Cyber attacks have been hitting the headlines for years; but in spite of the risks, the reputational damage and the rising cost of fines, there is still an endless stream of businesses being exposed for security failings.
The scale of the problem is vast: Accenture’s recent 2016 Global Security Report highlighted “an astounding level of breaches” with the organisations surveyed facing more than 80 targeted attacks every year, of which a third were successful. Much has been made of the evolving threat landscape and increasing sophistication of attacks. But whilst there is evidence to support the growing complexity of the challenge, all too often the analysis of these high-profile attacks determines basic, foundational security principles were ignored.
Some commentators argue that the persistence of failings is a direct reflection of organisational priorities, and that while businesses may talk a good game, security is not yet given the attention that it requires at board level. This leaves CISOs and IT leaders fighting a losing battle to secure adequate attention and investment for an area of the business which does not generate revenue.
This conference will look at raising security standards across the business, exploring some of the most persistent problems from IT infrastructure to staff engagement. Amidst a backdrop of perpetual media hysteria, turbulent markets and looming regulatory change, it can prove difficult to establish a coherent picture of the threat, never mind what action to take. The conference will help contextualise the challenging landscape and discuss how to deliver meaningful improvements and end to end organisational resilience.
Successful digital transformation has more to do with people than technology. Presented at Scot-Tech / Digit's Digital Future's conference, 23 Feb 2017
Digital technology has made a profound impact on business: it has disrupted organisational structures, created new revenue streams and fundamentally changed the way businesses engage with their customer base. Advancements in analytics, the increasing capability of mobile and the rise of Cloud have completely disrupted traditional models - but the technology only forms half of the picture - transformation requires a change in mindset accompanied by a genuine cultural shift.
Rethinking Digital - Successful Enablement for the Digital Transformation - i...David Terrar
My Rethinking Digital 2nd keynote from the i2 Summit 2015 in Zurich. About rethinking digital, providing building blocks and an implementation approach for your transformation, and hopefully inspiring you to do something differently tomorrow in your digital business efforts. Everyone's talking digital and it's dangerous... too dangerous to dilute the term, but crucially important that we understand it properly. Digital is becoming a synonym for technology or new or new technology. You need to understand the digital enterprise wave - the current disruptive landscape. Then here are 8 building blocks for transformation, and then our 7E approach to implementing change. Finally I echo Michael Corleone telling Sonny "it's not personal, it's business" with our version "it's not digital, it's business".
Digital transformation - it’s really all about the business stupid!David Terrar
For HfS European Service Buyers Summit (in Cambridge) - Version of the Digital Enterprise Wave presentation explaining 20 years of a World Gone Digital, the Wave, the digital landscape, the new thinking, emergent management and leadership required, along with examples to highlight business value in the new models, approaches and ecosystems.
Thought Leader Session Epicenter May 3rd 2016Joakim Jansson
Presentation in English held at Epicenter in Stockholm the 3rd of May 2016. How to Lead Digital Transformation in a Large Company. Includes an overview of our methodology for digital transformation. The Digital Maturity Matrix.
Emerging technology is having a profound impact on the Financial Services sector; from mobile payments, APIs and Open Platforms to Machine Learning, Robo Investment and AI Chatbots.
The Summit will explore technological innovation across the financial services sector, from developments in established institutions to the disruptive innovators within the start-up community that are reshaping the FS market.
Core conference topics:
• Landscape: Trends, Culture, Trust, Transparency, Geo-political Climate
• Regulation: GDPR, MiFID II, PSD2, Open Banking, APIs
• Customer Strategy: Engagement, UX, Data Insight, Marketing & ML
• Emerging Tech: Blockchain, Analytics, AI, Payments, Automation
• National Strategy: Skills, Funding, Collaboration, Cyber Security
• Infrastructure: IT, Digital, Cloud, Mobile, XaaS
CeBIT Social Business Arena keynote - Strategic building blocks for your Dig...David Terrar
Standing in fir Dion Hinchcliffe who was called away, this was the opening keynote in the CeBIT Social Business Arena. My idea was to do three things. First give the Agile Elephant view of the current complex and disruptive digital landscape. There is a wave of change affecting every business and some key issues to be understood that are driving the need for digital transformation in every industry, every style of business. I go through 20 years of a world gone digital and recommend 3 books to help make sense of where we are. Secondly present 8 strategic building blocks to enable transformation, with the emphasis on practical things you can do, and specific areas or factors that your organisation needs to address.
Lastly, leave you with a core message that is vital for the 21st century enterprise - and that is that you need to be in a state of continuous reinvention to make sure that some smarter, nimbler competitor doesn't make use of technology or new business models to take away your market.
Successful digital transformation has more to do with people than technology. Presented at Scot-Tech / Digit's Digital Future's conference, 23 Feb 2017
Digital technology has made a profound impact on business: it has disrupted organisational structures, created new revenue streams and fundamentally changed the way businesses engage with their customer base. Advancements in analytics, the increasing capability of mobile and the rise of Cloud have completely disrupted traditional models - but the technology only forms half of the picture - transformation requires a change in mindset accompanied by a genuine cultural shift.
Rethinking Digital - Successful Enablement for the Digital Transformation - i...David Terrar
My Rethinking Digital 2nd keynote from the i2 Summit 2015 in Zurich. About rethinking digital, providing building blocks and an implementation approach for your transformation, and hopefully inspiring you to do something differently tomorrow in your digital business efforts. Everyone's talking digital and it's dangerous... too dangerous to dilute the term, but crucially important that we understand it properly. Digital is becoming a synonym for technology or new or new technology. You need to understand the digital enterprise wave - the current disruptive landscape. Then here are 8 building blocks for transformation, and then our 7E approach to implementing change. Finally I echo Michael Corleone telling Sonny "it's not personal, it's business" with our version "it's not digital, it's business".
Digital transformation - it’s really all about the business stupid!David Terrar
For HfS European Service Buyers Summit (in Cambridge) - Version of the Digital Enterprise Wave presentation explaining 20 years of a World Gone Digital, the Wave, the digital landscape, the new thinking, emergent management and leadership required, along with examples to highlight business value in the new models, approaches and ecosystems.
Thought Leader Session Epicenter May 3rd 2016Joakim Jansson
Presentation in English held at Epicenter in Stockholm the 3rd of May 2016. How to Lead Digital Transformation in a Large Company. Includes an overview of our methodology for digital transformation. The Digital Maturity Matrix.
Emerging technology is having a profound impact on the Financial Services sector; from mobile payments, APIs and Open Platforms to Machine Learning, Robo Investment and AI Chatbots.
The Summit will explore technological innovation across the financial services sector, from developments in established institutions to the disruptive innovators within the start-up community that are reshaping the FS market.
Core conference topics:
• Landscape: Trends, Culture, Trust, Transparency, Geo-political Climate
• Regulation: GDPR, MiFID II, PSD2, Open Banking, APIs
• Customer Strategy: Engagement, UX, Data Insight, Marketing & ML
• Emerging Tech: Blockchain, Analytics, AI, Payments, Automation
• National Strategy: Skills, Funding, Collaboration, Cyber Security
• Infrastructure: IT, Digital, Cloud, Mobile, XaaS
CeBIT Social Business Arena keynote - Strategic building blocks for your Dig...David Terrar
Standing in fir Dion Hinchcliffe who was called away, this was the opening keynote in the CeBIT Social Business Arena. My idea was to do three things. First give the Agile Elephant view of the current complex and disruptive digital landscape. There is a wave of change affecting every business and some key issues to be understood that are driving the need for digital transformation in every industry, every style of business. I go through 20 years of a world gone digital and recommend 3 books to help make sense of where we are. Secondly present 8 strategic building blocks to enable transformation, with the emphasis on practical things you can do, and specific areas or factors that your organisation needs to address.
