1) Psychopaths have 11% less prefrontal volume than healthy subjects, suggesting reduced prefrontal cortex volume may be biologically linked to criminal behavior.
2) The document discusses several studies on brain size and structure across species, finding that brain size increases over hominid evolution were likely driven by ecological and social pressures selecting for increased cognitive abilities.
3) Brain design is adapted to solve particular cognitive problems influenced by a species' environment and social structure, as seen in specialized brain areas for spatial memory in monogamous versus polygamous voles.
February 2010 8 Things You Cant Afford To Ignore About eDiscoveryJohn Wang
8 Things You Can't Afford to Ignore About eDiscovery. Unstructured content is growing at an unprecedented rate, reaching 650% over five years, with Fortune 1000 companies managing petabytes of data. With electronically stored information (ESI) being formally covered under the Federal Rules of Civil Procedure (FRCP), organizations need new tools to effectively manage, analyze, and review ESI. This article presents 8 techniques and technologies that can be used to lower costs and improve litigation success.
Thin Slicing a Black Swan: A Search for the UnknownsMichele Chubirka
This document summarizes a presentation on addressing security challenges posed by unknown threats. It discusses how current security methods like antivirus software are ineffective against new threats. It proposes using semantic web technologies and SPARQL queries to analyze network traffic data in a more flexible way that mimics human cognitive processes. Specifically, it suggests building resource description frameworks to represent packet metadata and using fast and frugal decision trees to identify patterns from small slices of information. Examples show how SPARQL can be used to query network data and identify anomalies. The presentation argues this approach could help security professionals better detect unknown threats.
Social Media for Advertising and Marketing SpecialistsDan Elder, MS
The document provides an overview of social media trends and best practices for developing a successful social media strategy. It discusses how social media has changed business and communications, with key points being that only 14% of organizations have more than 2 years of experience using social media, and that having a strategy is important for long-term success. The document concludes by outlining a 5 step approach to a successful social media strategy: 1) get organizational buy-in and the right skills, 2) develop a clear strategy, 3) set goals and metrics, 4) allocate proper resources, and 5) promote social media efforts.
EyeforTravel - Social Media Strategies for Travel USA 2008EyeforTravel
Use social media to enhance
your brand, increase sales &
attract new customers.
http://events.eyefortravel.com/ugc/?t=scribd
http://www.eyefortravel.com/?t=scribd
Keck Year 2 Evidence Based Medicine - Appraisal Resourceslynnkysh
This document provides an overview of resources for appraising medical information. It discusses tools like ACP Journal Club, DARE, and TheNNT that can help with appraisal. These tools allow for selection, summary, commentary, and dissemination of information. DARE specifically can be found through searching "Other Reviews" in Cochrane. The presentation emphasizes integrating evidence, clinical expertise, and patient values when appraising information.
This document discusses ascites, which is free fluid in the abdominal cavity. It describes the pathophysiology of ascites, which can be due to increased hydrostatic pressure (e.g. in cirrhosis), increased osmotic pressure, or impaired fluid resorption. The diagnosis involves history of increased abdominal size and physical exam findings like shifting dullness. Imaging studies like ultrasound can detect small amounts of fluid. Treatment involves dietary sodium restriction, diuretics, and paracentesis for symptomatic relief. Surgical options include shunt procedures for refractory ascites.
1) Psychopaths have 11% less prefrontal volume than healthy subjects, suggesting reduced prefrontal cortex volume may be biologically linked to criminal behavior.
2) The document discusses several studies on brain size and structure across species, finding that brain size increases over hominid evolution were likely driven by ecological and social pressures selecting for increased cognitive abilities.
3) Brain design is adapted to solve particular cognitive problems influenced by a species' environment and social structure, as seen in specialized brain areas for spatial memory in monogamous versus polygamous voles.
February 2010 8 Things You Cant Afford To Ignore About eDiscoveryJohn Wang
8 Things You Can't Afford to Ignore About eDiscovery. Unstructured content is growing at an unprecedented rate, reaching 650% over five years, with Fortune 1000 companies managing petabytes of data. With electronically stored information (ESI) being formally covered under the Federal Rules of Civil Procedure (FRCP), organizations need new tools to effectively manage, analyze, and review ESI. This article presents 8 techniques and technologies that can be used to lower costs and improve litigation success.
