The continuous news of personal information stolen from major retailers and financial institutions have driven consumers and regulatory bodies to demand that more action be taken to ensure data protection and privacy. Regulations such as PCI DSS, HIPAA, GDPR, and FISMA require that personal data be protected against unauthorized access using technologies like encryption, tokenization, masking, secure file transfer and more.
With all the options available for securing IBM i data at rest and in motion, how do you know where to begin? View this webinar on-demand to get up to speed on the key concepts you need to know about assuring data privacy for your customers, business partners and employees. Topics include:
• Protecting data with encryption and the need for strong key management
• Use cases that are best for tokenization
• Options for permanently de-identifying data
• Securing data in motion across networks
Securing Sensitive IBM i Data At-Rest and In-MotionPrecisely
Driven by a continuous stream of news about personal information stolen from major retailers and financial institutions, consumers and regulatory bodies are demanding more in terms of data protection and privacy. Personal data protection is required by government and industry regulations such as PCI, HIPAA, GDPR, FISMA and more. Data encryption provides another layer of protection around IBM i Db2 columns that contain sensitive data, and it’s never been easier since the introduction of FIELDPROC in IBM i 7.1. Other solutions are also available to remove sensitive data from servers entirely and to secure data in motion.
View this 15-minute webcast on-demand and get up to speed on the key concepts you need to know to secure sensitive data on your IBM i servers, including topics such as:
• FIELDPROC encryption and key management
• Tokenization and anonymization
• Tools for securing data in motion
• Tradeoffs between do-it-yourself and third-party solutions
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationPrecisely
This document provides an overview of data encryption, tokenization, and anonymization techniques for protecting sensitive data. It discusses how encryption transforms readable data into unreadable ciphertext using encryption keys, while tokenization and anonymization replace sensitive values with substitute tokens. The document recommends using these techniques along with key management and access controls to comply with privacy regulations. It also describes how Syncsort products like Assure can help implement encryption, tokenization, access auditing, and key management on IBM i systems.
Protecting Sensitive Data using Encryption and Key ManagementStuart Marsh
The document discusses the importance of data encryption and key management to protect sensitive data. It notes that data breaches are increasing due to more interconnected systems and mobility. Various encryption techniques are described including AES, OpenPGP, SSL/TLS, and their use for encrypting databases, backups, and data in transit. Proper key management and compliance with standards like PCI DSS are also emphasized.
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationPrecisely
Regulatory bodies and consumers demand that personal data be secured against unauthorized access. Personal data protection is, in fact, required by government and industry regulations such as PCI, HIPAA, GDPR, FISMA and more. With all the options available for securing IBM i data at rest, how do you know which will best suit your needs? View this webinar on-demand to learn the basics about data encryption, tokenization and anonymization and when each should be used.
Topics include:
• Differences between encryption, tokenization and anonymization
• Pros and cons for each form of data protection
• Tips for using the various protection methods
• How Syncsort can help
This document provides a brief introduction to cryptography concepts for developers. It covers asymmetric (public key) encryption using mathematical problems like prime factorization or elliptic curves. It also discusses symmetric encryption, hashing, digital signatures, standards like SSL/TLS, and hardware security mechanisms like smart cards.
This document provides an overview of Chapter 1 of the CNIT 125 course on information security and CISSP preparation. Part 1 discusses security terms like the CIA triad of confidentiality, integrity and availability. It also covers security governance principles such as data classification, roles and responsibilities, and strategic/tactical/operational planning. Part 2 introduces several security control frameworks and standards for compliance, as well as legal/regulatory issues involving computer crime, liability, and intellectual property.
CISSP Prep: Ch 6. Identity and Access ManagementSam Bowne
This document summarizes different methods of identity and access management. It discusses four main types of authentication: something you know (e.g. passwords), something you have (e.g. tokens), something you are (e.g. biometrics), and somewhere you are (e.g. location). It also covers topics such as password hashing, multifactor authentication using technologies like Kerberos, centralized vs decentralized access control, single sign-on, and identity management standards including LDAP, SAML, and Kerberos.
Encryption: Who, What, When, Where, and Why It's Not a PanaceaResilient Systems
This document provides an overview of encryption and incident response management. It begins with an agenda for a presentation on encryption, practical considerations, and legal limitations. It then discusses cryptography concepts like encryption, decryption, and hashing. It covers the goals of cryptography including privacy, authentication, integrity and non-repudiation. Next, it discusses symmetric, asymmetric and hashing algorithms as well as encryption versus hashing. The document then covers practical considerations like key length, encryption in transit versus storage. It also discusses legal requirements for encryption in various jurisdictions and restrictions on encryption. Finally, it discusses secure implementation, key management, and incident response management.
Securing Sensitive IBM i Data At-Rest and In-MotionPrecisely
Driven by a continuous stream of news about personal information stolen from major retailers and financial institutions, consumers and regulatory bodies are demanding more in terms of data protection and privacy. Personal data protection is required by government and industry regulations such as PCI, HIPAA, GDPR, FISMA and more. Data encryption provides another layer of protection around IBM i Db2 columns that contain sensitive data, and it’s never been easier since the introduction of FIELDPROC in IBM i 7.1. Other solutions are also available to remove sensitive data from servers entirely and to secure data in motion.
View this 15-minute webcast on-demand and get up to speed on the key concepts you need to know to secure sensitive data on your IBM i servers, including topics such as:
• FIELDPROC encryption and key management
• Tokenization and anonymization
• Tools for securing data in motion
• Tradeoffs between do-it-yourself and third-party solutions
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationPrecisely
This document provides an overview of data encryption, tokenization, and anonymization techniques for protecting sensitive data. It discusses how encryption transforms readable data into unreadable ciphertext using encryption keys, while tokenization and anonymization replace sensitive values with substitute tokens. The document recommends using these techniques along with key management and access controls to comply with privacy regulations. It also describes how Syncsort products like Assure can help implement encryption, tokenization, access auditing, and key management on IBM i systems.
Protecting Sensitive Data using Encryption and Key ManagementStuart Marsh
The document discusses the importance of data encryption and key management to protect sensitive data. It notes that data breaches are increasing due to more interconnected systems and mobility. Various encryption techniques are described including AES, OpenPGP, SSL/TLS, and their use for encrypting databases, backups, and data in transit. Proper key management and compliance with standards like PCI DSS are also emphasized.
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationPrecisely
Regulatory bodies and consumers demand that personal data be secured against unauthorized access. Personal data protection is, in fact, required by government and industry regulations such as PCI, HIPAA, GDPR, FISMA and more. With all the options available for securing IBM i data at rest, how do you know which will best suit your needs? View this webinar on-demand to learn the basics about data encryption, tokenization and anonymization and when each should be used.
Topics include:
• Differences between encryption, tokenization and anonymization
• Pros and cons for each form of data protection
• Tips for using the various protection methods
• How Syncsort can help
This document provides a brief introduction to cryptography concepts for developers. It covers asymmetric (public key) encryption using mathematical problems like prime factorization or elliptic curves. It also discusses symmetric encryption, hashing, digital signatures, standards like SSL/TLS, and hardware security mechanisms like smart cards.
