Program for ASTD-Great Lakes Chapter in DuluthTerri Cheney
The document discusses creating a new member orientation for an organization. It suggests using simulations, scenarios and micro-scenarios to help new members rehearse opportunities and plan actions. Members would imagine themselves in example circumstances and recommend options to practice applying skills. The orientation would guide planning by having members identify their next actions, deadlines, potential obstacles and solutions to mimic taking real actions.
CactusCon 2017 - OODA Loop in life & cyber threat intelligenceDave Eilken
Explanation of John Boyd's OODA Loop for better decision making in life and how we can first take action to gain better visibility with cyber intelligence that will help us make risk decisions.
http://www.cactuscon.com/not-your-grandmas-cti-ooda-loop
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
This document provides an overview of industrial control systems (ICS) security. It defines ICS and compares them to IT systems. Key differences include availability prioritization over confidentiality and integrity in ICS. The document outlines common ICS components like PLCs and protocols like Modbus. It also discusses common ICS security issues, penetration testing methodology, and approaches to securing ICS. Resources for learning more about ICS security are provided.
Program for ASTD-Great Lakes Chapter in DuluthTerri Cheney
The document discusses creating a new member orientation for an organization. It suggests using simulations, scenarios and micro-scenarios to help new members rehearse opportunities and plan actions. Members would imagine themselves in example circumstances and recommend options to practice applying skills. The orientation would guide planning by having members identify their next actions, deadlines, potential obstacles and solutions to mimic taking real actions.
CactusCon 2017 - OODA Loop in life & cyber threat intelligenceDave Eilken
Explanation of John Boyd's OODA Loop for better decision making in life and how we can first take action to gain better visibility with cyber intelligence that will help us make risk decisions.
http://www.cactuscon.com/not-your-grandmas-cti-ooda-loop
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
This document provides an overview of industrial control systems (ICS) security. It defines ICS and compares them to IT systems. Key differences include availability prioritization over confidentiality and integrity in ICS. The document outlines common ICS components like PLCs and protocols like Modbus. It also discusses common ICS security issues, penetration testing methodology, and approaches to securing ICS. Resources for learning more about ICS security are provided.
Keynote Session : Internet Of Things (IOT) Security TaskforcePriyanka Aash
The document discusses the activities of TiE IoT Forum to address security issues in the growing Internet of Things (IoT) market in India. It outlines the IoT Security Taskforce's plans to examine use cases in personal medical devices and public transportation, develop model architectures, and explore both traditional and non-traditional security approaches to meet the unique needs of resource-constrained IoT devices. The Taskforce aims to help secure the projected 12 billion Indian IoT market.
Network Forensics and Practical Packet AnalysisPriyanka Aash
Why Packet Analysis?
3 Phases - Analysis, Conversion & Collection
How do we do it ?
Statistics - Protocol Hierarchy
Statistics - End Points & Conversations
Practical Applications of Block Chain Technologies Priyanka Aash
The document discusses blockchain technology and its potential practical uses. It begins by defining blockchain as a distributed digital ledger that allows participants in a network to securely record transactions without a central authority. It then provides examples of how blockchain could be used in healthcare to securely store electronic health records, enable smart contracts to automatically pay providers, and track medical devices to prevent counterfeiting. The document concludes by describing a hypothetical example where blockchain is used to give healthcare providers access to a patient's complete medical history from various sources to improve treatment while reducing redundant tests.
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
Targeted attacks need targeted Defense
What protocol should we use for CTI information exchange?
How should we describe our indicators of compromise
Structured threat information expression (STIX)
How we can keep information within our defined trust boundaries?
Where to store IOCs?
Threat Intelligence Feeds Lifecycle
How to measure the CTI process?
The reliability of IoT solutions in the healthcare sectorPhu H. Nguyen
The document summarizes a presentation from the U-Test project about testing cyber-physical systems under uncertainty. It includes:
- An agenda for the presentation outlining topics on U-Test's project overview, results, tools, and two case studies on home-based healthcare in Oslo and hospital-at-home information systems.
- Summaries of U-Test's presentations, which moved from a case study on a sports tracking device, to the project's methodology for modeling and testing uncertainty, to an overview of their tools.
- Details on U-Test's work developing frameworks for modeling and testing uncertainty in cyber-physical systems, and exploiting the results through potential commercial products and services.
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Application Security Architecture and Threat ModellingPriyanka Aash
95% of attacks are against “Web Servers and Web Applications”
Security Architecture and SDLC
3 Tier – Web App Architecture
Would you trust the code?