Lastly, leave you with a core message that is vital for the 21st century enterprise - and that is that you need to be in a state of continuous reinvention to make sure that some smarter, nimbler competitor doesn't make use of technology or new business models to take away your market.
The modern enterprise is becoming an increasingly automated environment: technological advancements in AI, Machine Learning and RPA are allowing organisations to strip out layers of inefficiency, optimise process and enhance productivity. Right across the enterprise, operations are changing in line with new automation tools, from low-level administrative tasks to self-regulating Industrial IoT systems and customer service chatbots.
This conference will contextualise the role of intelligent automation within the enterprise, looking at how the increasing sophistication of AI, RPA and IoT technologies are transforming operations. The conference is geared towards senior IT and digital leaders, providing an insightful peer-led environment and a crucial forum for knowledge exchange, engagement and high-level networking
CIO Focus Summit workshop - strategic building blocks for your digital trans...David Terrar
Slides from our workshop discussion around the key building blocks your company needs to consider on its Digital Transformation journey to create the right environment for innovation, collaboration and survival!
Expert talk strategic building blocks for the digital transformation strategyDavid Terrar
My expert talk from Enterprise 2.0 Summit Paris 2015 covering 3 things - a perspective of the current digital disruption and digital landscape, strategic building blocks for digital transformation, and a core message that is essential for any business if they want to survive (and thrive).
Setting the scene for the Enterprise Digital Workplace Summit, 6 June 2018, at the British Academy. We live in a time of exponential change and disruption. What we call the Digital Enterprise Wave may become a Tsunami adding Artificial intelligence and blockchain to the other emerging technologies. A management shift, but change is happening across the workplace with the "gig mindset". What is a digital workplace anyway? Finally a reminder of the 8 Strategic Building Blocks for digital transformation, a plea to focus less on technology and more on people, and 2 key recommendations.
11 November 2015 - Thinktank, Birmingham.
#hntechsurvey
AGENDA
SURVEY FINDINGS
Rob Grimsey, Harvey Nash
PRESENTATIONS
Simon Livings
Director, Data Insight Services
KPMG LLP
Dr Nick Hawes
Reader in Intelligent Robotics
University of Birmingham
Rick Robinson
IT Director
Smarter Cities, Amey
Q&A
Hosted by Natalie Whittlesey
Harvey Nash
The 7 Principles of Digital Business Strategy & TransformationNiall McKeown
There is a method for creating a high performance digital business strategy. It is to use the 7 Principles of Digital Business Strategy framework by www.ionology.com
Building an Equitable Tech Future - By ThoughtWorks BrisbaneThoughtworks
At the heart of ThoughtWorks is an ambitious mission: to be a proactive agent of progressive change in the world. Aware of our own privilege, we strive to see the world from the perspective of the oppressed, the powerless and the invisible.
With QUT, here in Brisbane, we’re kicking off a series of research, projects, and conversations about the social impact of tech trends, with a view to building a more equitable tech future. Some of these topics include:
- Algorithmic accountability, transparency, bias & inclusion
- Responsible data practices (privacy and ownership of data)
- Automation and the future of work
- Data use in social media and elections
- Fake news and echo chambers
- Regulating decentralised technologies
- Blockchain for good
- End-user autonomy and privacy
Slides from: Felicity Ruby, Eru Penkman, Clayton Nyakana,
Assoc. Prof. Nic Suzor (QUT) & Dr. Monique Mann (QUT)
Understanding digital transformation involves understanding the DNA of your company, your employees, and your customers to identify the best way to deliver value and increase organisations' positive impact on revenue, employee retention, and customer experience.
This requires a change management approach and to look at 5 key pillars:
1. The Business model
2. The Operational model
3. Leadership & Capability
4. Customer Experience
5. Technology
Transformation is not digital, it's constantAyal Levin
Many organizations focus on Digital Transformation as a key to success. There seems to be a belief that “Once we become fully digital, the transformation is complete”. However, the reality of today will not be the leading solution of tomorrow. This talk will focus on the reasons why it’s not about digital transformation, rather, it’s about building organizations that can support constant transformation -in culture, in working models, in strategic thinking, and in mindset.
Business case for deploying online collaboration across organisational bounda...David Terrar
Pollyanna Jones of NHS England & David Terrar of Agile Elephant, introduced by John Glover of Kahootz, use the NHS England futureNHS platform as a case study story for implementing an effective collaboration solution across silos, teams and organisational boundaries. The story shows:
* How the Department of Health and their Arm’s-Length Bodies are using a shared service arrangement to improve team working and stakeholder engagement across the UK health sector
* The potential, drivers and enablers that are necessary for success and the impending blockers and pitfalls with advice as how to overcome them.
* Where to start, how to educate your staff, and an understanding as to how to select and drive benefit from collaboration tools across the value chain
* How to tap into the collective knowledge and expertise of your stakeholders to foster a sense of shared purpose and community involvement
* Building a solid business case. Where the value and ROI of collaboration tools could lie as your organisation looks to improve team working with external parties and across organisational boundaries.
Event held 8th Dec 2016, Edinburgh. The evolution of Big Data analytics has been staggering: it has progressed from an underused asset to a vital source of intelligence and insight, driven by improved hardware, cloud technologies and a plethora of specialist software. These technological advances have pushed the boundaries of what is possible, driving new innovation and enabling huge strides forward in fields like AI and Cognitive Computing.
The modern enterprise is becoming an increasingly automated environment: technological advancements in AI, Machine Learning and RPA are allowing organisations to strip out layers of inefficiency, optimise process and enhance productivity. Right across the enterprise, operations are changing in line with new automation tools, from low-level administrative tasks to self-regulating Industrial IoT systems and customer service chatbots.
This conference will contextualise the role of intelligent automation within the enterprise, looking at how the increasing sophistication of AI, RPA and IoT technologies are transforming operations. The conference is geared towards senior IT and digital leaders, providing an insightful peer-led environment and a crucial forum for knowledge exchange, engagement and high-level networking
CIO Focus Summit workshop - strategic building blocks for your digital trans...David Terrar
Slides from our workshop discussion around the key building blocks your company needs to consider on its Digital Transformation journey to create the right environment for innovation, collaboration and survival!
Expert talk strategic building blocks for the digital transformation strategyDavid Terrar
My expert talk from Enterprise 2.0 Summit Paris 2015 covering 3 things - a perspective of the current digital disruption and digital landscape, strategic building blocks for digital transformation, and a core message that is essential for any business if they want to survive (and thrive).
Setting the scene for the Enterprise Digital Workplace Summit, 6 June 2018, at the British Academy. We live in a time of exponential change and disruption. What we call the Digital Enterprise Wave may become a Tsunami adding Artificial intelligence and blockchain to the other emerging technologies. A management shift, but change is happening across the workplace with the "gig mindset". What is a digital workplace anyway? Finally a reminder of the 8 Strategic Building Blocks for digital transformation, a plea to focus less on technology and more on people, and 2 key recommendations.
11 November 2015 - Thinktank, Birmingham.
#hntechsurvey
AGENDA
SURVEY FINDINGS
Rob Grimsey, Harvey Nash
PRESENTATIONS
Simon Livings
Director, Data Insight Services
KPMG LLP
Dr Nick Hawes
Reader in Intelligent Robotics
University of Birmingham
Rick Robinson
IT Director
Smarter Cities, Amey
Q&A
Hosted by Natalie Whittlesey
Harvey Nash
The 7 Principles of Digital Business Strategy & TransformationNiall McKeown
There is a method for creating a high performance digital business strategy. It is to use the 7 Principles of Digital Business Strategy framework by www.ionology.com
Building an Equitable Tech Future - By ThoughtWorks BrisbaneThoughtworks
At the heart of ThoughtWorks is an ambitious mission: to be a proactive agent of progressive change in the world. Aware of our own privilege, we strive to see the world from the perspective of the oppressed, the powerless and the invisible.