This document provides an overview of Chapter 1 of the CNIT 125 course on information security and CISSP preparation. Part 1 discusses security terms like the CIA triad of confidentiality, integrity and availability. It also covers security governance principles such as data classification, roles and responsibilities, and strategic/tactical/operational planning. Part 2 introduces several security control frameworks and standards for compliance, as well as legal/regulatory issues involving computer crime, liability, and intellectual property.
CISSP Prep: Ch 6. Identity and Access ManagementSam Bowne
This document summarizes different methods of identity and access management. It discusses four main types of authentication: something you know (e.g. passwords), something you have (e.g. tokens), something you are (e.g. biometrics), and somewhere you are (e.g. location). It also covers topics such as password hashing, multifactor authentication using technologies like Kerberos, centralized vs decentralized access control, single sign-on, and identity management standards including LDAP, SAML, and Kerberos.
Encryption: Who, What, When, Where, and Why It's Not a PanaceaResilient Systems
This document provides an overview of encryption and incident response management. It begins with an agenda for a presentation on encryption, practical considerations, and legal limitations. It then discusses cryptography concepts like encryption, decryption, and hashing. It covers the goals of cryptography including privacy, authentication, integrity and non-repudiation. Next, it discusses symmetric, asymmetric and hashing algorithms as well as encryption versus hashing. The document then covers practical considerations like key length, encryption in transit versus storage. It also discusses legal requirements for encryption in various jurisdictions and restrictions on encryption. Finally, it discusses secure implementation, key management, and incident response management.
For a college course at Coastline Community College taught by Sam Bowne. Details at https://samsclass.info/125/125_F17.shtml
Based on: "CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372
The document discusses point-to-point encryption (P2PE) and how it relates to the PCI Data Security Standard (PCI DSS). P2PE involves encrypting card data immediately at the point of interaction and decrypting it only within secure cryptographic devices. Implementing a validated P2PE solution can help merchants reduce the scope of their PCI DSS assessments. The document outlines the six domains of P2PE validation and explains how P2PE fits within the broader PCI standards framework.
Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Council takes a hard line on protecting cardholder data and describes specific methods to comply with its standards.
Attend this webinar to better understand methods that make data theft more difficult for attackers and render stolen data unusable.
Topics covered include:
• Properly protecting stored cardholder data - encryption, hashing, masking and truncation
• Securing data during transmission - using strong cipher suites, valid certificates, and strong TLS security
• How to identify and mitigate missing encryption
The document discusses various methods for assessing security controls and testing systems, including penetration testing, social engineering, vulnerability testing, security audits, and software testing methods. It covers topics like penetration testing tools and methodology, assuring data confidentiality, different types of audits, log reviews, software testing levels from unit to acceptance, fuzzing, misuse case testing, and analyzing security test outputs.
Thailand's National Digital ID Platform is an infrastructure for connecting all parties such as Relying Parties, Identity Provider,s Authoritative Sources and users to do authentication, consent, identify or sign electronically. This presentation update the progress of the technical team as of November 27, 2017
CNIT 125 7. Security Assessment and TestingSam Bowne
For a college course at Coastline Community College taught by Sam Bowne. Details at https://samsclass.info/125/125_F17.shtml
Based on: "CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372
Office 365 Security Features That Nonprofits Should Know and UseTechSoup
When it comes to email, document storage, and online browsing, security should be foremost. Join us for a 30-minute webinar where we will discuss how you can use built-in features of Office 365 to protect your organization. Learn how to protect your systems and keep data in the hands of only those users who need it.
This webinar is intended for organizations that already use Office 365, or those that want to better understand how Office 365 can keep their communications and data secure.
This chapter discusses security engineering concepts including security models, evaluation methods, and secure system design. It covers topics such as the Bell-LaPadula and Biba models, evaluation standards like TCSEC and Common Criteria, secure hardware architectures involving CPUs and memory protection, and virtualization and distributed computing concepts. The chapter aims to explain foundational principles for building secure systems and applications.
This document discusses various categories of law including criminal law, civil law, administrative law, customary law, religious law, mixed law, computer specific law, and intellectual property law. It provides definitions and key aspects of different types of intellectual property including copyright, patents, trademarks, trade secrets, industrial designs, geographical indications, and licensing. Major computer laws discussed include the Computer Fraud and Abuse Act, Computer Security Act, Federal Sentencing Guidelines, Government Information Security Reform Act, Federal Information Security Management Act, Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act, Payment Card Industry Data Security Standard, and Digital Millennium Copyright Act.
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionSachintha Gunasena
This series in about the Entrepreneurial and E-Commerce opportunities and how to harness the power of Information Technology to improve or revolutionize business.
This session discusses about:
the types of threats that could occur to an e-commerce business, and what are the prevention methods and technologies available for such threats.
CNIT 125 6. Identity and Access ManagementSam Bowne
For a college course at Coastline Community College taught by Sam Bowne. Details at https://samsclass.info/125/125_F17.shtml
Based on: "CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372
Moving to the Cloud: A Security and Hosting IntroductionBlackbaud
The document discusses security measures taken by Blackbaud to protect client data. It provides an overview of today's security landscape including recent high-profile data breaches. It then details Blackbaud's approach to security through technology, people, certifications, and processes. Technologies used include firewalls, access controls, password management and data center security. Blackbaud also focuses on security training for employees, partnerships with security firms, and certifications like PCI, SSAE16, SOC1/2 and ITIL. Rigorous security processes around patching, change management, incident response and testing are also described.
The document discusses protecting trade secrets and confidential information. It defines a trade secret under Minnesota law as information that is not generally known, provides economic value from secrecy, and reasonable efforts are made to maintain secrecy. The document outlines internal and external threats to trade secrets like departing employees and industrial espionage. It recommends using technology like data backup, firewalls, and access monitoring to help legally protect trade secrets and track unauthorized use.
This document discusses administrative security controls, forensics, incident response management, and continuity of operations. Some key points:
- Administrative controls include least privilege, separation of duties, and job rotation to mitigate fraud. Privilege monitoring scrutinizes account access.
- Forensics aims to preserve evidence and analyze systems and networks for legal purposes. It includes identification, acquisition, analysis and reporting of potential evidence.
- Incident response includes preparation, detection, response, mitigation, recovery and lessons learned. The goal is to quickly contain incidents and restore normal operations.
- Continuity of operations focuses on fault tolerance, backups, disaster recovery and maintaining service levels. It ensures critical business functions can
Introduction to the Application Security Verification Standard with attention to the requirements which caught my attention. Presentation from the JavaZone 2015 conference.
Slides for a CISSP prep course at City College San Francisco. Instructor: Sam Bowne
Based on: "CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372.
More information at https://samsclass.info/125/125_S18.shtml
How to protect your business telephony from cyber attacks - webinar 2017, Eng...Askozia
Voice-over-IP (VoIP) provides many new features over PSTN. However, the interconnection with your IT infrastructure also carries risks affecting the security and integrity of your IP services. As IT networks are targeted by attackers, insufficient prevention can endanger not only your network but your telecommunication infrastructure that is build on top of it. This paper aims to educate about possible risks, common attacks and how to prevent them from being successful.
The document discusses physical security for facilities. It covers topics like critical path analysis, threats to organizations, physical security program goals, crime prevention through environmental design strategies, construction materials for security, entry point types, access control methods, motion detectors, electric power protection, and common power issues. The overall goal is to outline approaches to protect human life and critical assets through deterrence, detection, and delay of threats using environmental and technical security controls.