Traditional SDLC
Secure SDLC
SAST vs. DAST
- Cyber-physical systems (CPS) integrate computation, networking, and physical processes. They tightly couple software and hardware from the sensors and actuators up through the network.
- CPS differ from traditional embedded systems by managing time-critical interactions between computational and physical elements over networked systems. They also cross traditional disciplinary boundaries.
- Developing CPS requires new systems science foundations that fuse physical and computational modeling approaches. It also requires new techniques for composition, control, assurance, and adaptability of cyber and physical system elements.
Data ethics and machine learning: discrimination, algorithmic bias, and how t...Data Driven Innovation
Machine learning and data mining algorithms construct predictive models and decision making systems based on big data. Big data are the digital traces of human activities - opinions, preferences, movements, lifestyles, ... - hence they reflect all human biases and prejudices. Therefore, the models learnt from big data may inherit all such biases, leading to discriminatory decisions. In my talk, I discuss many real examples, from crime prediction to credit scoring to image recognition, and how we can tackle the problem of discovering discrimination using the very same approach: data mining.
Enterprise Architecture
Enterprise Architectural Methodologies
A Brief History of Enterprise Architecture
Zachman Framework
Business Attributes
Features & Advantages
SABSA Lifecycle
SABSA Development Process
SMP Maturity Levels
When it comes to AI and its applications, there are a number of myths being perpetuated by the mainstream media. It's time to dispel these myths because the opportunity to apply AI to your business is real.
The document discusses techniques for bypassing security controls and gaining persistent access to a secured remote desktop server. It proposes infecting a client's workstation, stealing RDP credentials, and using various tools to bypass firewalls, application whitelisting, and other defenses in order to install malware and establish command and control of the target server. Specific bypass methods involve abusing Microsoft Word macros, exploiting Windows services, installing kernel drivers, and manipulating TCP source ports. The presentation demonstrates new attack tools and methods for pentesters and warns blue teams of challenges in detecting such advanced intrusions.
This document discusses improving the communication of malware analysis by providing reproducible analyses using the malware itself. It proposes supplementing written analyses with demonstrations that instrument the malware. As a case study, it analyzes a piece of POS malware called JackPOS. The document describes setting up the malware's command and control infrastructure and memory scraping functionality. It concludes by demonstrating how to instrument the malware using Python scripts to trace its network communication and track data collection in a reproducible way.
The document discusses how systems of systems are changing product design and manufacturing. As products, buildings, and infrastructure become smarter, more connected, and data-rich, design must shift from discrete things to integrated systems. The talk will showcase frog's view of "Big Design," which designs adaptive, modular, intelligent systems that connect the human, enterprise, and urban scales. Big Design uses design and engineering to shape interconnected, intelligent systems across many levels. This represents a shift in value from individual devices to connected systems.
This document discusses security challenges for internet of things (IoT) devices and potential solutions. It describes how IoT devices have been hacked, including a baby monitor, printers catching fire, and hijacked consumer devices forming botnets. Network security protocols like TLS, DTLS and eDTLS are discussed as well as challenges of provisioning security for large numbers of constrained devices. The document advocates for defense-in-depth approaches using multiple complementary security mechanisms. It also examines security issues for industrial control systems, military equipment, and connected cars, noting many record large amounts of user data without adequate user control over data access. The document promotes market designs, legislation, and secure designs to help protect users from internet of threats.
(Kpi summer school 2015) theano tutorial part1Serhii Havrylov
The document is a tutorial introduction to Theano, an open source Python library that allows users to define, optimize, and evaluate mathematical expressions involving multi-dimensional arrays efficiently. It introduces key concepts in Theano including symbolic variables, functions, shared variables and updates, gradients, substitution, and random streams. It provides information on where to access more documentation on Theano and sets up the tutorial environment for participants to complete example tasks to learn how to use Theano.
Using Behavioral Psychology and Science of Habit to Change User BehaviorPriyanka Aash
Why is it so hard to make users adopt security best practices? The answer lies in human psychology. In this talk the speaker shall explain the “Habit Cycle” and why habits are beyond the control of the conscious mind. The speaker shall deconstruct how habits are formed and the science behind the process. Why is it impossible to change habits? How can you replace old habits with new ones?
(Source: RSA USA 2016-San Francisco)
A very interesting and enjoyable seeion with Pia and Piyul, knowing the mind-set of the people in a rural setup and how different it is from the urban society.