With QUT, here in Brisbane, we’re kicking off a series of research, projects, and conversations about the social impact of tech trends, with a view to building a more equitable tech future. Some of these topics include:
- Algorithmic accountability, transparency, bias & inclusion
- Responsible data practices (privacy and ownership of data)
- Automation and the future of work
- Data use in social media and elections
- Fake news and echo chambers
- Regulating decentralised technologies
- Blockchain for good
- End-user autonomy and privacy
Slides from: Felicity Ruby, Eru Penkman, Clayton Nyakana,
Assoc. Prof. Nic Suzor (QUT) & Dr. Monique Mann (QUT)
Understanding digital transformation involves understanding the DNA of your company, your employees, and your customers to identify the best way to deliver value and increase organisations' positive impact on revenue, employee retention, and customer experience.
This requires a change management approach and to look at 5 key pillars:
1. The Business model
2. The Operational model
3. Leadership & Capability
4. Customer Experience
5. Technology
Transformation is not digital, it's constantAyal Levin
Many organizations focus on Digital Transformation as a key to success. There seems to be a belief that “Once we become fully digital, the transformation is complete”. However, the reality of today will not be the leading solution of tomorrow. This talk will focus on the reasons why it’s not about digital transformation, rather, it’s about building organizations that can support constant transformation -in culture, in working models, in strategic thinking, and in mindset.
Business case for deploying online collaboration across organisational bounda...David Terrar
Pollyanna Jones of NHS England & David Terrar of Agile Elephant, introduced by John Glover of Kahootz, use the NHS England futureNHS platform as a case study story for implementing an effective collaboration solution across silos, teams and organisational boundaries. The story shows:
* How the Department of Health and their Arm’s-Length Bodies are using a shared service arrangement to improve team working and stakeholder engagement across the UK health sector
* The potential, drivers and enablers that are necessary for success and the impending blockers and pitfalls with advice as how to overcome them.
* Where to start, how to educate your staff, and an understanding as to how to select and drive benefit from collaboration tools across the value chain
* How to tap into the collective knowledge and expertise of your stakeholders to foster a sense of shared purpose and community involvement
* Building a solid business case. Where the value and ROI of collaboration tools could lie as your organisation looks to improve team working with external parties and across organisational boundaries.
Event held 8th Dec 2016, Edinburgh. The evolution of Big Data analytics has been staggering: it has progressed from an underused asset to a vital source of intelligence and insight, driven by improved hardware, cloud technologies and a plethora of specialist software. These technological advances have pushed the boundaries of what is possible, driving new innovation and enabling huge strides forward in fields like AI and Cognitive Computing.
El curso de introducción a HL7 es un taller virtual donde realizamos una inmersión en el universo de los estándares HL7. Con el soporte de unos recursos web, desarrollamos una serie de ejercicios guiados que muestran, a través de múltiples ejemplos, un modelo de buena práctica en la utilización de dichos estándares
7.14.6 Технический справочник Schneider Electric 2015Igor Golovin
Цель технического справочника – помочь инженеру-проектировщику разобраться во всем многообразии предложения Schneider Electric, найти оборудование, систему, программное обеспечение – одним словом – решение, наилучшим образом соответствующее его потребностям и задачам.
Presentación No pierdas al cliente en el último clic, en la que Alberto Blanch, Responsable de Desarrollo de Negocio de Presencia Web de Arsys, explica las claves para evitar perder a los clientes durante el proceso de contratación online y las principales técnicas para incrementar el ratio de conversión de las tiendas en Internet.
Más información en https://blog.arsys.es
Italiaanse winkel Sophie Dutordoir heeft nieuwe uitbaterThierry Debels
NMBS-topvrouw Sophie Dutordoir moest haar Italiaanse zaak Poppeia in Overijse noodgedwongen sluiten. Er werd een nieuwe uitbater gezocht en gevonden.
De nieuwe zaakvoerder is Stéphane Vanhoudenhove.
Hij beheert de zaak via MEDI ARCH.
Displaying server-side OData messages in ui5 (Ui5con 2017)Nabi Zamani
Displaying success, error, information, and warning messages is often used in web application. These messages can be generated on UI side or they can come from a backend. UI5 has built-in features that allow to handle the messages easily. And with the underlying Fiori Design Guidelines you still keep your UI looking nice.
This is my session from the UI5Con 2017 on March 24th, 2017. Unfortunately, I had technical issues to record the session during my talk. After I was asked from some people to offer the recording I recorded this session the day after the conference.
Sustainable and Cheap Electricity\
A financial understanding of the costs and benefits and possibilities of Renewable Energy
My presentation from the Solar Power Africa Conference, 27th August 2012
O meu nome é Manuel Manero e trabalho como freelancer de marketing digital desde 2010 ajudando empreendedores de pequenas e médias empresas a terem mais e melhoresresultados nas suas actividades com a ajuda da internet.
Cybersecurity Threats - NI Business Continuity ForumDavid Crozier
I delivered a talk to the Northern Ireland Business Continuity Forum on Cybersecurity Threats on 12 November 2014.
This is a sanitised version of the slide deck that I used.
A look at why Caribbean cyber security is important, Caribbean experiences achieving cyber security, why an effective strategy is critical and the importance of an effective Information Governance strategy.
APT or not - does it make a difference if you are compromised?Thomas Malmberg
This is my presentation from the Cyber Security Summit held in Prague 2015 at the Boscolo Prague Spa Hotel. For the missing slides and further information, contact me directly.
Cyber threats and trends that you cannot afford to overlook in 2018. revised presentation from Clear and Present Danger - an Enterprsie Security event hosted by Netplus
Now in its 5th year, the conference has established itself as the largest annual Digital Energy summit in the country: the event brought together senior IT, Digital and business leaders, providing a unique forum for knowledge exchange, discussion and high-level networking. The programme explored the use of Information Technology in driving tangible outcomes across the organisation, looking at key trends and providing practical insight from an array of industry leaders.
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
With the amount of personal and sensitive customer information needed to accurately ensure a client, it’s no wonder the Insurance industry is a target for data security threats.
While all businesses across every industry are at risk, there are a few things that make the insurance industry particularly attractive – and susceptible – to data breaches and cyber-attacks.
- The sheer volume of information available
- The highly sensitive nature of the information
- Large amounts of unstructured data
In this webinar, our speakers illustrated the state of art, including the technical and legal framework, to protect your most relevant information from cyberattacks. You will learn:
- How to define a roadmap that optimizes the impact of cyber security expenditure
- How to adopt a general risk management approach to identify Cyber security risks
- What are the most relevant technologies available today to protect your data
The Summit will consider the role of leadership within the technology domain. Amidst a backdrop of uncertainty and disruption, the conference will discuss how you can help your organisation navigate change, overcome problems and accelerate innovation.
The programme will feature insights from an impressive array of technologists, founders, researchers and transformation specialists; contextualising the biggest challenges facing the industry and sharing practical advice, guidance and best-practice on how you can maximise your impact within your team.
Now in its seventh year, the Summit has established itself as the largest annual leadership event for Scotland’s Technology community, and an invaluable forum for knowledge exchange, discussion and high-level networking.
Core themes:
Trends: Digitalisation, agility, disruption and hybrid teams
Evolution: The changing nature of technology as a discipline
Leadership: Strategy, empowerment, communication, motivation and empathy
Culture: Creating a culture of inclusion, innovation and exploration
Impact: Technology as a driver of growth, innovation and improvement
The North of Scotland is in the midst of a full-scale transformation. Building on a well-established reputation as a global energy hub, the North is fast becoming a key destination for emerging innovation across an increasing range of sectors.