Futurex Slides at ACI Exchange 2013, BostonGreg Stone
Futurex is an innovative leader in encryption solutions, providing hardware-based encryption products for over 30 years to over 15,000 customers worldwide. Their entrepreneurial engineering team develops solutions like the Enterprise Security Platform for encryption, key management, PIN and tokenization services, and mobile payment security. The document also describes the Futurex Securus tablet for remote hardware security module configuration, and the Guardian9000 cloud-based key management solution.
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Precisely
The document discusses protecting sensitive data on IBM i systems. It provides an agenda for a webcast covering key concepts for protecting IBM i data privacy including encryption, tokenization, and secure file transfer. It will also introduce the Assure Security solution from Precisely for IBM i compliance and security. The webcast includes segments on protecting data privacy, demonstrating Assure Security, and a question and answer period.
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
The document discusses best practices for encrypting and managing encryption keys in the cloud. It recommends storing keys separately from encrypted data, under the control of the cloud customer, to comply with regulations like COBIT, PCI, HIPAA, and SOX. The document analyzes options for storing keys on-premises, with a SaaS or IaaS key management service, noting tradeoffs around security, availability, and legal compliance. Enterprises must evaluate their risk tolerance and audit needs to select the best key management solution.
For a college course at Coastline Community College taught by Sam Bowne. Details at https://samsclass.info/125/125_F17.shtml
Based on: "CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372
The document discusses point-to-point encryption (P2PE) and how it relates to the PCI Data Security Standard (PCI DSS). P2PE involves encrypting card data immediately at the point of interaction and decrypting it only within secure cryptographic devices. Implementing a validated P2PE solution can help merchants reduce the scope of their PCI DSS assessments. The document outlines the six domains of P2PE validation and explains how P2PE fits within the broader PCI standards framework.
Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Council takes a hard line on protecting cardholder data and describes specific methods to comply with its standards.
Attend this webinar to better understand methods that make data theft more difficult for attackers and render stolen data unusable.
Topics covered include:
• Properly protecting stored cardholder data - encryption, hashing, masking and truncation
• Securing data during transmission - using strong cipher suites, valid certificates, and strong TLS security
• How to identify and mitigate missing encryption
The document discusses various methods for assessing security controls and testing systems, including penetration testing, social engineering, vulnerability testing, security audits, and software testing methods. It covers topics like penetration testing tools and methodology, assuring data confidentiality, different types of audits, log reviews, software testing levels from unit to acceptance, fuzzing, misuse case testing, and analyzing security test outputs.
Thailand's National Digital ID Platform is an infrastructure for connecting all parties such as Relying Parties, Identity Provider,s Authoritative Sources and users to do authentication, consent, identify or sign electronically. This presentation update the progress of the technical team as of November 27, 2017
CNIT 125 7. Security Assessment and TestingSam Bowne
For a college course at Coastline Community College taught by Sam Bowne. Details at https://samsclass.info/125/125_F17.shtml
Based on: "CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372
Office 365 Security Features That Nonprofits Should Know and UseTechSoup
When it comes to email, document storage, and online browsing, security should be foremost. Join us for a 30-minute webinar where we will discuss how you can use built-in features of Office 365 to protect your organization. Learn how to protect your systems and keep data in the hands of only those users who need it.
This webinar is intended for organizations that already use Office 365, or those that want to better understand how Office 365 can keep their communications and data secure.
This chapter discusses security engineering concepts including security models, evaluation methods, and secure system design. It covers topics such as the Bell-LaPadula and Biba models, evaluation standards like TCSEC and Common Criteria, secure hardware architectures involving CPUs and memory protection, and virtualization and distributed computing concepts. The chapter aims to explain foundational principles for building secure systems and applications.
This document discusses various categories of law including criminal law, civil law, administrative law, customary law, religious law, mixed law, computer specific law, and intellectual property law. It provides definitions and key aspects of different types of intellectual property including copyright, patents, trademarks, trade secrets, industrial designs, geographical indications, and licensing. Major computer laws discussed include the Computer Fraud and Abuse Act, Computer Security Act, Federal Sentencing Guidelines, Government Information Security Reform Act, Federal Information Security Management Act, Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act, Payment Card Industry Data Security Standard, and Digital Millennium Copyright Act.
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionSachintha Gunasena
This series in about the Entrepreneurial and E-Commerce opportunities and how to harness the power of Information Technology to improve or revolutionize business.
This session discusses about:
the types of threats that could occur to an e-commerce business, and what are the prevention methods and technologies available for such threats.
CNIT 125 6. Identity and Access ManagementSam Bowne
For a college course at Coastline Community College taught by Sam Bowne. Details at https://samsclass.info/125/125_F17.shtml
Based on: "CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372
Moving to the Cloud: A Security and Hosting IntroductionBlackbaud
The document discusses security measures taken by Blackbaud to protect client data. It provides an overview of today's security landscape including recent high-profile data breaches. It then details Blackbaud's approach to security through technology, people, certifications, and processes. Technologies used include firewalls, access controls, password management and data center security. Blackbaud also focuses on security training for employees, partnerships with security firms, and certifications like PCI, SSAE16, SOC1/2 and ITIL. Rigorous security processes around patching, change management, incident response and testing are also described.
The document discusses protecting trade secrets and confidential information. It defines a trade secret under Minnesota law as information that is not generally known, provides economic value from secrecy, and reasonable efforts are made to maintain secrecy. The document outlines internal and external threats to trade secrets like departing employees and industrial espionage. It recommends using technology like data backup, firewalls, and access monitoring to help legally protect trade secrets and track unauthorized use.
This document discusses administrative security controls, forensics, incident response management, and continuity of operations. Some key points:
- Administrative controls include least privilege, separation of duties, and job rotation to mitigate fraud. Privilege monitoring scrutinizes account access.
- Forensics aims to preserve evidence and analyze systems and networks for legal purposes. It includes identification, acquisition, analysis and reporting of potential evidence.
- Incident response includes preparation, detection, response, mitigation, recovery and lessons learned. The goal is to quickly contain incidents and restore normal operations.
- Continuity of operations focuses on fault tolerance, backups, disaster recovery and maintaining service levels. It ensures critical business functions can
Introduction to the Application Security Verification Standard with attention to the requirements which caught my attention. Presentation from the JavaZone 2015 conference.
Slides for a CISSP prep course at City College San Francisco. Instructor: Sam Bowne
Based on: "CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372.
More information at https://samsclass.info/125/125_S18.shtml
How to protect your business telephony from cyber attacks - webinar 2017, Eng...Askozia
Voice-over-IP (VoIP) provides many new features over PSTN. However, the interconnection with your IT infrastructure also carries risks affecting the security and integrity of your IP services. As IT networks are targeted by attackers, insufficient prevention can endanger not only your network but your telecommunication infrastructure that is build on top of it. This paper aims to educate about possible risks, common attacks and how to prevent them from being successful.
The document discusses physical security for facilities. It covers topics like critical path analysis, threats to organizations, physical security program goals, crime prevention through environmental design strategies, construction materials for security, entry point types, access control methods, motion detectors, electric power protection, and common power issues. The overall goal is to outline approaches to protect human life and critical assets through deterrence, detection, and delay of threats using environmental and technical security controls.
