Protecting Digital Economy through Vulnerability Coordination Center
•
1 like•437 views
The document summarizes a presentation given by Girindro Pringgo Digdo from the State Cyber and Cryptography Agency on protecting the digital economy through a vulnerability coordination center. It discusses challenges like increasing ease of use of technology, expanded network environments, decreasing skills needed for exploits, and cybersecurity skills gaps. It also outlines three steps for vulnerability coordination: preparation before incidents, isolating and monitoring during incidents, and lessons learned and improved defenses after incidents. The presentation concludes with discussing available bounty programs and references to hacker invitation programs and cybersecurity frameworks.
Report
Share
Report
Share
Download to read offline
Recommended
Internet Privacy
Hampir tidak ada privasi lagi ketika berbicara perkembangan teknologi. Semua sosial media meminta foto serta data-data pribadi Anda. Pun data yang ada diperangkat Anda, tidak luput dari pencurian oleh orang yang tidak berhak.
Presentasi ini memberikan wawasan bagaimana upaya perlindungan data pribadi Anda di era digital saat ini.
Threat Modeling Using STRIDE
The document discusses threat modeling using STRIDE. It provides an overview of threat modeling and the STRIDE methodology. The document then shows an example of applying STRIDE to identify threats in a DNS system. Threats are identified for each element and interaction in diagrams of the DNS system. This includes threats to the hosting environment, DNS software, DNS data, DNS transactions, and dynamic updates.
Threat Modeling In 2021
Threat modeling is a way of viewing the world, and so what's changing in threat modeling reflects that. There's a global pandemic. The ways we build software are changing. The threats are evolving, and attacks through systems are growing in importance.
Is talent shortage ws marco morana
1. The document summarizes key discussion points from the CISO West Millenium Alliance Workshop Day 2 around tackling the information security talent shortage.
2. The discussion centers around strategies for selecting and hiring candidates, including focusing on skills for roles versus certifications, assessing soft skills, and leveraging recruiters and social media.
3. Developing internal talent through training and career growth opportunities is also discussed as important for addressing staffing needs.
Operationalizing Threat Intelligence to Battle Persistent Actors
We have all heard that threat intelligence can help level the battlefield against advanced persistent threats whether criminal or nation state attackers. But what is Threat Intelligence? How does it fit into your organization’s security operations? And how can you develop your own Threat Intelligence?
In this presentation you'll learn:
- How to leverage Threat Intelligence to identify potential adversaries and take appropriate action
- How to develop Threat Intelligence using the Diamond Model
- How ThreatConnect investigated Chinese state-sponsored threats using the Diamond Model
- How to operationalize Threat Intelligence using Splunk and ThreatConnect
Threat Modeling Lessons from Star Wars
Adam Shostack presented on lessons learned from threat modeling. He discussed common traps to avoid, such as thinking threat modeling is easy or only for specialists. He outlined a simple approach using four questions: what are we working on, what can go wrong, what are we going to do about it, and how will we know if we're successful. Shostack also discussed the STRIDE mnemonic for categorizing threats and provided examples of mitigations for each category. His top ten lessons emphasized that anyone can threat model with the right skills and techniques.
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
This talk is aimed at arming IT professionals with insight into WatchGuard’s latest threat security research.
Threat modeling (Hacker Stories) workshop
The document outlines the agenda for a threat modeling workshop. The workshop includes three sessions: (1) BYOTM where attendees bring their own threat models to work on together, (2) an advanced threat modeling session on applying rapid techniques in a DevOps environment, and (3) an introductory threat modeling primer. The document then provides more details on topics covered in each session, including customizing approaches to organizational needs, key threat modeling terms, and frameworks that can be used. It emphasizes the importance of focusing threat modeling efforts on adding value and keeping practices sustainable.
Recommended
Internet Privacy
Hampir tidak ada privasi lagi ketika berbicara perkembangan teknologi. Semua sosial media meminta foto serta data-data pribadi Anda. Pun data yang ada diperangkat Anda, tidak luput dari pencurian oleh orang yang tidak berhak.
Presentasi ini memberikan wawasan bagaimana upaya perlindungan data pribadi Anda di era digital saat ini.
Threat Modeling Using STRIDE
The document discusses threat modeling using STRIDE. It provides an overview of threat modeling and the STRIDE methodology. The document then shows an example of applying STRIDE to identify threats in a DNS system. Threats are identified for each element and interaction in diagrams of the DNS system. This includes threats to the hosting environment, DNS software, DNS data, DNS transactions, and dynamic updates.
Threat Modeling In 2021
Threat modeling is a way of viewing the world, and so what's changing in threat modeling reflects that. There's a global pandemic. The ways we build software are changing. The threats are evolving, and attacks through systems are growing in importance.
Is talent shortage ws marco morana
1. The document summarizes key discussion points from the CISO West Millenium Alliance Workshop Day 2 around tackling the information security talent shortage.