The DIGIT North Summit is designed to bring IT and Digital leaders together and drive practical innovation through shared learning. The event will facilitate cross pollination between key industries, from traditional sectors like Oil & Gas and Agriculture to high-growth fields like: Life Sciences, Biotech, Gaming, Fintech and Space.
The programme will contextualise the key emerging technologies and industry disruptors, and consider the vital role that IT and Digital leaders will play in ensuring organisations can thrive amid a backdrop of market change and economic volatility.
Organisations are changing, the rapid pace of the digital world has necessitated a fundamental shift in mindset. Digital has disintermediated markets; disrupted organisational structures, created new risks and new revenue streams and fundamentally altered the way businesses engage with their customer.
The most influential companies of our age share a common ability to understand two things effectively: people and technology. In these turbulent times, success is increasingly defined by the ability to respond to the fast-changing landscape, and exceed the expectations of the people we serve.
DT 2021 will contextualise the key technology trends and industry disruption amidst a backdrop of significant socio-economic upheaval. The event will also consider the role of IT and Digital leaders in driving positive transformation, exploring how we can help support operations, drive innovation, overcome challenges, and deliver tangible business benefits.
Core themes:
• Landscape: Uncertainty, Recovery, Sustainability, Remote Teams
• Process: Strategy, Structure, Optimisation, Agile, DevOps
• Design: Customer Centricity, UX, Functionality, Simplification
• Technology: Remote Tools, Data Analytics, AI, ML, RPA, Cloud
• People: Culture, Collaboration, Leadership, Diversity, Empowerment
The national Scot-Secure Summit is the largest annual Cyber Security event in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focused on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
The conference will contextualise the changing regulatory landscape, considering the business impact of the GDPR and DPA (2018) and how it is changing policy and process in practice.
When GDPR came into force in May 2018 it significantly raised the bar of obligation and accountability, ensuring that all organisations who handle personal data adhere to strict regulations around privacy, security and consent. 18 months on from implementation, the conference will consider how data protection procedure has moved on, with insight from frontline practitioners reflecting on how practices within their organisation have changed.
The event will also provide an update from the regulator; exploring regulatory action policy, decision making for fines and penalties, and clarifying some of the most prominent areas of misconception and non-compliance.
Core conference topics include:
• Key legal issues and obligations
• Data security and encryption
• Privacy Impact Assessments
• Databases, data mapping and classification
• Privacy by design
• Practical strategy implementation
SCOTLAND’S MUST-ATTEND IT & DIGITAL EVENT
The expo is the largest annual enterprise technology event run in Scotland, and a must-attend for senior technologists, digital innovators and IT leaders.
SCOTLAND’S LARGEST VENDOR SHOWCASE
DIGITExpo hosts Scotland’s largest exhibition of technology and solution providers, spanning: Cyber Security, Networking, Infrastructure, Cloud, Data & Analytics, Managed IT Services, Telecoms, Connectivity and much more.
TOP SPEAKERS AND INDUSTRY INSIGHT
Keynote and seminar theatres will host leading thinkers and innovators from some of the best known companies in the world. 2018 speakers include: Google, Twitter, Mclaren, RSB, Hill & Knowlton, CYBG, IBM, EasyJet and AmTrust.
SCOTLAND’S MUST-ATTEND IT & DIGITAL EVENT
The expo is the largest annual enterprise technology event run in Scotland, and a must-attend for senior technologists, digital innovators and IT leaders.
SCOTLAND’S LARGEST VENDOR SHOWCASE
DIGITExpo hosts Scotland’s largest exhibition of technology and solution providers, spanning: Cyber Security, Networking, Infrastructure, Cloud, Data & Analytics, Managed IT Services, Telecoms, Connectivity and much more.
TOP SPEAKERS AND INDUSTRY INSIGHT
Keynote and seminar theatres will host leading thinkers and innovators from some of the best known companies in the world. 2018 speakers included: Google, Twitter, Mclaren, RSB, Hill & Knowlton, CYBG, IBM, EasyJet and AmTrust.
As technology has evolved IT has transitioned from a background support function to a core driver of value creation and competitive edge. This shift has placed senior technologists at the heart of the organisation where they are increasingly critical to decision making, strategy and leadership.
The DIGIT Leader Summit will explore the evolution of the IT & Digital profession, considering the key technology and business trends and the profound impact they are having on the role. The programme will also examine the crucial components of leadership, looking at culture; team building, upskilling and communication.
The Summit is geared for senior IT & Digital leaders, and designed to provide an opportune forum for practitioners to share their experiences, learn from their peers and discuss best-practice approaches to leadership.
Core topics
Trends: Key technology trends and business trends
IT Evolution: How the IT and Digital role is changing and evolving
Leadership: Empowering, engaging, motivating and inspiring teams
Culture: Creating a culture of inclusion, innovation and exploration
Impact: Technology as a driver of innovation, improvement and problem solving
IT Management: Investment, ITAM, cost control, vendor management
The Conference
The Energy sector is changing: the challenging economic landscape has forced businesses to scrutinise their operations in pursuit of greater productivity and asset efficiency. Meanwhile, the market is growing increasingly diverse as renewables mature and new entrants emerge.
Against this backdrop, digital is becoming increasingly pervasive as companies turn to technology to modernise processes and deliver competitive advantage; from remote monitoring and automation, to data analytics, Machine Learning, asset visualisation and HPC.
Now in its 6th year, the conference has established itself as the largest annual Digital Energy summit in the country: the event brings together senior IT, Digital and business leaders, providing a unique forum for knowledge exchange, discussion and high-level networking. The programme will explore the use of Information Technology in driving tangible outcomes across the organisation, looking at key trends and providing practical insight from an array of industry leaders.
Core Themes
Landscape: maximising economic recovery and cross industry collaboration
IT & Digital as a driver of efficiency, business improvement and problem solving
Analytics, data-driven decision making and business intelligence
Asset visibility: performance, conditioning, remote monitoring
Digitising processes and innovating on top of legacy systems
Emerging technologies, AI, IoT, Robotics, Drones, Blockchain
Infrastructure: SCADA, Cloud, hybrid architecture, managed services
Cyber Security, information governance, GDPR
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focused on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
Business is changing: digital technology has permeated every facet of the enterprise, completely transforming the way we work. Digital has disintermediated markets, disrupted organisational structures, created new risks and new revenue streams, while fundamentally altering the way businesses engage with their customer.
There is no coincidence that the most influential companies of our age share a common ability to harness technology effectively. In these exciting and turbulent times, success is increasingly defined by the ability to respond to the fast changing digital landscape, it has become a key distinguisher between growth and obscurity.
DT 2019 contextualised key digital trends and explored the underlying process of organisational change. The conference was geared towards senior technologists and digital leaders, providing an insightful peer-led environment and a crucial forum for knowledge exchange, discussion and high-level networking.
This is the largest annual Digital Transformation conference held in Scotland - with over 300 attendees in 2018. The event is supported by ScotlandIS and is free for qualifying delegates to attend.
The conference will contextualise the changing regulatory landscape, considering the business impact of the GDPR and DPA (2018) and how it is changing policy and process in practice.
When GDPR came into force in May it significantly raised the bar of obligation and accountability, ensuring that all organisations who handle personal data adhere to strict regulations around privacy, security and consent. 6 months on from implementation, the conference will consider how data protection procedure has moved on, with insight from frontline practitioners reflecting on how practices within their organisation have changed.
The event will also provide an update from the regulator; exploring regulatory action policy, decision making for fines and penalties, and clarifying some of the most prominent areas of misconception and non-compliance.