For more details read our blog :
Keynote Session : Internet Of Things (IOT) Security TaskforcePriyanka Aash
The document discusses the activities of TiE IoT Forum to address security issues in the growing Internet of Things (IoT) market in India. It outlines the IoT Security Taskforce's plans to examine use cases in personal medical devices and public transportation, develop model architectures, and explore both traditional and non-traditional security approaches to meet the unique needs of resource-constrained IoT devices. The Taskforce aims to help secure the projected 12 billion Indian IoT market.
Network Forensics and Practical Packet AnalysisPriyanka Aash
Why Packet Analysis?
3 Phases - Analysis, Conversion & Collection
How do we do it ?
Statistics - Protocol Hierarchy
Statistics - End Points & Conversations
Practical Applications of Block Chain Technologies Priyanka Aash
The document discusses blockchain technology and its potential practical uses. It begins by defining blockchain as a distributed digital ledger that allows participants in a network to securely record transactions without a central authority. It then provides examples of how blockchain could be used in healthcare to securely store electronic health records, enable smart contracts to automatically pay providers, and track medical devices to prevent counterfeiting. The document concludes by describing a hypothetical example where blockchain is used to give healthcare providers access to a patient's complete medical history from various sources to improve treatment while reducing redundant tests.
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
Targeted attacks need targeted Defense
What protocol should we use for CTI information exchange?
How should we describe our indicators of compromise
Structured threat information expression (STIX)
How we can keep information within our defined trust boundaries?
Where to store IOCs?
Threat Intelligence Feeds Lifecycle
How to measure the CTI process?
The reliability of IoT solutions in the healthcare sectorPhu H. Nguyen
The document summarizes a presentation from the U-Test project about testing cyber-physical systems under uncertainty. It includes:
- An agenda for the presentation outlining topics on U-Test's project overview, results, tools, and two case studies on home-based healthcare in Oslo and hospital-at-home information systems.
- Summaries of U-Test's presentations, which moved from a case study on a sports tracking device, to the project's methodology for modeling and testing uncertainty, to an overview of their tools.
- Details on U-Test's work developing frameworks for modeling and testing uncertainty in cyber-physical systems, and exploiting the results through potential commercial products and services.
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Application Security Architecture and Threat ModellingPriyanka Aash
95% of attacks are against “Web Servers and Web Applications”
Security Architecture and SDLC
3 Tier – Web App Architecture
Would you trust the code?
Traditional SDLC
Secure SDLC
SAST vs. DAST
- Cyber-physical systems (CPS) integrate computation, networking, and physical processes. They tightly couple software and hardware from the sensors and actuators up through the network.
- CPS differ from traditional embedded systems by managing time-critical interactions between computational and physical elements over networked systems. They also cross traditional disciplinary boundaries.
- Developing CPS requires new systems science foundations that fuse physical and computational modeling approaches. It also requires new techniques for composition, control, assurance, and adaptability of cyber and physical system elements.
Data ethics and machine learning: discrimination, algorithmic bias, and how t...Data Driven Innovation
Machine learning and data mining algorithms construct predictive models and decision making systems based on big data. Big data are the digital traces of human activities - opinions, preferences, movements, lifestyles, ... - hence they reflect all human biases and prejudices. Therefore, the models learnt from big data may inherit all such biases, leading to discriminatory decisions. In my talk, I discuss many real examples, from crime prediction to credit scoring to image recognition, and how we can tackle the problem of discovering discrimination using the very same approach: data mining.
Enterprise Architecture
Enterprise Architectural Methodologies
A Brief History of Enterprise Architecture
Zachman Framework
Business Attributes
Features & Advantages
SABSA Lifecycle
SABSA Development Process
SMP Maturity Levels
When it comes to AI and its applications, there are a number of myths being perpetuated by the mainstream media. It's time to dispel these myths because the opportunity to apply AI to your business is real.
The document discusses techniques for bypassing security controls and gaining persistent access to a secured remote desktop server. It proposes infecting a client's workstation, stealing RDP credentials, and using various tools to bypass firewalls, application whitelisting, and other defenses in order to install malware and establish command and control of the target server. Specific bypass methods involve abusing Microsoft Word macros, exploiting Windows services, installing kernel drivers, and manipulating TCP source ports. The presentation demonstrates new attack tools and methods for pentesters and warns blue teams of challenges in detecting such advanced intrusions.
This document discusses improving the communication of malware analysis by providing reproducible analyses using the malware itself. It proposes supplementing written analyses with demonstrations that instrument the malware. As a case study, it analyzes a piece of POS malware called JackPOS. The document describes setting up the malware's command and control infrastructure and memory scraping functionality. It concludes by demonstrating how to instrument the malware using Python scripts to trace its network communication and track data collection in a reproducible way.