Futurex Slides at ACI Exchange 2013, BostonGreg Stone
Futurex is an innovative leader in encryption solutions, providing hardware-based encryption products for over 30 years to over 15,000 customers worldwide. Their entrepreneurial engineering team develops solutions like the Enterprise Security Platform for encryption, key management, PIN and tokenization services, and mobile payment security. The document also describes the Futurex Securus tablet for remote hardware security module configuration, and the Guardian9000 cloud-based key management solution.
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Precisely
The document discusses protecting sensitive data on IBM i systems. It provides an agenda for a webcast covering key concepts for protecting IBM i data privacy including encryption, tokenization, and secure file transfer. It will also introduce the Assure Security solution from Precisely for IBM i compliance and security. The webcast includes segments on protecting data privacy, demonstrating Assure Security, and a question and answer period.
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
The document discusses best practices for encrypting and managing encryption keys in the cloud. It recommends storing keys separately from encrypted data, under the control of the cloud customer, to comply with regulations like COBIT, PCI, HIPAA, and SOX. The document analyzes options for storing keys on-premises, with a SaaS or IaaS key management service, noting tradeoffs around security, availability, and legal compliance. Enterprises must evaluate their risk tolerance and audit needs to select the best key management solution.
Essential Layers of IBM i Security: File and Field SecurityPrecisely
Numerous regulations require that sensitive data is protected and cannot be seen by unauthorized individuals, whether internal or external. Learn the keys to protecting files and data on the IBM i.
IBM i is securable BUT not secured by default. To help protect your organization from the increasing security threats, you must take control of all access points to your IBM i server. You can limit IBM i security threats by routinely assessing your risks and taking control of logon security, powerful authorities, and system access.
With the right tools and process, you can assure comprehensive control of unauthorized access and can trace any activity, suspicious or otherwise, on your IBM i systems.
Watch this on-demand webcast to learn:
• How to secure network access and communication ports
• How to implement different authentication options and tradeoffs
• How to limit the number of privileged user accounts
• How Precisely’s Assure Security can help
Encryption and Tokenization: Friend or Foe?Zach Gardner
As one of the industry’s leading experts on both encryption and tokenization, Gary Palgon, CISSP, revisits this intriguing topic and addresses the effect of current issues on these technologies. For the full webinar please visit: http://liaison.com/resource-center/webinars?commid=79123
Slides with our notes can be found here:
http://www.josephwojowski.com/conference-presentations.html
#ATA58 LSC-10 presentation on data security for project managers by Alaina Brantner and Joseph Wojowski.
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
This document summarizes a presentation on IoT security good practices. It discusses various types of invasive and non-invasive attacks on IoT devices, as well as solutions to improve security such as adding a secure element, using an MCU's security features, and risk management practices. Cryptography methods that can be used for authentication, encryption and integrity are explained. The document also covers topics like secure boot, secure storage, secure communications, and the importance of security over the entire product lifecycle. Recommendations are made to design fortified products, understand risks, use security features and tools, and work with trusted partners.
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredPrecisely
The California Consumer Privacy Act (CCPA) takes effect on January 1, 2020, mandating that data about consumers be protected against a breach. If your IBM i system contains data for consumers from the state of California, the time to prepare is now.
In this webinar featuring well-known IBM i encryption expert Patrick Townsend, we share information that will help you prepare for CCPA compliance, including:
• Consumer rights granted by CCPA
• Hardening systems to prevent a breach
• Obscuring data to prevent exposure
• How Syncsort can help
CCPA is almost here. View this webinar on-demand and get started down the path to compliance!
Understanding Zero Trust Security for IBM iPrecisely
As security threats continue to evolve and increase, companies need to also adapt their approach to IT security. One important concept that is gaining in popularity and adoption is zero trust security. The main concept behind the zero trust security model is "never trust, always verify,” which means that devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified.
Zero Trust means moving beyond a perimeter security strategy. As companies offer customers and business partners new digital experiences and processes, networks can be local, in the cloud, or a combination or hybrid with resources anywhere as well as workers in any location. This dynamic is impacting IBM i customers and zero trust security is an important element of a modern security strategy.
Join us for this webcast to hear about:
• Understanding zero trust security concepts
• Zero trust security in the real world
• Zero trust security for IBM i environments
Learning about Security and Compliance in Office 365Aptera Inc
This document discusses security and compliance capabilities in Office 365. It begins with an overview of common compliance regulations businesses face regarding transparency, privacy, and legal issues. It then outlines how Office 365 can meet requirements of regulations in healthcare, high-tech, and finance. Specific Office 365 security features are presented such as multi-factor authentication and encryption of email and files. The presentation concludes with a recommended action plan for organizations to evaluate their compliance needs and Office 365's capabilities to address them.
Regulatory compliance mandates have historically focused on IT & endpoint security as the primary means to protect data. However, as our digital economy has increasingly become software dependent, standards bodies have dutifully added requirements as they relate to development and deployment practices. Enterprise applications and cloud-based services constantly store and transmit data; yet, they are often difficult to understand and assess for compliance.
This webcast will present a practical approach towards mapping application security practices to common compliance frameworks. It will discuss how to define and enact a secure, repeatable software development lifecycle (SDLC) and highlight activities that can be leveraged across multiple compliance controls. Topics include:
* Consolidating security and compliance controls
* Creating application security standards for development and operations teams
* Identifying and remediating gaps between current practices and industry accepted "best practices”
What Does a Full Featured Security Strategy Look Like?Precisely
In today’s IT world, the threats from bad actors are increasing and the negative impacts of a data breach continue to rise. Responsible enterprises have an obligation to handle the personal data of their customers with care and protect their company’s information with all the tools at their disposal.
For IBM i customers, this includes system settings, company-wide security protocols and the strategic use of additional third-party solutions. These solutions should include things like multi factor authentication (MFA), auditing and SEIM features, access control, authority elevation, and more. In this presentation, we will help you understand how all these elements can work together to create an effective, comprehensive IBM i security environment.
Watch this on-demand webinar to learn about:
• taking a holistic approach to IBM i Security
• what to look for when you consider adding a security product to your IBM i IT infrastructure.
• the components to consider a comprehensive, effective security strategy
• how Precisely can help
Encryption is widely used by companies to secure sensitive data. It comes in different varieties and purposes. There's symmetric vs asymmetric encryption, there's encryption at rest, in transit and in use, there's TDE vs record-level encryption vs column/field level encryption, and then there's key-encryption (wrapping). All of these varieties serve different purposes and use-cases that we review - from the point of view of an infosec person, a sysadmin, a developer and an architect.
Securing Data Across the Extended EnterpriseZach Gardner
This document discusses securing data across extended enterprises and common solutions for doing so. It provides an overview of regulatory pressures from laws and standards that drive compliance requirements around data security. Various business drivers for data protection from government regulations, industries, and companies are outlined. Common interactions with business partners are described that involve the exchange of sensitive data. The need for secure exchange methods is discussed given the increased electronic exchange of information. Different options for secure transport and payloads are summarized, including protocols like SFTP, HTTPS, AS2, and encryption standards like PGP and SMIME.