2. The discussion centers around strategies for selecting and hiring candidates, including focusing on skills for roles versus certifications, assessing soft skills, and leveraging recruiters and social media.
3. Developing internal talent through training and career growth opportunities is also discussed as important for addressing staffing needs.
Operationalizing Threat Intelligence to Battle Persistent Actors
We have all heard that threat intelligence can help level the battlefield against advanced persistent threats whether criminal or nation state attackers. But what is Threat Intelligence? How does it fit into your organization’s security operations? And how can you develop your own Threat Intelligence?
In this presentation you'll learn:
- How to leverage Threat Intelligence to identify potential adversaries and take appropriate action
- How to develop Threat Intelligence using the Diamond Model
- How ThreatConnect investigated Chinese state-sponsored threats using the Diamond Model
- How to operationalize Threat Intelligence using Splunk and ThreatConnect
Threat Modeling Lessons from Star Wars
Adam Shostack presented on lessons learned from threat modeling. He discussed common traps to avoid, such as thinking threat modeling is easy or only for specialists. He outlined a simple approach using four questions: what are we working on, what can go wrong, what are we going to do about it, and how will we know if we're successful. Shostack also discussed the STRIDE mnemonic for categorizing threats and provided examples of mitigations for each category. His top ten lessons emphasized that anyone can threat model with the right skills and techniques.
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
This talk is aimed at arming IT professionals with insight into WatchGuard’s latest threat security research.
Threat modeling (Hacker Stories) workshop
The document outlines the agenda for a threat modeling workshop. The workshop includes three sessions: (1) BYOTM where attendees bring their own threat models to work on together, (2) an advanced threat modeling session on applying rapid techniques in a DevOps environment, and (3) an introductory threat modeling primer. The document then provides more details on topics covered in each session, including customizing approaches to organizational needs, key threat modeling terms, and frameworks that can be used. It emphasizes the importance of focusing threat modeling efforts on adding value and keeping practices sustainable.
Webinar: Vawtrak v2 the next big Banking Trojan
A few years ago we entered a new era of cyber threats.
At the beginning of the Internet, most intrusions and ‘hacks’ were committed for the sole purpose of proving that it was possible, basically because the authors could do it.
At some point though, someone realized that hacking could generate a revenue, there was information that could be stolen and sold, and services that could be provided to make it easier, and thus, the cybercrime industry was born.
Maltego Webinar Slides
Please view our webinar to learn the basics of our Maltego integration. https://attendee.gotowebinar.com/recording/2960337559231715841
Malformity Labs has developed a full transform set that allows for data from ThreatConnect™ to be integrated with the capabilities of Maltego.
All ThreatConnect customers can take advantage of the Maltego transform set through the ThreatConnect™ API and a provided transform server. They can use this to:
• Visualize the relationship between incidents, threats, adversaries, and indicators,
• Leverage attributes belonging to indicators and threats to create Maltego Graphs without losing any of the contextual data within ThreatConnect, and
• Pivot from ThreatConnect data and external open source data sources using other transform sets within Maltego.
When Insiders ATT&CK!
From ATT&CKcon 3.0
By Matt Snyder, VMWare
Insider threats are some of the most treacherous and every organization is susceptible: it's estimated that theft of Intellectual Property alone exceeds $600 billion a year. Armed with intimate knowledge of your organization and masked as legitimate business, often these attacks go unnoticed until it's too late and the damage is done. To make matters worse, threat actors are now trying to lure employees with the promise of large paydays to help carry out attacks.
These advanced attacks require advanced solutions, and we are going to demonstrate how we are using the MITRE ATT&CK framework to proactively combat these threats. Armed with these tactics and techniques, we show you how to build intelligent detections to help secure even the toughest of environments.
Security by Design: An Introduction to Drupal Security
This document provides an introduction to Drupal security. It discusses security by design principles in Drupal, including keeping the core and modules updated, using the Drupal API, and securing custom modules. It also covers encrypting sensitive data, the importance of key management for encryption and APIs, performing site audits and security best practices, and resources to improve security such as encryption and key management modules.
Threat Activity Groups - Dragos
Uncovering ICS Threat Activity Groups for Intelligence-Driven Defense: Dragos has released information about eight threat activity groups that have targeted industrial companies. These groups range from espionage, to learning industrial environments for future effects, to causing a power outage and targeting human life directly. But what are threat activity groups? They are different than what is normally tracked in the community as threat actors and have a different focus for defenders.
20171106 - Privacy Design Lab - LINDDUN
Aram H., researcher at DistriNet - KULeuven, presented the LINDDUN methodology (°2010) in already a bit simplified form (3 instead of 6 steps) while the team is working to further operationalise it AND align it with GDPR.