The document discusses how systems of systems are changing product design and manufacturing. As products, buildings, and infrastructure become smarter, more connected, and data-rich, design must shift from discrete things to integrated systems. The talk will showcase frog's view of "Big Design," which designs adaptive, modular, intelligent systems that connect the human, enterprise, and urban scales. Big Design uses design and engineering to shape interconnected, intelligent systems across many levels. This represents a shift in value from individual devices to connected systems.
This document discusses security challenges for internet of things (IoT) devices and potential solutions. It describes how IoT devices have been hacked, including a baby monitor, printers catching fire, and hijacked consumer devices forming botnets. Network security protocols like TLS, DTLS and eDTLS are discussed as well as challenges of provisioning security for large numbers of constrained devices. The document advocates for defense-in-depth approaches using multiple complementary security mechanisms. It also examines security issues for industrial control systems, military equipment, and connected cars, noting many record large amounts of user data without adequate user control over data access. The document promotes market designs, legislation, and secure designs to help protect users from internet of threats.
(Kpi summer school 2015) theano tutorial part1Serhii Havrylov
The document is a tutorial introduction to Theano, an open source Python library that allows users to define, optimize, and evaluate mathematical expressions involving multi-dimensional arrays efficiently. It introduces key concepts in Theano including symbolic variables, functions, shared variables and updates, gradients, substitution, and random streams. It provides information on where to access more documentation on Theano and sets up the tutorial environment for participants to complete example tasks to learn how to use Theano.
Using Behavioral Psychology and Science of Habit to Change User BehaviorPriyanka Aash
Why is it so hard to make users adopt security best practices? The answer lies in human psychology. In this talk the speaker shall explain the “Habit Cycle” and why habits are beyond the control of the conscious mind. The speaker shall deconstruct how habits are formed and the science behind the process. Why is it impossible to change habits? How can you replace old habits with new ones?
(Source: RSA USA 2016-San Francisco)
A very interesting and enjoyable seeion with Pia and Piyul, knowing the mind-set of the people in a rural setup and how different it is from the urban society.
For more details read our blog :
From Human Intelligence to Machine IntelligenceNUS-ISS
This in an introductory talk to get ready for the AI era, and will talk about human intelligence, the model view of intelligence and machine/artificial intelligence. There will be some coverage of AI roots and subfields.
This document outlines the course structure for a structured data analytics course. It is a 3 credit course that includes practice sessions, assessments like quizzes and assignments. The course covers topics like data wrangling, classification/regression algorithms, association analysis, time series, and recommender systems. It also discusses popular machine learning algorithms and reading resources. Finally, it provides an overview of the first unit which is on data analytics from a business perspective.
This document summarizes key points from Chapter 14 of the textbook "Organizational Behavior" regarding decision making in organizations. It discusses the typical decision making process, models like classical decision theory and garbage can model, and how intuition, judgment and creativity impact decision making. Specific heuristics, biases, and ways to foster creativity are also outlined. The summary focuses on providing an overview of the chapter's coverage of decision making concepts and processes.
The document discusses various techniques used in requirements discovery for systems analysis. It describes sampling existing documentation, observation of work processes, questionnaires, interviews, and prototyping as common fact-finding methods. Interviews allow analysts to clarify any issues with users, but can be time-consuming. Questionnaires are efficient for large groups but lack clarification. Prototyping engages users and helps refine requirements through iterative testing of interface designs. Overall, the key is for analysts to impartially gather accurate requirements from diverse stakeholders using multiple techniques.
THINKING ABOUT THINKING
Audience: PM & BA
Level: All
Date: May 26
Time: 11:30 AM - 12:30 PM
Description
Thinking is a big part of a Project Manager’s and Business Analyst's job. But how often have you spent time thinking about thinking? This presentation looks at thinking as a critical soft skill for project managers and how a disciplined approach to thinking improves you effectiveness as a change agent for the company in the role of project manager. The presentation will discuss the Thinking Hats, Five Types of Thinking, and brush into the entire world of Business Analytics. The presentation focuses on how the skills of Strategic Analysis, Tactical Analysis, Predictive Analysis, Data mining work together for the complete business management cycle. To add to the thinking equation, the session will explore the power of Social Media sentiment and how the way people "feel" about things is an important factor in the business equation. Think about it !!!!