Core conference topics include:
• Key legal issues and obligations
• Data security and encryption
• Privacy Impact Assessments
• Databases, data mapping and classification
• Privacy by design
• Practical strategy implementation
Technology is completely changing the face of financial services, driving disruption, displacement and disintermediation within the sector. This has lowered the barriers to entry, opened the door to new market entrants and created fertile ground for innovation and growth.
These market disruptions have also forged new alliances between start-ups and incumbents, blurring the lines of distinction between finance and technology and creating a wave of cross-sector collaboration.
Fintech 2018 will explore technological innovation across the financial services sector, from developments in established tier-1 firms to the disruptive innovators within the start-up community that are reshaping the FS market.
Core conference topics will include:
• Landscape: Trends, Culture, Trust, Transparency, Geo-political Climate
• Regulation: GDPR, MiFID II, PSD2, Open Banking, APIs
• Customer Strategy: Engagement, UX, Data Insight, Marketing & ML
• Emerging Tech: Blockchain, Analytics, AI, Payments, Automation
• National Strategy: Skills, Funding, Collaboration, Cyber Security
• Infrastructure: IT, Digital, Cloud, Mobile, XaaS
This conference will contextualise the evolution of IT, examining the changing role of technology within the business and the inherent implications for IT personnel. The event is geared for senior IT, business and finance leaders, providing a unique forum for knowledge exchange, discussion and high-level networking.
Core topics
• IT Evolution: the changing role of IT within the business
• Leadership: strategy, culture and collaboration
• XaaS: the shift from asset to service-based consumption
• ITAM: IT Asset Management and procurement
• Managed Services: vendor management and Service Level Agreements
• Governance: information security, GDPR and data protection
• DevOps: Agile process, faster delivery, greater collaboration
Now in its 5th year, the conference has established itself as the largest annual Digital Energy summit in the country: the event brought together senior IT, Digital and business leaders, providing a unique forum for knowledge exchange, discussion and high-level networking. The programme explored the use of Information Technology in driving tangible outcomes across the organisation, looking at key trends and providing practical insight from an array of industry leaders.
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The Summit is organised by DIGIT, with support from ScotlandIS, Police Scotland, SBRC, The Cyber Academy and ISACA. The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
Big Data & Analytics continues to redefine business. Data has transitioned from an underused asset to the lifeblood of the organisation, and a critical component of business intelligence, insight and strategy.
Big Data Scotland is the largest annual data analytics conference held in Scotland: it is supported by ScotlandIS and The Data Lab and free for delegates to attend. The conference is geared towards senior technologists and business leaders and aims to provide a unique forum for knowledge exchange, discussion and cross-pollination.
The programme will explore the evolution of data analytics; looking at key tools and techniques and how these can be applied to deliver practical insight and value. Presentations will span a wide array of topics from Data Wrangling and Visualisation to AI, Chatbots and Industry 4.0.
Key Topics
• Tools and techniques
• Corporate data culture, business processes, digital transformation
• Business intelligence, trends, decision making
• AI, Real-time Analytics, IoT, Industry 4.0, Robotics
• Security, regulation, privacy, consent, anonymization
• Data visualisation, interpretation and communication
• CRM and Personalisation
Service Managers strive to continually deliver better services but the day to day job can mean that they don't have the opportunity to keep up with the latest developments in technology and best practice thinking. Customer journey management, Smart advisors and chatbots, Team collaboration, Robotic Process Automation, Artificial intelligence, Multichannel digital experiences, Pervasive Technologies, Resource Scheduling, Swarming, BRM, DevOps, VeriSM, ITOM, SIAM ... What will give them an advantage?
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
7. What can we do to fight back?
Scot- Secure Conference
March 2017.
8. Agenda
Scottish, UK & Global Perspective!
The current threat landscape!
The challenges to LE & Policing!
The LE response - NCCU & Police Scotland!
Are we getting the message across?
What can we do to fight back?
Collaboration & Prevention.
Good News - Look Forward!
9.
10.
11. ORIGINAL HUB CONCEPT
SG/NCSC EUROPOL
POLICE / SENIOR TECH COMMUNITY /
INVESTIGATIONS .
TIER 4 – SCOTLAND’S TECH COMMUNITY
DEVELOPMENT
TIER 3 – ACADEMIA / R & D
TIER 2– SOC / TRUSTED PARTNERS
TIER 1– APPRENTICES / GRADUATES
14. What we do know!!
• The cyber threat to UK business is significant
and growing.
• This threat is varied and adaptable.
• The rise of internet connected devices gives
attackers more opportunity!
• The past year has been punctuated by cyber
attacks on a scale and boldness not seen before!
• The UK & Scottish government is committed to making the UK a
secure and resilient digital nation
• Under-reporting.
15. Scenario 2 – Malware
Malware Phishing Ransom-
ware
Social
Engineer
Hacker
Some Brief Examples… The Usual Suspects
16. Key questions that all CEOs & CISO’s should
be asking this week?
• "Are we vulnerable to a cyber intrusion, SQL injection,
ransomware or DDoS based attacks?“
• "What assurance activity have we done to confirm that
we are not vulnerable?“
• "If we were compromised, would an attacker be able to
gain access to unencrypted sensitive data?“
• “Are we satisfied have we engaged sufficient 3rd party
security provision?"
• “What is our company ethos & posture on security?”
• “What and how vibrant is your overarching cyber security
policy?”
22. The Main Threats…
Hacktivism Organised Crime Espionage
• Hacking organisations they don’t
agree with
• Politically motivated
• Mainly defacement of websites
and public disclosure of
information
• Organised but disperse.
• Anonymous, New World Hacking,
Lizard Squad
• Well funded cyber crime groups
• Financially motivated
• Mainly ransomware, stealing of
personal info/credit card info, and
hacking.
• Highly organised and well funded
• Carbanak Cyber Gang, Janus Sec
etc.
• State sponsored
• Politically & Financially motivated
• Mainly covert hacking and custom
malware- targeting sensitive IP and
CNI.
• Extremely organised and well
funded
• TAO, APT 28, APT 17, Bureau 21
23. The Main Threats…
Bedroom Hackers
• Teenagers with a point to
prove
• Motivated by recognition and
quick cash
• Mainly defacement of
websites and public
disclosure of information
• Have been quite successful at
‘low hanging fruit.
• They have been individuals or
‘front people’ of a group
24. Growing Cadre of Hacking Groups
Anoymous!
LulzSec
Lizard Squad!
New World Hacking Team!
DD4BC!.
The Impact Team.
The Armada Collective!.
Syrian Electronic Army
16.66
PhantomSec
28. • Feezan Hameed
• £60 - £113 million Frauds
• Vishing / Social engineering of
Banking customers
• Data acquired including account
details/passwords
• Money trasferred online – mule
account networks
• Uk wide investigation
• Numerous UK Law Enforcement
• Arrested in Paris on false passport
• Convicted and sentenced to 11 years
imprisonment
• Customer education?
29. Op Backbone
•UK Bank
•Frauds
•Exfiltration of bank customer data
•Bank employee
•Live customer data for sale on dark web
•Data used to commit further frauds
•Customer data recovered at home address
•Arrested / Convicted
•£23,000 seized POCA from account
•Print? Business Need/Auditable?
30. Operation Mouse - Police Scotland Website
Operation Vulcanalia
The NCCU/PSOS Operation Vulcanalia targeted
users of the Netspoof DDoS-for-hire tool.
Based on intelligence gathered by the West
Midlands Regional Cyber Crime Unit, a week of
action in December 2016 saw more than 60
individuals targeted, resulting in 12 arrests,
over 30 cease and desist notices served, two
cautions issued and one protective visit made.