With LINDDUN you systematically approach the technical elements of appropriate measures to protect the data in 3 steps:
1 describe the data (flow) elements
2 elicit threats relating to linkability, identifiability, non-repudiation, detectability, disclosure of information, unawareness, non-compliance (and focus by making reasonable assumptions)
3 manage the threats, especially by mitigating them based on the threat taxonomy
You can find more on the methodology on linddun.org
This presentation was part of a series of presenters that filled the Privacy Design Lab that was organised by / together with the US Chamber of Commerce on 6 November 2017.
Threat Modeling Lessons From Star Wars
Everyone knows you ought to threat model, but in practical reality it turns out to be tricky. If past efforts to threat model haven't panned out, perhaps part of the problem is confusion over what works, and how the various approaches conflict or align. This talk captures lessons from years of work helping people throughout the software industry threat model more effectively. It's designed to help security pros, developers and systems managers, all of whom will leave with both threat modeling lessons from Star Wars and a proven foundation, enabling them to threat model effectively.
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
APNIC Senior Security Specialist Adli Wahid provides some useful findings of lessons learned from security incidents at the UMS Cybersecurity Awareness Seminar, held online on 25 October 2021.
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
Thai Network Information Center Foundation (THNICF) in cooperation with BKNIX is holding BKNIX Peering Forum 2017 on 15-16 May 2017 at VIE Hotel Bangkok, Phayathai Road, Ratchathewi. The forum is focusing on the talks about prevention of DDoS attack and the update of technologies for internet users.
Our Product Director, Mr. Donny Chong, shared the DDoS attack trend and defense strategy to the internet service providers in the region.
Cybersecurity: How to Use What We Already Know
Slides from my PSR keynote on how to secure software by bridging the gap between research and practice.
Video: https://t.co/mRr4CMrfKN
Event: https://iapp.org/conference/privacy-security-risk-2015
The Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model provides a systematic framework for characterizing organized cyber threats by modeling intrusions as a series of interconnected events. It represents intrusions as a graph of events (diamonds) connected by their core features of personas, network assets, malware, and tools. This allows analysts to consistently track threats over time, correlate related incidents, and infer adversary capabilities. The model also incorporates meta-features to provide additional context for understanding threats at different levels, from singular events to coordinated campaigns. By grouping similar intrusion patterns into activity groups, the Diamond Model enables identifying adversary infrastructure and techniques to better counter evolving threats.
Down The Rabbit Hole, From Networker to Security Professional
In my college day, i was a network guy.
How computer network knowledge back in the day can be used in my current Cyber Security profession?
Outpost24 Webinar - Common wireless security threats and how to avoid them
In this webinar; our Wireless & Network Security Product Expert, will walk you through how to secure connected devices and understanding wireless threats
Automation: The Wonderful Wizard of CTI (or is it?)
The document describes MITRE's Threat Report Automated Mapper (TRAM) tool, which uses machine learning to automatically map cyber threat reports to MITRE ATT&CK techniques. TRAM aims to streamline the process of analyzing reports and adding information to ATT&CK, though challenges remain around prediction accuracy and identifying new techniques. The document outlines TRAM's development process and discusses balancing automation with human analysis to better integrate cyber threat intelligence into ATT&CK.
Purple Teaming with ATT&CK - x33fcon 2018
Presentation slides presented by Cody Thomas and Christopher Korban at x33fcon 2018 about how to jumpstart your purple teaming with the MITRE ATT&CK framework, and accompanying Adversary Emulation Plans
Behavior-Based Defense in ICS
Dragos Adversary Hunter Joe Slowik presents on Behavior-Based Defense in ICS at the 13th annual API conference in Houston, TX. This presentation discusses how identifying adversary behaviors and their common requirements and behaviors can help network defenders prepare for future events--exemplifying how network defense for sensitive environments is strengthened through continuous improvement from prior events.
Visit www.dragos.com to learn more.
One Technique, Two Techniques,
Red Technique, Blue Technique
So you’re digging the MITRE ATT&CK™ Framework and maybe even implementing it in your work, but c’mon…. what does that really mean? While it’s not the turnkey solution to CYBER, ATT&CK has numerous applications in many facets of both adversarial and defensive operations (spanning “holy #%&^! what/who/why is that” to you briefing your check-signers on how you thwarted, and maybe even deceived [ooh la la] some hacking hooligans).
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
PKI is widely understood and accepted as golden standard for Authentication, Non-repudiation and Integrity. It secures protocols for emails, web, software distributions, replaces ink with electronic signature, infrastructure, financial and other transactions. While obtaining the private key or gaining access to its usage is the first thought when attacking PKI based systems, there are usually easier ways and a multitude of attack vectors.