1. Participants will understand the relationship between planning, analysis, problem solving, decision making and thinking.
2. Students will be able to explain an "Adapting to Whats Happening Model" that includes Data Recording, Strategic Analysis, Tactical Analysis, Predictive Analysis, and Social Media Sentiment. And how it impacts the business.
3. Students will explore various factors of human bias and how that impacts thinking. The student will understand that bias cannot not be completely eliminated, but should be embraced as a human factor in any thinking exercise. The student will understand that personal perspective/bias is a factor, but not THE factor in thinking.
The document discusses creativity and innovation in organizations. It covers factors that stimulate and inhibit creativity, tools to measure creativity, and models for creative problem solving. The creative problem solving process involves defining a goal, gathering data, generating ideas, selecting solutions, planning action, and measuring results. Fostering creativity requires an environment with freedom, encouragement, resources, and cross-functional cooperation.
APF orlando diy survey workshop 071114 finalMike Courtney
This document provides information about conducting DIY survey research. It begins with an introduction to survey research and discusses why research is important to reduce risks, discover opportunities, and improve business results. Common mistakes in survey questions are outlined. The document then covers how to write effective survey questions, choose appropriate response scales, and develop a survey flow. Tips for determining appropriate sample sizes and finding respondents are provided. The document concludes with an exercise where attendees develop survey questions to get feedback.
Thinking Differently. Enabling Innovation - Buffalo Business First EventMike Cardus
Competitive demands require quicker, more effective and innovative problem solving. Problem solvers are required to quickly provide solutions to increasingly complex problems, develop and design new and innovative products and processes – and at the same time, reduce operating time and costs.
Creative thinking is a critical skill required by all people within their roles at work. It is often done by trial and error – the thinker creates an idea and determines if it will work. Not only is trial and error limited by personal knowledge, thinking is also constrained by a “stuckness” in how things are and how they should be.
Join us as Michael Cardus, founder of Create-Learning Team Building & Leadership Inc. teaches you how to break through these barriers and reach your creative potential!
Innovation Workshop Focus:
· Diminished “stuckness” in your thinking
· Increased pace of problem solving
· More effective discussions with others to help them think differently
· Increased use of existing resources and knowledge to innovate solutions
www.create-learning.com
Creative thinking is a critical skill required by all people within their roles at work. It is often done by trial and error – the thinker creates an idea and determines if it will work. Not only is trial and error limited by personal knowledge, thinking is also constrained by a “stuckness” in how things are and how they should be.
Outcomes from Thinking Differently – Enabling Innovation
Understanding and various uses of Nine Windows, a TRIZ inventive problem solving tool.
Use of Nine Windows to break “stuckness” in thinking and view solutions from a systemic level.
www.create-learning.com
Decision filters are tools to align decisions with organizational values and goals. They are created through stakeholder conversations and communicated to teams. Teams then use the decision filters to determine what work to deliver and what not to deliver. Decision filters help reduce irrational decisions and losses by encouraging normative behaviors. They can be applied at any level of an organization for any scenario. When used properly, decision filters signal culture change and mold the culture into a better form aligned with values.
This document discusses how to build a self-organizing team. It recommends giving the team the environment and support to get work done independently while still providing guidance. An exercise is described where participants self-organized into groups in different ways to understand the difference between command-and-control and self-organization. For effective self-organization, a team needs a shared goal, knowledge sharing, some delegated authority, team decision making, and proper metrics. Guidance is provided on establishing these elements step-by-step to transition a team to self-organization.
As presented at SXSW Interactive on March 12, 2017.
How can understanding the brain inform your marketing and design strategies? The end goal of business is to create products and services that can satisfy our needs and prompt us to open our wallets. Understanding human behavior through neuroscience, marketing, and user experience can illuminate consumer needs across a variety of target markets and how businesses can align their products to meet those needs. PRPL strategists Tommy Hung and Caitlin Pequignot explore current marketing trends, insights from behavioral economics, UX, and neuroscience, leading to a scientific framework with insights from human behavior to make your business strategy more actionable and efficient.
Perfectly Irrational: the importance of psychological validity in market rese...Angus Carbarns
Angus Carbarns, Director of Strategy at UX consultancy We Are Engines, explores key psychological biases underpinning consumer decision-making and their impact on market research and strategy. Rich in case studies and actionable take-aways, this talk should be of interest to brand managers, marketers, researchers and designers alike.