The Avalanche network
was used as a delivery platform to launch and manage mass global
malware attacks and money mule recruiting campaigns. It has
caused an estimated EUR 6 million in damages in concentrated
cyberattacks on online banking systems in Germany alone. The
global effort to take down this network involved the crucial support
of prosecutors and investigators from 30 countries. As a result, 5
individuals were arrested, 37 premises were searched, and 39
servers were seized. Victims of malware infections were identified
in over 180 countries. Also, 221 servers were put offline through
abuse notifications sent to the hosting providers. The operation
marks the largest-ever use of sinkholing to combat botnet
infrastructures and is unprecedented in its scale, with over 800,000
domains seized, sinkholed or blocked.
33. Scotland’s Future
• International Collaboration
• Government - L.E – Industry – Academia Collaboration
• Joint Working - Intelligence, Technical, Disruption
• Prevention/ Education
• Curriculum for 21st Century
• Upskill Children & Wider Population
• Target Harden Existing Business
• SBRC Role
• Cyber Security Grow as Industry Sector
34.
35.
36. Cyber Essentials &
Cyber Essential Plus
Cyber Essentials concentrates on five key controls.
These are:
1. Boundary firewalls and internet gateways
2. Secure configuration
3. Access control
4. Malware protection
5. Patch management
37. Fighting back: what can we do?
• Reporting means we can fight back!
• Cyber Policing Structure – NCCU - Regional Hubs- Prevention
• European & Global Co-operation EC3.
• Innovative Partnership’s.
• Organisational growth and transformation.
• Education, prevention & unprecedented collaboration.
– The Cyber Academy & Scottish Academia R & D.
– Inspire and enthuse - SQA National Progression Awards
– SBRC – Supporting vulnerable SMEs.
– Multi agency, multi disciplined teams protecting Scotland.
44. Dr Keith Nicholson
Independent Cyber Security Advisor
• 25+ years’ experience in digital
technologies , IT audit and cyber
security
• Qualified in cyber security (CISM CISA)
• Scottish Government advisor in Cyber
Security
• Member Cross Public Sector Cyber
Group
• Member Cyber Leaders Board
• Advisor across Public Sector (e.g. SNH,
SEPA, SFC, Revenue Scotland)
Cyber Security
Scotland
Non-Profit Organisation
● established to provide
independent advice & services on
all aspects of cyber security to
public bodies to help create the
intelligent client.
● provides “honest-broker”
guidance on ICT, cyber security
strategy development, tender
specifications, procurement
exercises and project management
to deliver Best Value.
45. BUILDING A CYBER DEFENCE STRATEGY
Challenges: IT Team
Management expectations on skills
Winning investment & management buy-in
Not just a technical issue
46. BUILDING A CYBER DEFENCE STRATEGY
Challenges: Board
Lack of cyber understanding
Failure to appreciate risk & ROI
Belief technology is silver bullet
Lack of integration of HR, Finance &
Procurement as well as IT in cyber
defence strategy
47. Cyber Defence:
BUILDING A RESILIENT ORGANISATION
Secure technology
Challenging suppliers - lifecycle & supply
chain
Training and awareness in staff
Policies & procedures in HR, Finance,
Procurement, IT
Senior management responsibility
Becoming an intelligent client: Know what
you don’t know
52. Current Common Threats
• Malware – Ransomware
• Credential theft – webmail; keylogging
• Drive-by downloads from websites
• POS attacks
• DDoS – transactional servers / websites
• Web site defacement
• Dark web – malware / hackers for hire;
risk-reward model
TECHNICAL&PEOPLEBASED
53. Common attack vectors
BEHAVIOURAL
VULNERABILITIES
• Domestic technology use =
embedded behaviours
brought into workplace
• Changing attitudes to privacy
and sharing personal
information
TECHNICAL
• Phishing - Email – malware –
ransomware, key loggers
• Email attachments – e.g.
“invoices”
• Email – person pretext (e.g. I’m
xxx’s boss; CFO instructing invoice
approval)
• Vishing – elicitation of key
information in conversation
54. Threat Data
• Time to compromise – 82% in
minutes (phishing to steal
credentials)
• Time to exfiltration – 68% in days
(capture & export data)
• Detection deficit – only ca 20%
attacks detected within days1
• 68% attacks are malware, 32% by
pretext2
1 Verizon 2016 Data Breach Investigations Report
2 HMG, Ipsos MORI, University of Portsmouth,
Cyber Security Breaches Survey May 2016
• Oldies still goodies – top 10
vulnerabilities older than one year
• Software vulnerabilities – time
between publication and
exploitation:
– Adobe, Microsoft, Oracle fastest to be
compromised
– Apple and Mozilla slowest
• Helps focus patch management
56. 5-Step Threat Reduction Strategy
1. Recognise the threat & take responsibility at
Board level – Exec & Non-Exec
2. Risk & Business Impact assessment of
technical & organisational vulnerabilities
3. Secure the technology
(resources prioritised via Risk & Business
Impact assessment)
4. Create a cyber-aware culture
5. Evolve to become an Intelligent Client
57. Becoming the Intelligent Client
Recognise what you don’t know
(Known Unknowns) – Audit systems, policies &
procedures via “critical friend”
Recognise you don’t know what you don’t know!
(Unknown Unknowns) – Get Directors and staff
training both technical and general awareness
Challenge suppliers: service lifecycle and supply chain;
build security into procurement specifications
Don’t rely only on supplier advice
(Audit Scotland)
Seek “honest broker” independent advice where
needed
59. 1. Assess and test Cyber Awareness Maturity level:
• At board level
• Amongst general staff
• Amongst technical teams
2. Undertake a Cyber Security audit with risk assessment to:
• Identify technical & cultural vulnerabilities and threats
• Prioritise resource allocations proportionate to risk
• Identify staff skills gaps
3. Create a staff development strategy for ongoing awareness
/ technical training
4. Develop a Proactive & Responsive Cyber Strategy, Policies
& Continuous Improvement Plan to address continuing and
changing threats
Cyber Defence Action Plan
60. Summary
• Needs Board & Senior Management commitment
– risk awareness, RoI and investment buy-in
• Cross-organisation responsibility:
– HR for OD, staff training and vetting; Finance, Procurement for fraud detection; IT for
technology
• Define your needs and challenges
– Technological as well as Staff and Suppliers via Gap Analysis
• Set realistic development plan & expectations
– Cultural change is not achieved overnight
• Keep your eye on the threat
– Staff development
– Continuous improvement plan
– Monitor, mentor, measure
90. Ransomware in 2016
• 2016 Losses $1B
• 246 new families in 2016 alone
compared to 29 for 2015. 748%
increase.
• PhishMe Report: As of the end of
Q3’16, 97% of all phishing emails
contained crypto-ransomware
• InfoBlox Report: Ransomware
Domains Up By 35 fold In Q1’16
93. UK Ransomware Survey
• Just over two thirds (69%) of UK ITDMs have heard about
ransomware and know how it works.
• Four fifths (82%) consider ransomware to be a threat to their
organization, while 18% do not.
• The average ransomware request received was £540, although for
20% of those infected, the request was more than £1,000.
• Nine in ten (89%) reported a time limit on paying the ransom, with
the time limit being 19 hours on average.
• Organizations affected by ransomware estimate they spent 33 man
hours on average fixing the issues caused by the ransomware
infection.
94. UK Ransomware Survey
• Two thirds (65%) ended up paying the ransom. However, only 45% of those
infected got their data back through this mean while 20% paid a ransom and did
not get their data back.
• The three most common reasons for paying the ransom:
– They were worried about being fined if the data was lost – 37%
– The data was highly confidential – 32%
– The ransom amount was low enough to count as cost to business – 29%
• Seven in ten (69%) think their organization will be targeted by ransomware in the
next 12 months.