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
From ATT&CKcon 3.0
By Haylee Mills, Splunk
Having ATT&CK to identify threats, prioritize data sources, and improve security posture has been a huge step forward for our industry, but how do we actualize those insights for better detection and alerting? By shifting to observations of behavior over one-to-one direct alerts, noisy datasets become valuable treasure troves with ATT&CK metadata. Additionally, we can begin to look at detection and threat hunting on behavior instead of users or systems. In this presentation, Haylee will discuss the shift in mindset and the nuts and bolts of detections that leverage this metadata in Splunk, but the concept can be applied with custom tools to any valuable security dataset.
The Business Benefits of Threat Intelligence Webinar
The Businees Benefits of Threat Intelligence
Take 30 minutes of your time to hear Cyber Squared Inc. CEO Adam Vincent review the need for businesses to evaluate the cost of a sophisticated threat intelligence program. Learn more about the ROI calculator that evaluates cost/benefits of threat intelligence investments and offers quantifiable financial benefits and use-cases to demonstrate the overall costs associated with data breaches, and how using threat intelligence can decrease those costs and make existing staff more efficient.
Watch the full webinar here: https://attendee.gotowebinar.com/recording/7218699913172089858
Cyber security brochure(1)
Looking at the huge gap in skills for Cyber Security, Aegis has launched Post Graduate Program (PGP) in Cybersecurity in association with IBM. This PGP in Cybersecurity is an interdisciplinary program that prepares students with both the academic and practical training to be competitive in the ever-changing technical landscape of cybersecurity.
Cyber Law and Security
This document discusses the need for cyber security courses and a cyber security program offered by IMT - Centre for Distance Learning (IMT-CDL) in partnership with Ankit Fadia. The program is a one-year post-graduate diploma in cyber security that provides students with critical computer security skills. It covers topics like network security, security threats and attacks, security solutions, and advanced security systems. The program is suited for IT and networking professionals and can be pursued along with work. IMT-CDL aims to meet the growing demand for cyber security experts through this program.
More Related Content
What's hot
Webinar: Vawtrak v2 the next big Banking Trojan
A few years ago we entered a new era of cyber threats.
At the beginning of the Internet, most intrusions and ‘hacks’ were committed for the sole purpose of proving that it was possible, basically because the authors could do it.
At some point though, someone realized that hacking could generate a revenue, there was information that could be stolen and sold, and services that could be provided to make it easier, and thus, the cybercrime industry was born.
Maltego Webinar Slides
Please view our webinar to learn the basics of our Maltego integration. https://attendee.gotowebinar.com/recording/2960337559231715841
Malformity Labs has developed a full transform set that allows for data from ThreatConnect™ to be integrated with the capabilities of Maltego.
All ThreatConnect customers can take advantage of the Maltego transform set through the ThreatConnect™ API and a provided transform server. They can use this to:
• Visualize the relationship between incidents, threats, adversaries, and indicators,
• Leverage attributes belonging to indicators and threats to create Maltego Graphs without losing any of the contextual data within ThreatConnect, and
• Pivot from ThreatConnect data and external open source data sources using other transform sets within Maltego.
When Insiders ATT&CK!
From ATT&CKcon 3.0
By Matt Snyder, VMWare
Insider threats are some of the most treacherous and every organization is susceptible: it's estimated that theft of Intellectual Property alone exceeds $600 billion a year. Armed with intimate knowledge of your organization and masked as legitimate business, often these attacks go unnoticed until it's too late and the damage is done. To make matters worse, threat actors are now trying to lure employees with the promise of large paydays to help carry out attacks.
These advanced attacks require advanced solutions, and we are going to demonstrate how we are using the MITRE ATT&CK framework to proactively combat these threats. Armed with these tactics and techniques, we show you how to build intelligent detections to help secure even the toughest of environments.
Security by Design: An Introduction to Drupal Security
This document provides an introduction to Drupal security. It discusses security by design principles in Drupal, including keeping the core and modules updated, using the Drupal API, and securing custom modules. It also covers encrypting sensitive data, the importance of key management for encryption and APIs, performing site audits and security best practices, and resources to improve security such as encryption and key management modules.
Threat Activity Groups - Dragos
Uncovering ICS Threat Activity Groups for Intelligence-Driven Defense: Dragos has released information about eight threat activity groups that have targeted industrial companies. These groups range from espionage, to learning industrial environments for future effects, to causing a power outage and targeting human life directly. But what are threat activity groups? They are different than what is normally tracked in the community as threat actors and have a different focus for defenders.
20171106 - Privacy Design Lab - LINDDUN
Aram H., researcher at DistriNet - KULeuven, presented the LINDDUN methodology (°2010) in already a bit simplified form (3 instead of 6 steps) while the team is working to further operationalise it AND align it with GDPR.
With LINDDUN you systematically approach the technical elements of appropriate measures to protect the data in 3 steps:
1 describe the data (flow) elements
2 elicit threats relating to linkability, identifiability, non-repudiation, detectability, disclosure of information, unawareness, non-compliance (and focus by making reasonable assumptions)
3 manage the threats, especially by mitigating them based on the threat taxonomy
You can find more on the methodology on linddun.org
This presentation was part of a series of presenters that filled the Privacy Design Lab that was organised by / together with the US Chamber of Commerce on 6 November 2017.