This document discusses agile practices for big data projects. It notes that learning organizations are more likely to succeed with big data projects if they have an appetite for experimentation, learn from mistakes, and can pivot decisions based on new information. A data-driven culture is important, where most decisions are made based on data and feedback is incorporated quickly. Iterative approaches help refine problems and questions, not just solutions. Science itself is an agile process where understanding evolves incrementally through refinements. Community groups in Riyadh are mentioned for sharing knowledge about agile methods and big data.
Hilda Taba developed the inductive thinking model in 1967 to promote inductive reasoning skills in students. The model has 9 phases focused on concept formation, data interpretation, and applying principles. It uses a series of questions to guide students through categorizing information, identifying relationships, making inferences, and verifying hypotheses. The goal is to help students develop logical thinking and information processing abilities by moving from specific examples and data to broader generalizations and principles.
Shaping Tomorrow - Getting Started - IntroductionKerry Richardson
Their goal is to provide clients with near real-time information on emerging trends and forecasts through an AI-powered system to help improve strategic decision making and planning.
Ann Herrmann-Nehdi, CEO of Herrmann International, explores the connection between thinking preferences and different phases of the innovative and strategic thinking processes, discussing the implications for building skills in these areas.
Similar to Keynote Session : Using Behavioral Psychology and Science of Habit to Change User Behavior (20)
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
The Verizon Breach Investigation Report (VBIR) is an annual report analyzing cybersecurity incidents based on real-world data. It categorizes incidents and identifies emerging trends, threat actors, motivations, attack vectors, affected industries, common attack patterns, and recommendations. Each report provides the latest insights and data to give organizations a global perspective on evolving cyber threats.
The document summarizes the top 10 cybersecurity risks presented to the board of directors of a manufacturing company. It discusses each risk such as insider threats, cloud security, ransomware attacks, third party risks, and data security. For each risk, it provides the current posture in terms of controls, compliance level, and planned improvements. The CISO and other leaders such as the managing director, finance director, and chief risk officer attended the presentation.
Simplifying data privacy and protection.pdfPriyanka Aash
1) Data is growing exponentially which increases the risk and impact of data breaches, while compliance requirements are also becoming more stringent.
2) IBM Security Guardium helps customers address this by discovering, classifying, and protecting sensitive data across platforms and simplifying compliance.
3) It detects threats in real-time, increases data security accuracy, and reduces the time spent on audits and issue remediation, helping customers minimize the impact of potential data breaches and address local compliance requirements.
Generative AI and Security (1).pptx.pdfPriyanka Aash
Generative AI and Security Testing discusses generative AI, including its definition as a subset of AI focused on generating content similar to human creations. The document outlines the evolution of generative AI from artificial neural networks to modern models like GPT, GANs, and VAEs. It provides examples of different types of generative AI like text, image, audio, and video generation. The document proposes potential uses of generative AI like GPT for security testing tasks such as malware generation, adversarial attack simulation, and penetration testing assistance.
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
The document discusses shifting the focus in cybersecurity from vulnerability management to weakness management and attack surface management. It argues that attacks persist because approaches focus only on software vulnerabilities, while ignoring other weaknesses like technological, people and process weaknesses that expand the potential attack surface. A new approach is needed that takes a holistic view of all weaknesses and continuously monitors the entire attack surface to better prevent attacks.
The document summarizes key aspects of the proposed Digital Personal Data Protection Act 2023 in India, including its scope, definitions, obligations of data fiduciaries, grounds for processing personal data, notice requirements for data principals, and penalties for non-compliance. It outlines categories of entities that would be considered significant data fiduciaries and the additional obligations that would apply to them. The summary also compares some aspects of the proposed Indian law to the General Data Protection Regulation (GDPR) in the European Union.
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
This document discusses cybersecurity threats and SentinelOne's solutions. It begins with questions about an organization's cyber preparedness and budget. It then discusses the cat-and-mouse game between attackers and defenders. The document highlights growing ransomware threats and payments. It argues SentinelOne provides a unified security solution that lowers costs, risks, and complexity while improving detection and response. It shares industry recognition for SentinelOne and concludes by thanking the audience.
An IT systems outage and distributed denial of service (DDoS) attack impacted an organization called XYZ Ltd. This was followed by a ransom demand email from an anonymous sender threatening to release sensitive project data. When the ransom deadline passed, anonymous hackers released a video on social media and the data breach began receiving media coverage. A customer then contacted XYZ to inquire about the data leak and if their content was impacted. The document outlines discussions between teams at XYZ on responding to the cyber incident and lessons learned.