• 77% have an incident response plan in case of infection with ransomware
– Only 44% have tested their incident response plan, while a third (33%) have a
plan in place without testing it.
105. CVE-2013-2551
Affected software: Microsoft Internet Explorer® 6–10
Description: A use-after-free vulnerability that lets attackers remotely execute arbitrary code via a specially crafted site that triggers access to a
deleted object
CVE-2015-0311
Affected software: Adobe Flash Player 13.0.0.262, 14.x, 15.x, and 16.x–16.0.0.287 on Microsoft Windows® and 11.2.202.438 on Linux
Description: An Adobe Flash Player buffer overflow vulnerability that allows attackers to remotely execute arbitrary code via unknown vectors
CVE-2015-0359
Affected software: Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before
11.2.202.457 on Linux
Description: An Adobe Flash Player memory corruption vulnerability that allows attackers to execute arbitrary code when the application is used;
failed exploitation attempts likely result in denial of service (DoS)
CVE-2014-0515
Affected software: Adobe Flash Player before 11.7.700.279 and 11.8.x–13.0.x before 13.0.0.206 on Microsoft Windows and Mac® OS X® and
before 11.2.202.356 on Linux
Description: An Adobe Flash Player buffer overflow vulnerability that occurs when parsing a compiled shader in a Flash object, which allows
attackers to run some processes and run arbitrary shellcode
CVE-2014-0569
Affected software: Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and before 11.2.202.411 on Linux
Description: An Adobe Flash Player remote integer overflow vulnerability that lets attackers execute arbitrary code via unspecified vectors
Top Vulnerabilities Within Exploit Kits
107. Fundamental Best Practices
Employee Education
Awareness, best practices,
simulation testing
Keep Current with Patching
Minimize exploits of
vulnerabilities
Access Control
Limit access to business critical data
Back-up and Restore
Automated: 3 copies, 2 formats, 1
air-gapped from network
108. Smart Protection Network in 2016
… received 2.8T
reputation queries
from customers
… identified 130M
new unique threats
… Blocked 1B
ransomware threats
… blocked 81B
total threats
116. “CISOs use existing security
metrics that are expressed in
technical security terms, and
are oriented toward technical
security decisions. They report
on what they can vs. what they
should.”
Gartner: Sharpen Your Security Metrics to Make
Them Relevant and Effective, July 10, 2015
118. “THANKS FOR THE 300 PAGE
SECURITY REPORT”
- Nobody, Ever, Said
119. 51%Of CxOs believe there is a 1 in
4 chance that a data breach
will have a material impact on
their organisation
80%
Source: Securing the C-suite: - IBM Institute for Business Value, February 2016
Of CISO’s say their top risks
are increasing
Scale Venture Partners and Wisegate Survey, Assessing and Managing IT Security Risks, June 2014
125. Aligning Metrics to the Business
Metric
Control
Policy
Objective
Monitoring
Control Activities
Risk Assessment
Control
Environment
Wisdom
Knowledge
Information
Data
127. Examples
Operations
% Critical Systems Patched Within Target Days
% Critical Systems Without Updated Virus Definitions
Compliance
% Critical Systems Within Compliance
Reporting
<Metric> by Site/Location
<Metric> by Business Unit
Characteristics
1. Specific
2. Measurable
3. Actionable
4. Relevant
5. Timely
What is a SMART Metric?
134. ✓ Define security metrics that map to your unique
business objectives
✓ Collect comprehensive, reliable data to assess security
and compliance
✓ Use easy-to-read report card format to communicate
security posture to execs
✓ Validate that security program controls are in place and
delivering intended results to maximize your return on
investment
Measuring Security Assurance
140. Figuring out the “right” metrics and compiling them
can be challenging
Metrics provide clear insight into how successfully
well the IT security team is meeting security and
business objectives
Tenable’s sensors and ARCs help you turn technical
data into metrics executives can understand
Summary
141. • Read the eBook:
Using Security Metrics to Drive Action
• Download the Whitepaper:
Measuring Security Assurance – Turn Technical Data into Metrics
Executives Can Understand
Next Steps
151. Tatty Teddy
Twitter on Tatty Teddy
Over a number of years tweeted as fan.
On occasion principle retweeted.
Interaction Progressed to principle commenting.
Fan moves to interact in DM, principle replies
Fan tweets evolve becoming more personal
152. Tatty Teddy
Principle attempts to ignore and manage fan
Principle sensitively declines
Management Company running a competition
Winner of Meet & Greet announced.
Fan requests a meet & greet.
Fan interaction turns hostile
Fan makes direct threats and becomes hostile online
153.
154.
155.
156. Tatty Teddy
> After being single all my life and approaching my 38th birthday, I've
> taken the plunge and signed up with POF. Have never had so much as a
> proper date in all my life, and it's been years since I was even
> remotely looked at by a woman, so I'm not expecting much.
>
> Having looked at who's available in my local area, there isn't much
> going. There are one or two women who are nice looking, but I look
> very young for my age, don't fancy women near to my own age (many
> 30-35s almost look old enough to be my mother), and I feel awkward at
> the thought of looking at women in their late 20s who I might actually
> find attractive. But I'd probably have nothing in common with them.
157. Tatty Teddy
Principle attempts to ignore and manage fan
Principle sensitively declines
Management Company running a competition
Winner of Meet & Greet announced.
Fan requests a meet & greet.
Fan interaction turns hostile
Fan makes direct threats and becomes hostile online
160. o Alexa, come away with me! I want to take you away! To a place where no-one
can ever hurt you! We can go anywhere. I know places. Places where we can be
alone~or in a big city.It doesn't matter. I want to live a "normal" life with you. I
want to watch you grow old with me, and maybe have a couple of children. You
can be anything you can imagine! A doctor, a factory worker, a scientist, a
photographer! Anything you want. I just have this dream of you and me in a
house and pets and you can be my wife, and I can be your loveslave. Anything
you want. It will be great! We can have a lot of fun together! So, get back to me!
Tell me to go to Hell, tell me that I'm crazy, just tell me how you feel. I love you
and I want you to be happy.
Alexa Ray Joel
161. Messages Start September 4rth
5th – Recounting a Nightmare.
7th – Message of Hate.
Last Message – 13th November.
Alexa Ray Joel
165. Social Engineering - Profiling
What do you want~
Something about me being a lazy drink~I
waste~good
please!~Let me go!
Alexa Ray Joel
166. One of a handful reporting same geo location.
Similar Interests, Likes.
I envy you~the way you can sing
wrong~I just like them forever!
but here I go~up on the stage, anyway
Alexa Ray Joel
168. Sheryl Finley [Billy Joel] hired a bodyguard to protect his
daughter and contacted [Paul] McCartney,
who recommended a Europe-based
private-security firm not bound by the
same legal restrictions as the police, [Post]
sources said.
McCartney's people found the stalker in
Austin, Minn.
Alexa Ray Joel
170. Securing People
You do not know the people you are trusting.
• Recognise that as a Risk.
• Quantify the risk.
• Accept it or mitigate it.
171. Crime is on the increase
• Your stakeholders are being targeted.
• Sensitive Assets can take many forms.
• Its Risk introduced by cyber or just security
• Stop referring to cyber security.
188. PREPARE
Business strategy alignment
Assessment & architecture
Operating model governance
Risk & compliance
Culture change
Red-teaming
DETECT
Vulnerability management
Threat intelligence
Security monitoring
Cyber threat analytics
PREVENT
Digital identity
Application & data security
Platform &
infrastructure security
RESPOND
& RECOVER
Incident response
remediation
Business continuity
MOBILE ON PREMISES
CLOUD IoT
MORE SIMPILY AGAIN?