Threat Modeling Lessons From Star Wars
Everyone knows you ought to threat model, but in practical reality it turns out to be tricky. If past efforts to threat model haven't panned out, perhaps part of the problem is confusion over what works, and how the various approaches conflict or align. This talk captures lessons from years of work helping people throughout the software industry threat model more effectively. It's designed to help security pros, developers and systems managers, all of whom will leave with both threat modeling lessons from Star Wars and a proven foundation, enabling them to threat model effectively.
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
APNIC Senior Security Specialist Adli Wahid provides some useful findings of lessons learned from security incidents at the UMS Cybersecurity Awareness Seminar, held online on 25 October 2021.
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
Thai Network Information Center Foundation (THNICF) in cooperation with BKNIX is holding BKNIX Peering Forum 2017 on 15-16 May 2017 at VIE Hotel Bangkok, Phayathai Road, Ratchathewi. The forum is focusing on the talks about prevention of DDoS attack and the update of technologies for internet users.
Our Product Director, Mr. Donny Chong, shared the DDoS attack trend and defense strategy to the internet service providers in the region.
Cybersecurity: How to Use What We Already Know
Slides from my PSR keynote on how to secure software by bridging the gap between research and practice.
Video: https://t.co/mRr4CMrfKN
Event: https://iapp.org/conference/privacy-security-risk-2015
The Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model provides a systematic framework for characterizing organized cyber threats by modeling intrusions as a series of interconnected events. It represents intrusions as a graph of events (diamonds) connected by their core features of personas, network assets, malware, and tools. This allows analysts to consistently track threats over time, correlate related incidents, and infer adversary capabilities. The model also incorporates meta-features to provide additional context for understanding threats at different levels, from singular events to coordinated campaigns. By grouping similar intrusion patterns into activity groups, the Diamond Model enables identifying adversary infrastructure and techniques to better counter evolving threats.
Down The Rabbit Hole, From Networker to Security Professional
In my college day, i was a network guy.
How computer network knowledge back in the day can be used in my current Cyber Security profession?
Outpost24 Webinar - Common wireless security threats and how to avoid them
In this webinar; our Wireless & Network Security Product Expert, will walk you through how to secure connected devices and understanding wireless threats
Automation: The Wonderful Wizard of CTI (or is it?)
The document describes MITRE's Threat Report Automated Mapper (TRAM) tool, which uses machine learning to automatically map cyber threat reports to MITRE ATT&CK techniques. TRAM aims to streamline the process of analyzing reports and adding information to ATT&CK, though challenges remain around prediction accuracy and identifying new techniques. The document outlines TRAM's development process and discusses balancing automation with human analysis to better integrate cyber threat intelligence into ATT&CK.
Purple Teaming with ATT&CK - x33fcon 2018
Presentation slides presented by Cody Thomas and Christopher Korban at x33fcon 2018 about how to jumpstart your purple teaming with the MITRE ATT&CK framework, and accompanying Adversary Emulation Plans
Behavior-Based Defense in ICS
Dragos Adversary Hunter Joe Slowik presents on Behavior-Based Defense in ICS at the 13th annual API conference in Houston, TX. This presentation discusses how identifying adversary behaviors and their common requirements and behaviors can help network defenders prepare for future events--exemplifying how network defense for sensitive environments is strengthened through continuous improvement from prior events.
Visit www.dragos.com to learn more.
One Technique, Two Techniques,
Red Technique, Blue Technique
So you’re digging the MITRE ATT&CK™ Framework and maybe even implementing it in your work, but c’mon…. what does that really mean? While it’s not the turnkey solution to CYBER, ATT&CK has numerous applications in many facets of both adversarial and defensive operations (spanning “holy #%&^! what/who/why is that” to you briefing your check-signers on how you thwarted, and maybe even deceived [ooh la la] some hacking hooligans).
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
PKI is widely understood and accepted as golden standard for Authentication, Non-repudiation and Integrity. It secures protocols for emails, web, software distributions, replaces ink with electronic signature, infrastructure, financial and other transactions. While obtaining the private key or gaining access to its usage is the first thought when attacking PKI based systems, there are usually easier ways and a multitude of attack vectors.
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
From ATT&CKcon 3.0
By Haylee Mills, Splunk
Having ATT&CK to identify threats, prioritize data sources, and improve security posture has been a huge step forward for our industry, but how do we actualize those insights for better detection and alerting? By shifting to observations of behavior over one-to-one direct alerts, noisy datasets become valuable treasure troves with ATT&CK metadata. Additionally, we can begin to look at detection and threat hunting on behavior instead of users or systems. In this presentation, Haylee will discuss the shift in mindset and the nuts and bolts of detections that leverage this metadata in Splunk, but the concept can be applied with custom tools to any valuable security dataset.