Controlling Access to IBM i Systems and DataPrecisely
Security best practice and regulations such as SOX, HIPAA, GDPR and others require you to restrict access to your critical IBM i systems and their data, but this is easier said than done. Legacy, proprietary access protocols now co-exist with new, open-source protocols to create access control headaches.
View this webcast on-demand for an in-depth discussion of IBM i access points that must be secured and how exit points can be leveraged to accomplish the task. We’ll cover:
• Securing network access and communication ports
• How database access via open-source protocols can be secured
• Taking control of command execution
PCI stands for “Payment Card Industry”. which is comprised of representatives from the major card brands (Visa, MasterCard, American Express, Discover, JCB etc.) who came together to set minimum security requirements for protecting cardholder data.
To achieve this, they wrote a framework of security controls known as the PCI DSS. They wrote a number of other directives but this is the main one that applies to the majority of businesses.
The PCI DSS consists of six goals, 12 requirements and 286 controls and must be implemented by any business that processes, stores or transmits credit or debit card holder data. The requirement for PCI DSS compliance is stated in your agreement with the bank that issues you a merchant identification. Your business is required to certify compliance to your bank upon achieving it and annually thereafter. The banks report your compliance to the PCI SCC and can issues fines for non-compliance.
This document discusses three key areas of preparation for effective incident response: preparing the organization, preparing the incident response team, and preparing the infrastructure. It provides details on identifying risks, policies to promote successful IR, educating users, defining the IR team mission, training the team, equipping the team, asset management, hardening hosts, implementing centralized logging, network segmentation, access controls, and documentation. The overall goal is to outline steps organizations can take before an incident occurs to facilitate rapid identification, containment, eradication and recovery.
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
Avoid security blind spots with an enterprise-wide view.
If your organization relies on Splunk as its security nerve center, you can’t afford to leave out your mainframes.
They work with the rest of your IT infrastructure to support critical business applications–and they need to be
viewed in that wider context to address potential security blind spots.
Although the importance of including mainframe data in Splunk is undeniable, many organizations have left it out
because Splunk doesn’t natively support IBM Z® environments. Learn how Precisely Ironstream can help with a
straight-forward, powerful approach for integrating your mainframe security data into Splunk, and making it actionable
once it’s there.
This technical brief will define the requirements for a robust key management system, explain why traditional key management architectures do not fully meet these requirements, and introduce a new architecture that uniquely meets all the requirements for an effective enterprise key management system.
CNIT 160 4e Security Program Management (Part 5)Sam Bowne
This document provides an overview of topics related to information security program development and management, including security program operations, secure engineering and development, network protection, endpoint protection and management, and identity and access management. It discusses key concepts for each topic such as firewalls, intrusion prevention systems, malware prevention techniques, and centralized identity and access management. The document also outlines processes for managing access governance, conducting privileged account audits, and performing user behavior analytics.
Similar to Key Concepts for Protecting the Privacy of IBM i Data (20)
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
AI-Ready Data - The Key to Transforming Projects into Production.pptxPrecisely
Moving AI projects from the laboratory to production requires careful consideration of data preparation. Join us for a fireside chat where industry experts, including Antonio Cotroneo (Director, Product Marketing, Precisely) and Sanjeev Mohan (Principal, SanjMo), will discuss the crucial role of AI-ready data in achieving success in AI projects. Gain essential insights and considerations to ensure your AI solutions are built on a solid foundation of accurate, consistent, and context-rich data. Explore practical insights and learn how data integrity drives innovation and competitive advantage. Transform your approach to AI with a focus on data readiness.
Building a Multi-Layered Defense for Your IBM i SecurityPrecisely
In today's challenging security environment, new vulnerabilities emerge daily, leaving even patched systems exposed. While IBM works tirelessly to release fixes as they discover vulnerabilities, bad actors are constantly innovating. Don't settle for reactive defense – secure your IT with a layered approach!
This holistic strategy builds multiple security walls, making it far harder for attackers to breach your defenses. Even if a certain vulnerability is exploited, one of the controls could stop the attack or at least delay it until you can take action.
Join us for this webcast to hear about:
• How security risks continue to evolve and change
• The importance of keeping all your systems patched an up-to-date
• A multi-layered approach to network, system object and data security
Navigating the Cloud: Best Practices for Successful MigrationPrecisely
In today's digital landscape, migrating workloads and applications to the cloud has become imperative for businesses seeking scalability, flexibility, and efficiency. However, executing a seamless transition requires strategic planning and careful execution. Join us as we delve into the insightful insights around cloud migration, where we will explore three key topics:
i. Considerations to take when planning for cloud migration
ii. Best practices for successfully migrating to the cloud
iii. Real-world customer stories
Unlocking the Power of Your IBM i and Z Security Data with Google ChroniclePrecisely
In today's ever-evolving threat landscape, any siloed systems, or data leave organizations vulnerable. This is especially true when mission-critical systems like IBM i and IBM Z mainframes are not included in your security planning. Valuable security data from these systems often remains isolated, hindering your ability to detect and respond to threats effectively.
Ironstream and bridge this gap for IBM systems by integrating the important security data from these mission-critical systems into Google Chronicle where it can be seen, analyzed and correlated with the data from other enterprise systems Here's what you'll learn:
• The unique challenges of securing IBM i and Z mainframes
• Why traditional security tools fall short for mainframe data
• The power of Google Chronicle for unified security intelligence
• How to gain comprehensive visibility into your entire IT ecosystem
• Real-world use cases for integrating IBM i and Z security data with Google Chronicle
Join us for this webcast to hear about:
• The unique challenges of securing IBM i and IBM Z systems
• Real-world use cases for integrating IBM i and IBM Z security data with Google Chronicle
• Combining Ironstream and Google Chronicle to deliver faster threat detection, investigation, and response times
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
Are you considering leveraging the cloud alongside your existing IBM AIX and IBM I systems infrastructure? There are likely benefits to be realized in scalability, flexibility and even cost.
However, to realize these benefits, you need to be aware of the challenges and opportunities that come with integrating your IBM Power Systems in the cloud. These challenges range from data synchronization to testing to planning for fallback in the event of problems.
Join us for this webcast to hear about:
• Seamless migration strategies
• Best practices for operating in the cloud
• Benefits of cloud-based HA/DR for IBM AIX and IBM i
Crucial Considerations for AI-ready Data.pdfPrecisely
This document discusses the importance of ensuring data is ready for AI applications. It notes that while most businesses invest in AI, only 4% of organizations say their data is truly AI-ready. It identifies several issues that can arise from using bad data for AI, including bias, poor performance, and inaccurate predictions. The document advocates for establishing strong data governance, quality practices, and integration capabilities to address issues like completeness, validity, and bias. It provides examples of how two companies leveraged these approaches to enhance their AI and machine learning models. The document emphasizes that achieving trusted AI requires a focus on data integrity throughout the data journey from generation to activation.
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
This document discusses how to empower businesses through worry-free data processing. Key steps include collecting and organizing relevant business data, developing efficient processes for analyzing and interpreting the data, and using insights from the data to help businesses make better decisions and improve their operations in a sustainable way over time.
It can be challenging display and share capacity data that is meaningful to end users. There is an overabundance of data points related to capacity, and the summarization of this data is difficult to construct and display.