The CISO Platform is a 10+ year old dedicated social platform for CISOs and senior IT security leaders that has grown to over 40,000 members across 20+ countries. Through sharing and collaboration, the community has created over 500 checklists, frameworks, and playbooks that are available for free to members. The platform also hosts an annual security conference with over 100 speakers and 20 workshops attended by 20,000 people. The goal of the CISO Platform is to build tangible community goods and resources through open sharing and collaboration among security professionals.
This document provides updates from the Chennai Chapter of the CISO Platform for 2021. It discusses the following:
1. The Breach and Attack Summit held in December which included panel discussions, presentations, task forces, and workshops despite natural disasters, with over 200 attendees.
2. Chapter meetings focused on ransomware trends and lessons learned from attacks.
3. A kids initiative to promote cybersecurity awareness through sessions for students, parents and teachers at local schools.
4. The task forces focused on topics like cyber risk quantification, quantum computing, cyber insurance and privacy.
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Lessons Learned From Ransomware AttacksPriyanka Aash
The document summarizes a ransomware attack experienced by the author's organization and the lessons learned. It describes how the ransomware encrypted files and powered off virtual machines. It then details the recovery process over several days, including bringing in an incident response firm, rebuilding infrastructure, and restoring service for customers. Key lessons included having stronger access controls, backups stored separately, and implementing security tools like EDR, centralized logging, and identity management best practices.
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Must Know Postgres Extension for DBA and Developer during MigrationMydbops
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
4. #RSAC
Awareness vs Change Of Behavior
4
Example: Continued security training beyond the baseline are unlikely to be effective -
“Modifying Smartphone User Locking Behavior” – by Dirk et al (ACM – 2013)
Awareness
ChangeinBehavior
6. #RSAC
The Mystery of Eugene Pauly’s Brain ..
6
Dr. Lary R. Squire
University of California, San Diego
Image Source: http://whoville.ucsd.edu/about.html
7. #RSAC
Goal Directed System (Pre-Frontal Cortex)
Responsible for new or infrequent
behaviors
Guided by attitudes, goals, values,
knowledge
Conscious and deliberate
Slow
Habit System (Basal Ganglia)
Very fast. Does not require thought or
attention
Less conscious. More automatic
Goal Directed and Habit System
7
Credit: Neal et al – The Science of Habit…
8. #RSAC
40% of our daily actions are driven without thinking
Examples of Habits in action
Changing gears
Getting out of elevator in wrong floor
Tying Shoe knots
Bad habits in action
Checking phone/blackberry during the middle of sleep
Clicking phishing links
Writing down passwords in open
Habits in Action..
8
10. #RSAC
Story of Pepsodent ..
10
https://upload.wikimedia.org/wikipedia/en/8/88/Pepsodent-0179c.jpg
11. #RSAC
Trigger – Routine – Reward ( & Craving )
11
Trigger:
Feel Tooth Film with
tongue
Routine:
Brushing Teeth
Reward:
Great Smile
Crave for
Tingling
Image Credit: Seth LemmonsImage Credit: Wikipediahttps://i.ytimg.com/vi/rf1Bs2XpwFI/maxresdefault.jpg
12. #RSAC
Step 1: Find a Predictable and Recurring Trigger
Step 2: Devise the new Routine/Habit
Step 3: Find the Reward
Practice, Practice, Practice without exceptions
Steps for Building New Habits
12
15. #RSAC
Example – Changing A Habit
15
Trigger:
Boredom
Routine:
Have a Whisky
Reward:
Feel Happy
Image Credit: Wiki
16. #RSAC
Example – Changing A Habit
16
Trigger:
Boredom
New Routine:
Talk to a friend
Reward:
Feel Happy
Image Credit: Wiki
17. #RSAC
3 Steps for Changing Old Habits
Identify and Deconstruct the Habit
Find the Trigger
Find the “real hidden reward” – Experiment to discover
Find the Trigger-Routine-Reward-Craving model
Find an alternative routine to satisfy the “real hidden reward”
Practice. Practice. Practice.
20. #RSAC
Several “toothpaste” companies went bankrupt
Coke, McDonalds campaigns..
What is hard about it?
Finding a “Reliable” trigger and reward
Creating craving and making it stick
Hard or Easy?
20
22. #RSAC
Example 1: Create Habit of Locking Computer
Screen..