How do we
respond?
What is the
impact?
How do we
organize?
How do we
monitor?
Risk Identification – Aggregated set of typical risk
associated with Cyber Risk
Risk Events - Scenarios which can impact the
organization specific to cyber threats
Business and IT
Controls – Oversight of
the controls and their testing
programs and how to leverage
COBIT®, ISA, ISO/IEC, NIST controls
Operating Model –
Specifying the structure with people,
organization, roles, tools and processes
to govern
Detection and Identification – Tools and metrics to identify and log
aspects to mange operations
Operational Monitoring – Aligning the tools to identify and detect threats
along with their escalation and oversight
Event Response Plan – Structure to identify and
manage action plans
Crisis Management – Structure to manage
incidents and notify impacted parties
193. Ian McGowan Bio
Ian is a Managing Consultant at Barrier Networks and has 18 years
experience working in network and application security.
He has worked as a web application security architect and application
security operations lead and understands the challenge organisations
face when trying to integrate security controls into the modern
software development life cycle.
194. Talk Overview
• Overview of Web Application Security challenges
• How Web Application Firewalling (WAF) can help
• Advances in WAF technology
• Anti-Fraud techniques
• Summary
196. Attack Surface
Data
Stolen User
Credentials/F
raud
Phishing Network
DDoS
Attacks
Application
Vuln Exploits
Recon.
Port scan
Attacks against
SSL Vul
Application attacksNetwork attacks Session attacks
DNS
Amplification/C
ache Poisioning Application
DDoS AttacksBotnet/SPAM
Man in the
Middle
Man In The
Browser
Clientside Attacks
DNS Attacks
Malware
Business Logic
Abuse
Data
197. Focus of Attacks
Stolen User
Credentials/F
raud
Phishing Network
DDoS
Attacks
Application
Vuln Exploits
Recon.
Port scan
Attacks against
SSL Vul
DNS
Amplification/C
ache Poisoning Application
DDoS AttacksBotnet/SPAM
Man in the
Middle
Man In The
Browser
DNS Attacks
Malware
Business Logic
Abuse
ATTACKS ARE DISPROPORTIONTELY TARGETING THESE AREAS
APPLICATION
PROTECTION
USER ACCESS AND
CREDENTIALS
DataApplication attacksNetwork attacks Session attacksClientside Attacks
DNS Attacks
Data
198. State of Application Delivery Report
Yearly report by F5 Networks
2200 responders
Understanding trends
Most popular application services deployed
Most important application services deployed
202. WebApp Security Challenges
• Complexity of the application
• Complexity of the attacks
• User controls the Endpoint
203. SDLC Challenges
• Secure coding is difficult, expensive and slow.
• Developers are usually under time constraints
• The focus is on delivery and not security
• We need to change our approach to software
development
204. OWASP Top 10
Top 10 AppSec Risk
There are more than 10!
These aren’t going away
Time to adjust our approach?
226. Web Fraud Prevention Benefits
• Detection of DOM compromise
• Application level encryption
• Automated action detection
227. Web Fraud Control Efficacy
Major European Bank:
“…detected and blocked fraudulent transactions in the
sum of 500,000 Euro in two days.
…ROI on the pilot first two days – that’s a new thing in
the security field ...”
228. Take Aways
• AppSec controls have advanced significantly.
• We must adjust our approach before it’s too late.
• Layered defence.
Clientless solution,
enabling 100% coverage
Protect Online User
Desktop, tablets &
mobile devices
On All Devices
No software or user
involvement required
Full Transparency
Targeted malware, MITB,
zero-days, MITM,
phishing automated
transactions…
Prevent Fraud
Alerts and customizable
rules
In Real Time
232. EVERYTHING YOU WANTED
TO KNOW ABOUT PHISHING
BUT WERE TOO AFRAID TO CLICK
Dan Hunt, Lloyds Banking Group
233. Brief Introduction
• Etymology: Phreaking (Phone Hacking) + Fishing
• Definition: “Phishing is the attempt to coerce
recipient action, often for malicious reasons, by
disguising oneself as a trustworthy entity in
electronic communications”
• Effectively a con trick, same as any other
• Concepts can be applied to other -ishings;
• Vishing: Voice-based
• Smishing: SMS-based
234. • Phishing emails can be used to harvest sensitive data
and deploy malware
• Unsuccessful phishing attempts can be used to infer how
well-protected an organisation is
• It is very, very easy and very, very effective
• Average engagement-rate is 20%
• ROI is high
Why?
238. What? (Strategic)
• Reduce the engagement rate on phishing emails;
• Gateway filtering & blocking
• Employee Education & Testing:
• Studies find that the 20% click rate falls to 13%
percent if employees go through just three
simulation exercises, to 4% after
the fourth and 0.2% after the fifth.
• Have colleagues know what to do
and who to tell.
239. What? (Immediate)
• Awareness of Red Flags
• Mismatch of sender imagery
• Impersonal (Dear Customer)
• Misspellings
• False sense of urgency
• Email/web domains don’t match
240. What? (Final Thoughts)
When sent an email that you’re not expecting, even if
it appears to be from someone you know, consider the
following;
• WHY am I being sent this email?
• WHO is sending it to me?
• WHAT do they want me to do?
• WHERE could it lead me?
THINK BEFORE YOU CLICK
251. Skyscanner 2017
My most successful strategy?
ISO27001?
Cyber Essentials?
BSIMM?
A.N.Other?
Nope, it’s been speaking to people
and sharing learnings. @StuHirstinfosec
256. Skyscanner 2017
Initial scheme – Qualys scans
2 week scheme – glut!
365 scheme – needs constant
researcher rotation, refuse to pay
for crap bugs, weed out the XSS
guys!
@StuHirstinfosec
257. Skyscanner 2017
Ideal outcomes;
• Weed out certain types of bug in
your code altogether
• Make researchers work harder
for their cash!
• Scale the scheme &
make it more valuable
over time
@StuHirstinfosec
263. User Data
User Data Implemented new MINIMUM STANDARDS for
user data
Privacy BY DESIGN!
Examples;
• Only stored in agreed places (e.g. AWS)
• Minimum encryptions levels when
transferring
• Same for data at rest (AES256)
• Bcrypt / Argon2 for hashing
• Only using TLS
• Get rid of old ciphers
• Segment the network
• Tighten up access controls to the data
@StuHirstinfosec
282. Phishing
Phishing – why not take humans
out of the equation?
• Sandbox links &
attachments
(Uber built this
themselves)
• Protect against
Impersonation
288. Stats
Not everything is critical!
• Simple and quick wins are GOOD wins!
• Try and increase the likelihood of an employee telling
you about an event or potential attack
• Run attack simulations. Break something before
someone else does!
FORGET ABOUT TRYING TO REDUCE MEANINGLESS STATS
IF YOU GO FROM 48% TO 32% ON FIRE, YOU’RE STILL ON FIRE!
(Zane Lackey, ex-Etsy)
291. Scaremongering
Security Scaremongering
“The greatest period of impact was from
February 13 and February 18 with around 1 in
every 3,300,000 HTTP requests through
Cloudflare potentially resulting in memory
leakage (that’s about 0.00003% of requests)”
292. Some thoughts to take away
Reward people…
For making you aware of
issues.
You feel good, they feel good
& they’re likely to tell others.
293. What next?
Shout about your successes!
• Security is as
important as any
other business unit
• So shout about
successes you have
• Positive PR across
the business
295. Learn with Skyscanner
• Follow Skyscanner @CodeVoyagers
on Twitter
• Read a backlog of our learnings at
codevoyagers.com
• Sign up for our Skyscanner Code
Voyagers newsletter learnings from
our successes and failures or search
http://9nl.it/scotsecure_cvnewsletter