You are already spending time and money to handle the critical need to manage systems capacity, performance and estimate future needs. Are you it spending wisely? Are you getting the level of results from your investment that you really need? Can you prove it?
The good news is that the return on investment of implementing capacity management and capacity planning is most definitely positive and provable, both in terms of tangible monetary value and in some less tangible but no-less-valuable benefits.
Join us for this webinar and learn:
• Top Trends in Capacity Management
• Common customer pain points
• Ways to demonstrate these benefits to your company
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Precisely
Ready to improve efficiency, provide easy to use data automations and take materials master (MM) data maintenance to the next level?
Find out how during our Automate Studio training on March 28 – led by Sigrid Kok, Principal Sales Engineer, and Isra Azam, Sales Engineer, at Precisely.
This session’s for you if you want to discover the best approaches for creating, extending or maintaining different types of materials, as well as automating the tricky parts of these processes that slow you down.
Greater control over your Automate Studio business processes means bigger, better results. We’ll show you how to enable your business users to interact with SAP from Microsoft Office and other familiar platforms – resulting in more efficient SAP data management, along with improved data integrity and accuracy.
This 90-minute session will be filled with a variety of topics, including:
real world approaches for creating multiple types of materials, balancing flexibility and power with simplicity and ease of use
tips on material creation, including
downloading the generated material number
using formulas to format prior to upload, such as capitalization or zero padding to make it easy to get the data right the first time
conditionally require fields based on other field entries
using LOV for fields that are free form entry for standard values
tips on modifying alternate units of measure, building from scratch using GUI scripting
modify multiple language descriptions, build from scratch using a standard BAPI
make end-to-end MM process flows more of a reality with features including APIs and predictive AI
Through these topics, you’ll gain plenty of actionable takeaways that you can start implementing right away – including how to:
improve your data integrity and accuracy
make scripts flexible and usable for automation users
seamlessly handle both simple and complex parts of material master
interact with SAP from both business user and script developers’ perspectives
easily upload and download data between SAP and Excel – and how to format the data before upload using simple formulas
You’ll leave this session feeling ready and empowered to save time, boost efficiency, and change the way you work.
Automate Studio reduces your dependency on technical resources to help you create automation scenarios – and our team of experts is here to make sure you get the most out of our solution throughout the journey.
Questions? Sigrid & Isra will be ready to answer them during a live Q&A at the end of the session.
Who should attend:
Attendees who will get the most out of this session are Automate Studio developers and runners familiar with SAP MM. Knowledge of Automate Studio script creation is nice to have, but not required.
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Precisely
Join us for an insightful roundtable discussion featuring experts from AWS, Confluent, and Precisely as they delve into the complexities and opportunities of migrating mainframe data to the cloud.
In this engaging webinar, participants will learn about the various considerations, strategies, and customer challenges associated with replicating mainframe data to cloud environments.
Our panelists will share practical insights, real-world experiences, and best practices to help organizations successfully navigate this transformative journey.
Whether you're considering migrating and modernizing your mainframe applications to cloud, or augmenting mainframe-based applications with data replication to cloud, this roundtable will provide valuable perspectives and insights to maximize the benefits of migrating mainframe data to the cloud.
Join us on March 27 to gain a deeper understanding of the opportunities and challenges in this evolving landscape.
Data Innovation Summit: Data Integrity TrendsPrecisely
Data integrity remains an evolving process of discovery, identification, and resolution. With an all-time low in public confidence on data being used for decision-making, attention has gradually shifted to data quality and data integration across multiple systems and frameworks. Data integrity becomes a focal point again for companies to make strategic moves in a world facing an evolving economy.
Key takeaways:
· How to build a data-driven culture within your organization
· Tips to engage with key stakeholders in your business and examples from other businesses around the world
· How to establish and maintain a business-first approach to data governance
· A summary of the findings from a recent survey of global data executives by Drexel University's LeBow College of Business
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
Artificial Intelligence (AI) has become a strategic imperative in a rapidly evolving business landscape. However, the rush to embrace AI comes with risks, as illustrated by instances of AI-generated content with fake citations and potentially dangerous recommendations. The critical factor underpinning trustworthy AI is data integrity, ensuring data is accurate, consistent, and full of rich context.
Attend our upcoming webinar, "AI You Can Trust: Ensuring Success with Data Integrity," as we explore organizational challenges in maintaining data integrity for AI applications and real-world use cases showcasing the transformative impact of high-integrity data on AI success.
During this panel discussion, we'll highlight everything from personalized recommendations and AI-powered workflows to machine learning applications and innovative AI assistants.
Key Topics:
AI Use Cases with Data Integrity: Discover how data integrity shapes the success of AI applications through six compelling use cases.
Solving AI Challenges: Uncover practical solutions to common AI challenges such as bias, unreliable results, lack of contextual relevance, and inadequate data security.
Three Considerations of Data Integrity for AI: Learn the essential pillars—complete, trusted, and contextual—that underpin data integrity for AI success.
Precisely and AWS Partnership: Explore how the collaboration between Precisely and Amazon Web Services (AWS) addresses these challenges and empowers organizations to achieve AI-ready data.
Join our panelists to unlock the full potential of AI by starting your data integrity journey today. Trust in AI begins with trusted data – let's future-proof your AI together.
Less Bias. More Accurate. Relevant Outcomes.
Things to Consider When Choosing a Website Developer for your Website | FODUUFODUU
Choosing the right website developer is crucial for your business. This article covers essential factors to consider, including experience, portfolio, technical skills, communication, pricing, reputation & reviews, cost and budget considerations and post-launch support. Make an informed decision to ensure your website meets your business goals.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
CAKE: Sharing Slices of Confidential Data on BlockchainClaudio Di Ciccio
Presented at the CAiSE 2024 Forum, Intelligent Information Systems, June 6th, Limassol, Cyprus.
Synopsis: Cooperative information systems typically involve various entities in a collaborative process within a distributed environment. Blockchain technology offers a mechanism for automating such processes, even when only partial trust exists among participants. The data stored on the blockchain is replicated across all nodes in the network, ensuring accessibility to all participants. While this aspect facilitates traceability, integrity, and persistence, it poses challenges for adopting public blockchains in enterprise settings due to confidentiality issues. In this paper, we present a software tool named Control Access via Key Encryption (CAKE), designed to ensure data confidentiality in scenarios involving public blockchains. After outlining its core components and functionalities, we showcase the application of CAKE in the context of a real-world cyber-security project within the logistics domain.
Paper: https://doi.org/10.1007/978-3-031-61000-4_16
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Choosing The Best AWS Service For Your Website + API.pptx
Key Concepts for Protecting the Privacy of IBM i Data
1. Key Concepts for Protecting
the Privacy of IBM i Data
1
Patrick Townsend
Founder and CEO,
Townsend Security
Becky Hjellming
Senior Director, Product Marketing,
Syncsort
2. Housekeeping
Webcast Audio
• Today’s webcast audio is streamed through your computer speakers.
• If you need technical assistance with the web interface or audio,
please reach out to us using the chat window.
Questions Welcome
• Submit your questions at any time during the presentation
using the chat window.
• We will answer them during our Q&A session following the
presentation.
Recording and slides
• This webcast is being recorded. You will receive an
email following the webcast with a link to download
both the recording and the slides.