Goal: Locking system while leaving desk
Trigger – Getting up from chair/Leaving the system
Routine – Lock your computer
Reward – Feeling of security
Rehearse or Repeat at least 20 times
If you forget then go back to seat and repeat the routine
23. #RSAC
Example 2 – Change the Habit of Writing Down
Password in Open Areas
Goal: Stop the habit of writing down password areas
Trigger – New password setting request
Old Routine – write down the password
New Routine – “write down the clue” or “Use a Scheme to generate new
passwords”
Reward – Feeling of security
Rehearse or Repeat
24. #RSAC
Example 3: Preventing Phishing
Old Habit
Trigger: Legitimate entity asks for personal details
Routine: Share the details
New Desired Habit
Trigger: Legitimate entity asks for personal details
New Routine: Validate the legitimacy of the entity
Practice. Practice. Practice
24
25. #RSAC
Example 4- Create Secure Coding Behavior
Goal – Ensuring coders use secure coding functions
Trigger – Typing a function
Old Routine – Type insecure function
New Routine – Use intervention method to prompt secure function
Enough practice
Automatic use of secure function
26. #RSAC
Habits in Day to Day Life..
Playing/Exercise everyday
Controlling anger outbursts..
28. #RSAC
Research on Habits and Beyond..
Research on Habits
Significant studies in the field of psychology, marketing, sports etc
Little or No research in areas related to IT security
28
29. #RSAC
References and Other Studies ..
Balleine et al – Goal directed instrumental action: contingency and incentive learning and their cortical
substrates
Kahneman – Thinking fast and slow
Duhigg- The power of habit
Neal et al – The pull of the past when do habits persist despite conflict with motives?
Rothman et al- Reflective and automotive processes in the initiation and maintenance of dietary change
Sheeran et al – Implementation intentions and repeated behavior..
Wood et al – A new look at habits and habit- goal interface
Wood et al- The habitual consumer
Wood et al- Habits in everyday life: thought emotion and action
29
31. #RSAC
Apply What You Learned
Next Week
Choose 1 habit that you want to change or build
Identify a small group for experiment
Experiment
First 3 months
Find the most important habits to change in your organization
Create an organization wide plan for habit change drills
Make people practice at least 20 to 30 times in a short time frame. (Group
activities, Simulation exercise, Wargames etc)
Measure the success of the program
32. #RSAC
After 6 months
Assess the success of the program based on the metrics defined
Reassess the risky and secure behavior and create a new program
32
Eugene Pauly’s part of the brain is destroyed due to viral encephalitis and left him with no short term memory. He moved to a new neighborhood and his wife used to take her for a walk everyday at a fixed time. Amazingly one day when his wife was late he went out for walk himself and returned back though he did not remember the way. He could not tell where the refrigerator was located if asked but if hungry he could automatically go there and take out a jar or nuts.
The scientists were baffled how could somebody reach the refrigerator or traverse a path automatically without rememberring it’s whereabouts.
In early 1900 only 7% of the American were brushing teeth. Most of the toothpaste companies failed to market the toothpaste despite poor dental hygiene of the entire country. Claude Hopkins (creator of quaker oat, goodyear tires campaign.. Made so much money.. That he devotred..) formula – quaker oats works only if you have one bowl every morning.. Drink a tonic at the first symptom of fatigue
created a clever campaign which revolutionized the brush habits in America and moved it to 65%.
How it worked? He used Habit Cycle – He found that there is a film which deposits on teeth. It occurs no matter how often you brush. But he cleverly used this as a Cue and created the above campaign to drive the brushing habit as a trigger. He used great smile and good hygiene as the reward.
However, after a while scientists later discovered that there was something beyond the Cue, Routine and Reward. Pepsodent created a cool tingling sensation after brushing. This tingling strated creating “craving”. So every time somebody felt the dental film there is a craving of freshness and tingling sensation which started driving change in behavior. Eventually every toothpaste started doing the same.
Similar strategy has been used in marketing Febreze and multiple other products. Craving creates urge to get the reward. It helps a habit to stick.. Urge for nicotin, urge for the fatty food, urge for the smell, urge for feeling fresh/craving for endorphin rush after exercise
However, after a while scientists discovered that there was something beyond the Cue, Routine and Reward. Pepsodent created a cool tingling sensation after brushing. This tingling strated creating “craving”. So every time somebody felt the dental film there is a craving of freshness and tingling sensation which started driving change in behavior. Eventually every toothpaste started doing the same.
However, after a while scientists discovered that there was something beyond the Cue, Routine and Reward. Pepsodent created a cool tingling sensation after brushing. This tingling strated creating “craving”. So every time somebody felt the dental film there is a craving of freshness and tingling sensation which started driving change in behavior. Eventually every toothpaste started doing the same.