The Business Benefits of Threat Intelligence Webinar
The Businees Benefits of Threat Intelligence
Take 30 minutes of your time to hear Cyber Squared Inc. CEO Adam Vincent review the need for businesses to evaluate the cost of a sophisticated threat intelligence program. Learn more about the ROI calculator that evaluates cost/benefits of threat intelligence investments and offers quantifiable financial benefits and use-cases to demonstrate the overall costs associated with data breaches, and how using threat intelligence can decrease those costs and make existing staff more efficient.
Watch the full webinar here: https://attendee.gotowebinar.com/recording/7218699913172089858
What's hot (20)
Security by Design: An Introduction to Drupal Security
Security by Design: An Introduction to Drupal Security
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
The Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat Intelligence
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security Professional
Outpost24 Webinar - Common wireless security threats and how to avoid them
Outpost24 Webinar - Common wireless security threats and how to avoid them
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
One Technique, Two Techniques,
Red Technique, Blue Technique
One Technique, Two Techniques,
Red Technique, Blue Technique
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence Webinar
Similar to Protecting Digital Economy through Vulnerability Coordination Center
Cyber security brochure(1)
Looking at the huge gap in skills for Cyber Security, Aegis has launched Post Graduate Program (PGP) in Cybersecurity in association with IBM. This PGP in Cybersecurity is an interdisciplinary program that prepares students with both the academic and practical training to be competitive in the ever-changing technical landscape of cybersecurity.
Cyber Law and Security
This document discusses the need for cyber security courses and a cyber security program offered by IMT - Centre for Distance Learning (IMT-CDL) in partnership with Ankit Fadia. The program is a one-year post-graduate diploma in cyber security that provides students with critical computer security skills. It covers topics like network security, security threats and attacks, security solutions, and advanced security systems. The program is suited for IT and networking professionals and can be pursued along with work. IMT-CDL aims to meet the growing demand for cyber security experts through this program.
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
IoT devices are proliferating throughout corporate networks raising concerns about security risks they may introduce. However, IoT technologies differ in many ways from most enterprise-ready technologies that currently exist. Understanding the risks that IoT represents and how to best quantify that risk can be a challenge for many security leaders. This webinar provides an overview of IoT architectures, how they differ from existing infrastructure devices, and how best to measure the risk IoT devices represent. It will expose attendees to concepts like Threat Modeling for IoT and provide additional references that will help build a successful IoT security assessment program.
Best Emcee in Singapore Sharlyn Hosted A Comprehensive Event of Singapore Int...
Welcome to the digital realm where trust and security are paramount! I'm Sharlyn Lim, your bilingual emcee, and I had the privilege of hosting the Singapore International Cyber Week 2023. In this blog post, we'll embark on a thrilling journey through the highlights of each day, exploring the cutting-edge discussions that unfolded at the Sands Expo and Convention Centre.
In the fast-paced realm of cybersecurity, the Singapore International Cyber Week 2023 stood as a beacon of knowledge and collaboration. Hosted by the dynamic Sharlyn Lim, a bilingual emcee renowned for her expertise, the event spanned three days, each packed with insightful discussions and thought-provoking panels. Let's delve into the highlights of this cybersecurity extravaganza, focusing on the theme of "Building Trust and Security in the Emerging Digital Order.
The Singapore International Cyber Week 2023 proved to be a pivotal platform for global policymakers, industry leaders, and academia. Sharlyn Lim, with her expertise in English and Mandarin Chinese, seamlessly navigated through the diverse topics, making each session engaging and informative. As we reflect on the insights shared during these three days, it's evident that collaboration, adaptation, and multilateral efforts are crucial in securing the digital future.
The Singapore International Cyber Week 2023 served as a beacon of knowledge, fostering discussions on harnessing digital opportunities, tackling cyber challenges, and affirming the relevance of multilateral efforts in securing the digital future. As we navigate the cyber seas, let's continue building trust and security in this ever-evolving digital order.
Read more here: https://emceeservices.com/best-emcee-in-singapore/
Contact Us
Sharlyn Lim - Professional Emcee in Singapore
Contact: 91807902 and www.emceeservices.com
Watch all of Emcee Sharlyn hosting events at https://www.youtube.com/@SingaporeEmceeSharlyn
Secure Sharing of Design Information with Blockchains
To defend against evolving cyberattacks, defenders alone have limitations to prevent attacks from multiple and powerful attackers. We show a new way for defenders to collaborate closely and to make the necessary security by design. Blockchains are used, and accountability occurs in such a way for incentive so that participants will comply with the rules. Intellectual property rights of individual defenders are protected, and unnecessary leakage of trade secrets and personal information can be avoided. In the mutual interaction between humans and computer, information is shared in such a way that humans correctly benefit from AI-supported machines as intelligent amplifiers.