Patrick
Townsend
Becky
Hjellming
2
3. Protecting data is fundamental to your business
• Customers, partners and employees trust you to prevent breaches
• Your business suffers negative publicity if breached
Regulations require that personally identifiable information (PII), payment
card information (PCI) and personal health information (PHI) be encrypted
• HIPAA
• GDPR
• PCI DSS
Data could be compromised from the inside or outside
• Users should see only the data they need as part of their jobs
• Data must be protected from internal staff, contractors and business
partners – as well as criminal intruders
Data Privacy Is Essential
• State privacy laws
• And more
3
4. Health Insurance
Portability and
Accountability Act (HIPAA)
4
Scope of Regulation
Originally enacted August 21, 1996
Establishes US national standards for
electronic health care transactions and
national identifiers for providers, health
insurance plans, and employers
HITECH Act builds on HIPAA data security
standard
Cybersecurity Requirements
• Access control
• Electronic healthcare information protection
• Many references to NIST standards for
encryption and key management
• Guidance on key management
recommends NIST FIPS 140-2
• Protection of data in motion
• Monitoring of logins and system accesses
• Policies for reporting breaches
The only safe harbor from
breach notification is
encryption
5. California
Consumer Privacy Act
(CCPA)
5
Scope of Regulation
Enforcement date: January 1, 2020
Provides California citizen with the right to see
the personal data being collected about them,
know whether their information is being sold,
and request that their data be deleted
Applies to organizations that collect personal
information about California citizens, or on
the behalf of which information is collected,
and meets certain thresholds for gross
revenue and consumer records buys, sells or
shares consumer information
Cybersecurity Requirements
• Audit interaction with consumer data
• Detect security incidents
• Pseudonymize personal information
• Deidentify personal information used in
aggregate
• Access controls for data
6. Payment Card Industry
Data Security Standard
(PCI DSS)
6
Scope of Regulation
V1 released on December 15, 2004
Information security standard for
organizations that handle branded credit
cards from the major card schemes
Created to increase controls around
cardholder data to reduce credit card fraud
Validation of compliance is required annually
Cybersecurity Requirements
• Firewalls
• Password security
• Multi-factor authentication
• System and data access restrictions
• Cardholder data protection
• Encryption of data in motion
• Encryption key management
• Monitoring of network and data access
• Regular security testing
8. • Encryption transforms readable information into an unreadable format
(or “cyphertext”)
• Encryption is based on proven, well-known algorithms
• The best encryption algorithms are open and vetted
• Common algorithms include AES, RSA, Triple DES and others
• Algorithms are continuously scrutinized and attempts are made to
break them
• Algorithms rely on secret “keys” for encrypting/decrypting data
• The best encryption solutions are independently certified to validate
compliance with standards (e.g. NIST)
• The encryption algorithm is never the secret, but the encryption keys must
be kept secret
Encryption is mature science
that has been used for thousands of years
What Is Encryption?
8
9. Encryption Key Management
Is Critical
• Hackers don’t break encryption algorithms – they find the keys
• Encryption keys are THE secret that must be protected since
the algorithms are public
• Compliance regulations (PCI, HIPAA, GLBA/FFEIC, and others)
require proper key management
• There are industry standards and best practices for key
management (FIPS 140-2)
9
10. Protects keys from theft and loss
• Stores keys separately from the encrypted data
• Restricts access to keys
• Backs up keys securely
• Supports regular key rotation
Supports best practices for key management
• Separation of duties between data manager and key manager
• Dual control of key management processes
• Split knowledge of complete key values
• Ensuring origin and quality of keys
• As with encryption, key manager certifications are available; e.g. Federal
Information Processing Standards (FIPS) 140-2
• KMIP-compliance ensures future compatibility with encryption solutions
What Does a Key Manager Do?
10
11. • Beware of home-grown or non-standard encryption and key management
• Look for independent assessments and certifications (FIPS-197; FIPS 140-2)
of the implementation of a secure algorithm
• Best option for applications requiring higher performance
• Can be easily implemented for Db2 databases in IBM i 7.1 or greater using
FieldProc solutions with few (if any) application or database changes
• 3rd party solutions provide APIs and CL commands to encrypt IFS files,
backups, etc.
• Open Access for RPG (OAR) handlers simplify your project if you have
legacy RPG applications and need to encrypt indexes
• FIELDPROC exits expose security challenges. Make sure you also implement
access logging, automatic masking, access control for common utilities
(like DBU, Display Physical File Member, and FTP), access control for
encryption keys
11
IBM i Encryption Tips
13. • Replaces sensitive data with substitute values or “tokens”
• Tokens are stored in a database or “token vault” that maintains the
relationship between the original value and token
• Format-preserving tokens retain the characteristics of the original
data (e.g. a VISA number would still look like a VISA number and pass
a LUHN check)
• Token consistency enables the same token to be used for every
instances of the original data
• When tokenized data is displayed in its original form, it should be
masked based on the privilege of the user
What Is Tokenization?
13
Also known as pseudonymization
14. Tokenization Tips
• Tokenizing a server’s data can remove it from the scope of
compliance and reduce the risk of breach exposure
• Encrypt the token vault and make the vault the focus of compliance
• Tokens cannot be reversed with a key as there is no algorithmic
relationship to the original data
• Tokenization has a performance impact to register tokens and
retrieve them
• Good fit for BI and queries since tokenization maintains database
relationships
• Tokenization is available thru credit card payment networks for
tokenizing credit card numbers
14
16. • A form of tokenization that permanently replaces sensitive data with
substitute values (or “tokens”)
• Substitute values are not stored, so a secured token vault is not
required
• Format-preserving tokens retain the characteristics of the original
data
• Can replace every instances of a piece of original data with the same
token
• A variety of anonymization methods can be used (e.g. scrambling)
• NOT a solution for use on a production server since tokens are
unrecoverable
What Is Anonymization?
16
Also known as deidentification or redaction
17. Anonymization Tips
• As with Tokenization, Anonymization cannot be reversed with a key
as there is no algorithmic relationship to the original data
• Anonymization is not a solution for data on your production server
• Ideally used for anonymizing sensitive data on a development or
test system
• Good for sending scrubbed data to outside services for processing
or analysis in aggregate
• Addresses requirements of GDPR and CCPA
• When coupled with a high availability solution for replication to
non-HA server, it can feed dev/test system with anonymized data
• Note: Anonymization should be done before the data goes across the
network for true compliance with regulations like GDPR
17
19. Organizations of all sizes are required to encrypt sensitive IBM i data as
it moves over public networks such as the Internet
Secure file transfer is stipulated by a number of compliance regulations,
such as:
• PCI
• HIPAA
• SOX
Partners demand that the data they exchange with you to be safely
transferred and protected at the destination
Security best practice calls for internal data that passes across an
external network to be encrypted
Secure File Transfer
Requirements
• GDPR
• GLBA
• State privacy laws
19
20. • Manual transfer processes are unwieldy and time consuming
• Tracking transfers and resubmitting failed transfers is tedious
• Capturing files from FTP servers for processing into an ERP system or other
application is a cumbersome manual process or requires programming
• Securely sending ACH and Positive Pay records to a financial services
company’s FTP server is another burdensome transfer to manage
• Manual management leaves too much margin for human error
File Transfer Management
Needs
20
21. • Secure file transfer solutions encrypt data moving across internal or
external networks to protect it from being seen in “clear text”
• Third-party solutions handle the technical details of network
protocols, encryption standards, and firewall negotiation
• File transfer solutions deliver automation to relieve your team’s
workload and auditing and reporting required by auditors
• APIs enable you to integrate secure file transfer with your applications
and processes
• Solutions may offer the ability to keep the data encrypted at the
destination to ensure it remains private
• Secure file transfer is a very mature discipline with standards and
certifications available
Secure File Transfer Solutions
Deliver Many Benefits
21
22. Secure File Transfer Tips
• Look for solutions that meet standards and have certifications
• Ensure any solution you consider can navigate the complexities of
your firewall configurations
• Keep an audit trail of transfer activities
• An archive of transferred files makes retries much simpler
• Set up a hub-and-spoke configuration that manages all your file
transfer activities
22
24. • Masking obscures a portion of viewable data so that only the required
minimum amount is shown to a user
• Data can be fully or partially masked
• One common example is seeing only the final 4 digits of your credit
card number
• Partial masks can be done in variety of ways (e.g. showing only the
last four characters, or the first five, or other combinations)
• Masking should be done when encrypted or tokenized data is
displayed in clear text
• Managing masking is easiest when they can be applied based on the
user and group privileges
What Is Masking?
