effectively overcome them. Additionally, I have outlined several use cases demonstrating how Azure services can be leveraged to implement zero trust principles.
Piotr Kędra – network consultant. Since 2007 Piotr has been working as Systems Engineer in Polish entity of Juniper Networks. He is responsible for network solutions for enterprise sector and technical support for channel. Previously he work in Solidex and NextiraOne as presales enginner. He participated in number of audits and many projects in area of LAN, WAN and network security.
Topic of Presentation: The role of information in modern security systems
Language: Polish
Abstract: TBD
The Crucial Role of IT Network Support Services.docxTheWalkerGroup1
Our IT network support services are essential for the smooth functioning and security of our business networks. We provide troubleshooting, maintenance, and monitoring to ensure uninterrupted operations and secure data management. Discover the benefits of our IT network support services at The Walker Group.
Government Webinar: Improving Security Compliance with IT Monitoring Tools SolarWinds
In this webinar SolarWinds and DH Technologies discussed how SolarWinds infrastructure monitoring tools can be used to help improve your agency’s IT security posture. We discussed how our solutions help manage and monitor network devices and their configurations to enhance risk management, IT security, and compliance. Discussions included simplifying day-to-day operations, increasing automation, and generating reports to help verify compliance and highlight violations.
During this interactive webinar, attendees learned about:
Leverage Network Configuration Manager (NCM) and Security Event Manager (SEM) (formerly Log & Event Manager) to verify that controls have been implemented correctly
Employ SEM, Network Performance Monitor, and NCM to monitor that controls are working as expected
Quickly and easily produce out-of-the-box compliance reports for DISA STIGS, FISMA, and more
Leverage Server Configuration Monitor (SCM) to track and get alerted when server configurations change
Information Technology Infrastructure Roundtable Meeting June 11th, 2014: Transformation Initiatives Update given by Grant Westcott of Shared Services Canada.
Information Technology Infrastructure Roundtable Meeting on June 11th, 2014: Update on priorities and activities presentation given by Liseanne Forand, President of Shared Services Canada.
SSC will collaborate with the 106 organizations listed in Schedule I, I.1 or II of the Financial Administration Act, other than Agents of Parliament, who will be part of this initiative to consolidate contracts where possible, to identify the best procurement options, and to ensure competitive and fair service arrangements are put in place with the private sector.
GTEC Presentation: “Future Role of the CIO” delivered by Sharon Squire, Executive Director, Service and GC 2.0 Policy and Community Enablement Division, Chief Information Officer Branch, Treasury Board Secretariat.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
Itir oct0714-network security-en
1. Shared Services Canada
Cyber and IT Security Framework
Presentation to the Information Technology Infrastructure
Roundtable
October 7, 2014
Benoît Long, Senior Assistant Deputy Minister, Transformation,
Service Strategy and Design, and Chair of the Architecture
Framework Advisory Committee
2. 2
• Integrated IT security
risk management
• Security through end-
to-end design
• Enhanced information
and system
protection
• Real-time detection of
security incidents
• Swift incident
response and
recovery
Current State End State Benefits
• One enterprise perimeter/border
defence services
• One enterprise standard secure
remote access solution
• One enterprise secret network to
enable collaboration
• Approximately 20,000 users
• Standardized enterprise SOC
with alternate site
• Coordinated proactive rapid
response and recovery
Cyber and IT Security:
Current-state and End-state Targets
• One enterprise device security
solution with data loss prevention
• 27 perimeter/border defence
services
• 22 different security remote access
solutions
• 32 isolated department-specific
secret networks
• 10,000 users
• Various maturity level Security
Operations Centres (SOC), some
with rudimentary services
• Reactive, slow and siloed response
to cyber threats
• 42-department device security
implementation with partial data
loss prevention services
• Enterprise robust IT security risk
management
• IT security integrated into the
design
• 42 department-specific IT security
risk-management approaches
• IT security as an “add-on”
CYBERSECURITYITSECURITYGCSECRET
IT
3. 3
Cyber and IT Security Framework
INFRASTRUCTURE
& DATA
• Aligned to Canada’s Cyber
Security Strategy (CCSS)
• Security and privacy built in as
part of end-to-end service
design
• Partnership with Treasury
Board Secretariat,
Communications Security
Establishment Canada and
Public Safety
Shared Services Canada is mandated to
protect the infrastructure and associated data-
in-transit, storage, and use.
OPERATE EVOLVE TRANSFORM
4. Cyber and IT Security Functions
4
PREVENTION
• Trusted infrastructure
products and services
through supply chain
integrity
• Cyber and IT security
(including privacy)
policies and standards
• Security awareness and
training
• Infrastructure protection
services
• Data protection services
• Identity, Credentials and
Access Management
services
• Secret infrastructure
services
• Business continuity and
emergency management
DETECTION
• Coordination of GC-
wide monitoring,
detection, identification,
prioritization and
reporting of IT security
incidents
• Automated, real-time
threat monitoring,
security information and
event management and
analysis
• Log analysis and
investigations
• Security and privacy
assessment
• Vulnerability
assessments
RESPONSE
• GC-wide coordination
and remediation of IT
security incidents
• Threat assessment and
situational reporting
• Coordination and
distribution of GC
product alerts, warnings
and advisories
• Forensics
• Software integrity
through security
configuration or
replacement
• Infrastructure integrity
through configuration or
replacement
RECOVERY
• Highly specialized IT
security incident
recovery services
• Mitigation advice and
guidance
• Vulnerability
remediation
• Post-incident analysis
SECURITY MANAGEMENT
Governance Innovation Engagement Risk Management
PREVENTION DETECTION RESPONSE RECOVERY
5. 5
Security Principles
Trusted equipment and services through supply chain integrity
Security and privacy by design to ensure that all aspects of security are
addressed as part of design, balancing service, security and savings
Gradual enhancement from a network-based security model to include
application and data-centric security – apply security controls as close to the
data as practical
Privileged access to data will be maintained and multi-tenancy will be built into
systems where sensitive data owned by one partner cannot be seen by
another partner or by unauthorized individuals.
Security breaches in one part of the infrastructure are quickly detected and
contained without spreading to other parts of the infrastructure.
Maintain and improve the security posture as part of moving to enterprise
services (i.e. don’t reduce security).
6. 6
Elaborate and define the functions as part of Shared Services Canada’s
enterprise services.
Develop a multi-year roadmap toward the implementation of the enterprise
services.
Develop associated organizational roles and responsibilities and a costing
framework.
Next Steps