Talks @ 2018 IEICE Society Conference
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather, Chief Executive Officer at Forensic Sciences Institute, delivered a presentation on Cyber Security Unchartered: Vigilance, Innovation and Adaptability- Exploring the Depths of Cybersecurity, at Public Sector Cybersecurity Summit 2023 on the 3rd of October 2023. #PublicSec2023 #Conference #Cybersecurity #PublicSector
Digital Security Capacity Building: Role of the University
Digital Security is one the core digital skills needed for the digital economy. What are the main issues with the digital security professions? What is the role of the university to keep pace with the fast changing digital environment?
Singapore Cybersecurity Strategy and Legislation (2018)
A primer on Singapore's Cybersecurity Strategy, and the laws of Singapore relating to Cybersecurity (Computer Misuse Act, Personal Data Protection Act, Cybersecurity Act 2018). Also contains a summary of the results of the Public Consultation on the Cybersecurity Bill
Graph Gurus Episode 22: Cybersecurity
https://info.tigergraph.com/graph-gurus-22
A new weapon in the struggle against cyber security is now available. Graph analytics offer exciting possibilities for an organization to develop an intelligent approach to securing its IT environment with data-driven analytics.
By watching this webinar you will learn how to:
Detect and mitigate attacks against a firewall with unprecedented accuracy
Identify and block devices used in denial of service attacks
Build “footprint” profiles that can be used for machine learning.
Graph Gurus Episode 22: Guarding Against Cyber Security Threats with a Graph ...
- Detect and mitigate attacks against a firewall with unprecedented accuracy
- Identify and block devices used in denial of service attacks
- Build “footprint” profiles that can be used for machine learning.
Trend Micro Solutions Overview
A brief overview presentation of Trend Micro that includes our history, growth story, and financials. It also covers how Trend Micro’s artfully combines proven foresight, XGen™ security, and passionate people to enable us to deliver market leading solutions to our customers and partners alike.
The importance of understanding the global cybersecurity index
With the advent of modern technologies such as IoT, artificial intelligence, and cloud computing, there is a rapid increase in the number of interconnected devices globally. It has also increased the number of cyber-attacks and data breaches. As a result, cybercrime is a global concern, and appropriate solutions are essential if proper responses are to be found. The Global Cybersecurity Index (GCI) is one such instrument to control cybercrime and provide feedback.
https://www.infosectrain.com/blog/the-importance-of-understanding-the-global-cybersecurity-index/
Cybersecurity Risk from User Perspective
1. The document discusses cybersecurity risks from the consumer perspective based on lessons learned during the COVID-19 pandemic.
2. It outlines increased internet usage and cyber threats during the pandemic such as ransomware, malware, and phishing scams.
3. The document recommends cybersecurity best practices for organizations like user training, latest antivirus and patches, cloud security, digital signatures, and network security investments to mitigate risks from remote work and increased online activity.
Introduction to Cybersecurity
This presentation provides an introduction to cybersecurity. This presentation is a part of the Five days Faculty Development Program on Cybersecurity organized by the Department of Information Technology, Sri Ramakrishna Institute of Technology.
CompTIA powered Cybersecurity Apprenticeships
This was delivered during National Apprenticeships Week 2018. The global shortage of Cyber Security Professionals is set to grow to 1.5 million in 2019. By harnessing apprenticeships organisations can train new talent and up-skill existing employees.
CWIN17 New-York / earning the currency of trust
This document discusses trends in cybersecurity and outlines Capgemini's cybersecurity portfolio. It notes that only 29% of organizations have strong data privacy policies and security frameworks in place. It also discusses evolving risks like regulatory pressure, digital transformation trends, and increasingly sophisticated cyber attacks. The document outlines Capgemini's managed security operations center (SOC) services and deployment options. It provides an overview of the upcoming GDPR regulations and principles of security and privacy, emphasizing the importance of trust, data governance, and monitoring cyber risks in real-time.
Internet threats- How to protect the Africa consumer
This document discusses cybersecurity challenges in West Africa and recommendations to address them. It finds that while technology is important, it alone cannot combat cyber threats given client-side vulnerabilities and cybercriminals exploiting the path of least resistance. It recommends taking a threat intelligence approach using internal and external sources as well as dark web monitoring. Big data analytics moving faster than criminals is also suggested. Establishing public-private partnerships for security-as-a-service and inter-operable legal frameworks with continuous education are presented as ways to better protect Africa consumers and organizations from internet threats.
Cyber Security roadmap.pptx
This slide can be act as baseline to build and set Cyber security roadmap especially in Airline industries.
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
The document discusses various tactics and techniques used by red teams to simulate cyber attacks, including open-source intelligence gathering, social engineering, deploying drop boxes, maintaining persistence, and threat actor profiling. It also introduces the MITRE ATT&CK framework for categorizing adversary behavior and outlines example steps in a red team workflow. Finally, it recommends five areas for organizations to focus on to strengthen their cyber defenses: network security, auditing and logging, password policies, role-based access control, and patch management.