24
25. Masking Tips
• Using masking can help enforce separation of duties
• Masking can be used on otherwise unprotected data to protect
the data from view. This does not protect the data from breach if
someone takes it; it only protects it from view.
25
27. Introducing Assure Security
Complete IBM i Security and Compliance
• Best in class IBM i security capabilities acquired from
Cilasoft and Townsend Security
• A common package for new installs and upgrades
• A common monitoring console with Syncsort’s
Assure Availability products MILESTONES
• April 2019 Global Launch
• May 2019 General Availability
27
28. Assure Security
Assure Monitoring
and Reporting
Assure Db2 Data
Monitor
Assure
Access Control
Assure System Access
Manager
Assure Elevated
Authority Manager
Assure Multi-Factor
Authentication
Security Risk
Assessment
Choose the full product
Choose a feature bundle
Or select a specific capability
Assure Compliance
Monitoring
Assure Security
strengthens IBM i
security and assures
regulatory compliance
28
Assure
Data Privacy
Assure Encryption
Assure Secure File
Transfer
29. Assure Security
Assure
Data Privacy
Assure Encryption
Assure Secure File
Transfer
Assure Monitoring
and Reporting
Assure Db2 Data
Monitor
Assure
Access Control
Assure System Access
Manager
Assure Elevated
Authority Manager
Assure Multi-Factor
Authentication
Security Risk
Assessment
Assure Compliance
Monitoring
Assure Data Privacy protects
IBM i data at-rest and in-
motion from unauthorized
access and theft using
encryption, tokenization and
masking
29
30. Assure Encryption
Complete protection for data at rest
• IBM i FieldProc exit point software for encryption
• High performance encryption libraries
• Built-in masking of decrypted data based on user or group
• Provides key management with a local key store
• Includes extensive data tokenization capabilities
30
The only NIST-certified
AES encryption solution for IBM i
31. Assure Encryption
Easy to manage and monitor data access
• Easy-to-use management interface
• User access controlled by policy with Group Profile support
• Built-in data access auditing
31
32. Assure Encryption
Integrates with other applications and key managers
• Encryption commands for Save Files, IFS, and much more
• Extensive encryption APIs for RPG and COBOL
• Built to integrate with Townsend Security’s Alliance Key
Manager for off-partition key management
• Integrates with any OASIS KMIP-compliant key manager
32
33. Alliance Key
Manager?
Flexible
• Works with all major business
and cloud platforms
• Integrates with all leading
encryption applications
• Multiple deploying options
including a VMware VM,
Hardware Security Module
(HSM), or cloud module (AWS,
Microsoft Azure)
Compliant
• FIPS 140-2 compliant – the US
standard for approving
cryptographic solutions with
both hardware and software
components
• OASIS KMIP (Key Management
Interoperability Protocol)
compliant
• Certified for PCI-DSS version 3
by Coalfire, a certified QSA
auditor
Easy and Cost Effective
• Affordable for any size
Enterprise
• No additional client-side license
or usage fees
• Ready-to-use client software
speeds deployment and reduces
IT costs
33
34. Assure Security
Assure
Data Privacy
Assure Encryption
Assure Secure File
Transfer
Assure Monitoring
and Reporting
Assure Db2 Data
Monitor
Assure
Access Control
Assure System Access
Manager
Assure Elevated
Authority Manager
Assure Multi-Factor
Authentication
Security Risk
Assessment
Assure Compliance
Monitoring
Assure Data Privacy protects
IBM i data at-rest and in-
motion from unauthorized
access and theft using
encryption, tokenization and
masking
34
35. Secures data transferred with trading partners or customers
• Encrypts data before transfer and decrypts it at the destination
• Encrypts any file type including Db2 database files, flat files, IFS
files, Save Files, and spooled files
• Supports encrypted ZIP and PDF formats
• Supports common transfer protocols
• Secure Shell (SSH SFTP)
• Secure FTP (SSL FTPS)
• Records all encryption and file transfer activity to meet compliance
requirements
• Offers a PGP option to encrypt data at the source and destination
• PGP encrypted files can be received from other platforms such as
Windows, Linux, and UNIX
Assure Secure File Transfer
35
36. Enables centralized management and automation
• Automates secure transfers with centrally managed policies
• Configurable in a hub-and-spoke configuration to automatically
manage file transfer needs
• Allows administrators to easily retransmit any file from the
archive of backup libraries
• Provides email, SNMP, message notifications and alerts
• Supports email confirmation of transfer with distribution list
• Provides APIs and commands for integration with RPG, COBOL
applications and CL programs
Assure Secure File Transfer
36
37. Assure Secure File Transfer is
compatible with a variety of:
• Banks
• Insurance companies
• Authorization networks
• Benefits providers
• Medical claims services
• EDI networks
A partial list is shown here.
Supported Banks,
Insurance Companies, and Benefits Providers
Banks Bank of America, Wachovia, Wells Fargo, US Bank, State Street,
ABN Amro, CitiGroup, JPMorgan Chase, BankOne, and others
Medical Blue Cross Blue Shield, State of California, State of Florida,
Hewitt Associates, ZirMed, WebMD, and others
Services Merrill Lynch, Fidelity, ADP, Frick, TALX, eTRAFX, AllTel, Bell
South, and others
Networks GXS, Inovis, Sterling, IBM Advantis (now GXS), Pantellos, and
others
Authorizations Visa, American Express, ADS, Chase Paymentech, First Data,
ValueLink, and others
3rd Party Tools SAP, PeopleSoft, CostPoint, Concur, and others
37
38. Today’s Topics
1 – Common regulatory requirements
2 – Security solutions that align with regulations
3 – How Syncsort and Townsend Security can help
4 – Resources
5 – Q&A
39. 39
Download our eBooks
To learn more about technologies for ensuring
the privacy of data at rest……
To learn more about protecting the privacy of
data in-motion…..
40. 40
Learn More
About the layers of security by visiting
the Syncsort website Download Syncsort’s White Paper on
“The Essential Layers of IBM i Security”