Thin Slicing a Black Swan: A Search for the UnknownsMichele Chubirka
This document summarizes a presentation on addressing security challenges posed by unknown threats. It discusses how current security methods like antivirus software are ineffective against new threats. It proposes using semantic web technologies and SPARQL queries to analyze network traffic data in a more flexible way that mimics human cognitive processes. Specifically, it suggests building resource description frameworks to represent packet metadata and using fast and frugal decision trees to identify patterns from small slices of information. Examples show how SPARQL can be used to query network data and identify anomalies. The presentation argues this approach could help security professionals better detect unknown threats.
Social Media for Advertising and Marketing SpecialistsDan Elder, MS
The document provides an overview of social media trends and best practices for developing a successful social media strategy. It discusses how social media has changed business and communications, with key points being that only 14% of organizations have more than 2 years of experience using social media, and that having a strategy is important for long-term success. The document concludes by outlining a 5 step approach to a successful social media strategy: 1) get organizational buy-in and the right skills, 2) develop a clear strategy, 3) set goals and metrics, 4) allocate proper resources, and 5) promote social media efforts.
EyeforTravel - Social Media Strategies for Travel USA 2008EyeforTravel
Use social media to enhance
your brand, increase sales &
attract new customers.
http://events.eyefortravel.com/ugc/?t=scribd
http://www.eyefortravel.com/?t=scribd
Keck Year 2 Evidence Based Medicine - Appraisal Resourceslynnkysh
This document provides an overview of resources for appraising medical information. It discusses tools like ACP Journal Club, DARE, and TheNNT that can help with appraisal. These tools allow for selection, summary, commentary, and dissemination of information. DARE specifically can be found through searching "Other Reviews" in Cochrane. The presentation emphasizes integrating evidence, clinical expertise, and patient values when appraising information.
This document discusses ascites, which is free fluid in the abdominal cavity. It describes the pathophysiology of ascites, which can be due to increased hydrostatic pressure (e.g. in cirrhosis), increased osmotic pressure, or impaired fluid resorption. The diagnosis involves history of increased abdominal size and physical exam findings like shifting dullness. Imaging studies like ultrasound can detect small amounts of fluid. Treatment involves dietary sodium restriction, diuretics, and paracentesis for symptomatic relief. Surgical options include shunt procedures for refractory ascites.
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
The paper shall focus on the following:
The paper shall focus on the following:
1) Introduction to the problem: Focus on “security awareness”, not “behavior”
2) Real life case study of why a US$100, 000 “security awareness” project failed
a. Identifying the human component in information security risks
b. Addressing the human component using “awareness” and “behavior”
strategies
4) Sample real-life case studies where quantifiable change has been observed
Original research and Publications
The talk is modeled on the methodology HIMIS (Human Impact Management for Information
Security) authored by Anup Narayanan and published under “Creative Commons,
This presentation discusses achieving effective and durable security strategies. It emphasizes starting from understanding an organization's key risks and considering the real costs of different security approaches. The presentation examines where risks may come from, such as technical attacks, industrial espionage or social engineering. It also discusses thinking differently about security using models like rational choice theory and situational prevention. Finally, it notes that security strategies have costs beyond direct spending, including political effort, revenue impacts and capital requirements, and choosing the right controls and architecture requires weighing these true costs.
The difference between the Reality and Feeling of SecurityAnup Narayanan
A presentation that I took recently for a top management group that focuses on the human factor in information security. The presentation focuses on why people make security mistakes by analyzing various factors involving perception, how people make security decisions and how people are influenced by their feeling of security.
Do drop me a note if you wish to discuss this further at "anup at isqworld dot com"
As infosec professionals we are swimming in prodigious amounts of data, but it isn’t making us better at our jobs, it seems to make us worse. In Verizon’s 2012 Data Breach Investigations Report, it was found that across organizations, an external party discovers 92% of breaches. We continue to desperately grasp at that straw of, “more data,” but what if this is simply information gluttony? Incident response's bloated model drives it closer to a form of security archeology rather than its promise of real-time relevance.
This document provides an overview of key concepts related to risk management, including definitions of risk, vulnerability, probability, and impact. It discusses approaches to assessing risk such as quantifying probability and impact, analyzing threats and vulnerabilities, and measuring the effectiveness of security controls. The document is authored by Phillip Banks and copyrighted by The Banks Group Inc., which provides risk consulting and security services. It references numerous standards and guidelines for risk and security management.