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
El panorama de amenazas en evolución basado en nuestro ISTR (Reporte de Anual de Amenazas en Internet Vol. 24) recientemente publicado, refleja las últimas tendencias y cómo se aplican a Colombia y América Latina. Las principales tendencias de transformación digital, como la nube y la movilidad, junto con los nuevos desafíos de seguridad han cambiado el panorama de ciberseguridad por lo que la estrategia debe enfocarse en términos de riesgos clave, regulaciones y hallazgos sobre la madurez de la seguridad. Recomendaciones para enfocar y mejorar las posturas de ciberseguridad para abordar estas tendencias, incluidos los marcos clave, las tecnologías, los procesos y los cambios culturales son parte integral de los pasos a seguir.
Similar to Protecting Digital Economy through Vulnerability Coordination Center (20)
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Best Emcee in Singapore Sharlyn Hosted A Comprehensive Event of Singapore Int...
Best Emcee in Singapore Sharlyn Hosted A Comprehensive Event of Singapore Int...
Secure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with Blockchains
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Digital Security Capacity Building: Role of the University
Digital Security Capacity Building: Role of the University
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
Graph Gurus Episode 22: Guarding Against Cyber Security Threats with a Graph ...
Graph Gurus Episode 22: Guarding Against Cyber Security Threats with a Graph ...
The importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity index
Internet threats- How to protect the Africa consumer
Internet threats- How to protect the Africa consumer
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Recently uploaded
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Pushing the limits of ePRTC: 100ns holdover for 100 days
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
20240605 QFM017 Machine Intelligence Reading List May 2024
Everything I found interesting about machines behaving intelligently during May 2024
Artificial Intelligence for XMLDevelopment
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
“I’m still / I’m still / Chaining from the Block”
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Microsoft - Power Platform_G.Aspiotis.pdf
Revolutionizing Application Development
with AI-powered low-code, presentation by George Aspiotis, Sr. Partner Development Manager, Microsoft
UiPath Test Automation using UiPath Test Suite series, part 6
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Best 20 SEO Techniques To Improve Website Visibility In SERP
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Building Production Ready Search Pipelines with Spark and Milvus
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Full-RAG: A modern architecture for hyper-personalization
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
HCL Notes and Domino License Cost Reduction in the World of DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Climate Impact of Software Testing at Nordic Testing Days
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Recently uploaded (20)
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Protecting Digital Economy through Vulnerability Coordination Center
- 1. Public Slide Protecting Digital Economy through Vulnerability Coordination Center Girindro Pringgo Digdo girindigdo@pm.me State Cyber and Cryptography Agency Meetup and Information Sharing on Cyber Security Jakarta, July 18th 2018
- 2. About • Security Consultant @ Sg Company • Holds: CSX-F, OSCP • Focused on Application Security • Founder of CyberArmy.ID • Books Author
- 3. Introduction
- 4. The Challenges Technology focused on ease of use
- 5. The Challenges Increased network environment
- 6. The Challenges Decreasing skill level needed for exploits
- 7. The Challenges Stick to deadlines
- 9. The Challenges Security Awareness Cool. Useless. Security Theatre
- 12. Case(s) • National Insurance Company • An Airline Company
- 17. Bounty
- 18. Available on Live Version Only
- 19. Available on Live Version Only
- 20. Available on Live Version Only
- 21. Others
- 22. Hack The Pentagon Turns One on HackerOne Source: https://www.hackerone.com/blog/hack-the-pentagon-turns-one
- 23. Singapore Mindef Invite Hackers Source: https://www.straitstimes.com/singapore/defence-ministry-to-invite-300-hackers-to-hack-its- internet-connected-systems
- 24. Cybersecurity Framework Core Source: https://blacknightcyber.com/index.php/cyber-services-2/
- 25. Incident Response Lifecycle Source: NIST SP 800-61 r2
- 26. Steps (1) • Preparation (Before Incident) ✓ Establishing policy and warning banners ✓ Identify which business are important ✓ Backup Server ✓ Security awareness to all parties in Organization ✓ Rules fine tuning ✓ Up to date ✓ Using strong passphrase ✓ P&P (Patch & Pray) ✓ …
- 27. Steps (2) • Incident / Disaster Strikes ✓ Isolation ✓ Using 2nd server with the most recent version of backups ✓ Monitor all activities ✓ Block all incoming suspicious requests ✓ …
- 28. Steps (3) • Post Incident ✓ Lesson learned ✓ Restoring operations to normal ✓ Better wipe out all files, change with a new fresh apps ✓ Ensuring that no vulnerabilities remain ✓ Improving defences ✓ Performing vulnerability analysis ✓ Standardized ✓ …
- 29. End of Slide.