Poster created for Leadership for Tomorrow, The Ohio State University.
Authors are Anne Mims Adrian, Rhonda Conlon, Kevin Gamble, Beth Raney, and Jerry Thomas
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
Companies have AI projects. Security products use AI to keep attackers out and insiders at bay. But what is this "AI" that everyone talks about? In this talk we will explore what artificial intelligence in cyber security is, where the limitations and dangers are, and in what areas we should invest more in AI. We will talk about some of the recent failures of AI in security and invite a conversation about how we verify artificially intelligent systems to understand how much trust we can place in them.
Alongside the AI conversation, we will discover that we need to make a shift in our traditional approach to cyber security. We need to augment our reactive approaches of studying adversary behaviors to understanding behaviors of users and machines to inform a risk-driven approach to security that prevents even zero day attacks.
From ATLSecCon program:
There is a need to make well-informed security decisions that align with business expectations. It’s always been there; we’re just more explicit about it today. This session focuses on a core tenant that bridges the gap in communication between security and business focuses: risk. Our most familiar approaches to risk measurement are failing us. What else is out there? And what are the implications for various security disciplines? We will dive into these topics and flesh out a way forward that aligns our security concerns with their business needs.
Applying advanced analytic techniques to enable rapid real-time enterprise threat intelligence and awareness. This presentation looks at how data + algorithms can help enterprises improve their overall threat posture.
The document discusses how humans are poor decision makers due to numerous cognitive biases that cause irrational behavior. It explains that real-world decision making often involves hastily choosing the first option without proper analysis or review, unlike the ideal process of considering alternatives and revisiting choices. Some recommendations are provided on improving decision making through understanding cognitive biases, engaging imagination, probabilistic reasoning, assigning credibility scores to information sources, and promoting diversity.
Economically driven Cyber Risk ManagementOsama Salah
Why we need to move away from qualitative risk management and embrace quantitative risk management.
Advocating for FAIR as a pragmatic quantitative risk analysis model.
Presented at MESCON 2018, Dubai
A lot of people talk about Data Mining, Machine Learning and Big Data. It clearly must be important, right?
A lot of people are also trying to sell you snake oil - sometimes half-arsed and overpriced products or solutions promising a world of insight into your customers or users if you handover your data to them. Instead, trying to understanding your own data and what you could do with it, should be the first thing you’d be looking at.
In this talk, we’ll introduce some basic terminology about Data and Text Mining as well as Machine Learning and will have a look at what you can on your own to understand more about your data and discover patterns in your data.
This document discusses how information security professionals can better convey their value proposition to management. It argues that security's value is in managing risk by reducing the frequency and impact of losses. However, common misconceptions about quantifying risk must be addressed. The document provides examples of how to package risk information clearly and concisely for decisions around spending, prioritization, and multi-year strategies. Effectively communicating value can increase influence, but also brings new challenges like politics and decisions you may not agree with. Overall it emphasizes quantifying risk to reduce losses in a way that is clear, concise and defensible to management.
Presentation on Machine Learning and Data Miningbutest
The document discusses the differences between automatic learning/machine learning and data mining. It provides definitions for supervised vs unsupervised learning, what automated induction is, and the base components of data mining. Additionally, it outlines differences in the scientific approach between automatic learning and data mining, as well as differences from an industry perspective, including common data mining techniques used and tips for successful data mining projects.
AI-Driven Logical Argumentation in Active Cyber DefenseShawn Riley
Shawn Riley discusses using artificial intelligence techniques like symbolic AI (top-down) and non-symbolic AI (bottom-up) to automate logical argumentation in active cyber defense. Symbolic AI uses deductive reasoning from existing knowledge to generate explanations, while non-symbolic AI uses inductive reasoning from data to generate predictions. Cognitive playbooks capture human reasoning to automate the claim, evidence, reasoning framework. The techniques help automate different parts of the cyber OODA loop like sensing, sense-making, decision-making, and acting with feedback to improve defenses.
Deep learning in medicine: An introduction and applications to next-generatio...Allen Day, PhD
Deep learning has enabled dramatic advances in image recognition performance. In this talk I will discuss using a deep convolutional neural network to detect genetic variation in aligned next-generation sequencing human read data. Our method, called DeepVariant, both outperforms existing genotyping tools and generalizes across genome builds and even to other species. DeepVariant represents a significant step from expert-driven statistical modeling towards more automatic deep learning approaches for developing software to interpret biological instrumentation data.
Data Reliability Challenges with Spark by Henning Kropp (Spark & Hadoop User ...Comsysto Reply GmbH
Current Data Lake projects are facing enormous issues over generating business value. According to Gartner, more than 65% of the projects are failing. The most common reasons for projects to fail are centered around data reliability and performance issues resulting in delays, complexity, and errors.
Delta is the next-generation analytics engine as part of the Databricks Runtime tackling some of the most challenging issues with Spark today. Delta provides ACID, Data Versioning, and Schema Enforcement on top of Apache Parquet. In this talk, we will discuss the current challenges and give a live demo of Delta.
The Science of Cyber Security Experimentation: The DETER ProjectDETER-Project
Ms. Terry Benzel's keynote presentation slides at the Annual Security Applications Conference (ACSAC) on December 9, 2011. Ms. Benzel's presentation crystalizes many of the key concepts that she (principal investigator) and her team have been working on in The DETER Project (www.deter-project.org). It provides descriptions of the research focused on new transformational methods of increasing knowledge, incorporating higher level, semantic information about experiments, new approaches to scalable modeling and Emulation, and techniques for increasing the efficiency and efficacy of experimentation. Further described at: http://www.deter-project.org/blog/deter_-_keynote_address_acsac_key_new_web_site
This document discusses the need for Chief Security Officers (CSOs) to become "measured" by relying on metrics and data to make decisions and continuously improve security programs. It outlines two key systems a measured CSO must manage - one focused on developing metrics and models to detect and prevent threats, and one focused on metrics to plan, build and manage security operations. The document advocates using frameworks like VERIS to classify security information and incidents to identify patterns and risk factors. It also stresses the importance of data warehousing and analytics to enrich security data from various sources. Overall, the document argues that relying on measurable facts rather than subjective standards is critical for CSOs to advance the security field in a scientific manner.
Risk management is a process that helps organizations minimize vulnerabilities and prevent losses while allowing for controlled risk-taking and innovation. It involves identifying and assessing risks, then developing strategies, like risk avoidance, reduction, sharing or even acceptance, to manage potential losses. The key is to prioritize risks based on potential damage or loss, and establish plans and procedures to mitigate threats of high impact or probability.
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
The paper shall focus on the following:
The paper shall focus on the following:
1) Introduction to the problem: Focus on “security awareness”, not “behavior”
2) Real life case study of why a US$100, 000 “security awareness” project failed
a. Identifying the human component in information security risks
b. Addressing the human component using “awareness” and “behavior”
strategies
4) Sample real-life case studies where quantifiable change has been observed
Original research and Publications
The talk is modeled on the methodology HIMIS (Human Impact Management for Information
Security) authored by Anup Narayanan and published under “Creative Commons,
This presentation discusses achieving effective and durable security strategies. It emphasizes starting from understanding an organization's key risks and considering the real costs of different security approaches. The presentation examines where risks may come from, such as technical attacks, industrial espionage or social engineering. It also discusses thinking differently about security using models like rational choice theory and situational prevention. Finally, it notes that security strategies have costs beyond direct spending, including political effort, revenue impacts and capital requirements, and choosing the right controls and architecture requires weighing these true costs.
The difference between the Reality and Feeling of SecurityAnup Narayanan
A presentation that I took recently for a top management group that focuses on the human factor in information security. The presentation focuses on why people make security mistakes by analyzing various factors involving perception, how people make security decisions and how people are influenced by their feeling of security.
Do drop me a note if you wish to discuss this further at "anup at isqworld dot com"
As infosec professionals we are swimming in prodigious amounts of data, but it isn’t making us better at our jobs, it seems to make us worse. In Verizon’s 2012 Data Breach Investigations Report, it was found that across organizations, an external party discovers 92% of breaches. We continue to desperately grasp at that straw of, “more data,” but what if this is simply information gluttony? Incident response's bloated model drives it closer to a form of security archeology rather than its promise of real-time relevance.
This document provides an overview of key concepts related to risk management, including definitions of risk, vulnerability, probability, and impact. It discusses approaches to assessing risk such as quantifying probability and impact, analyzing threats and vulnerabilities, and measuring the effectiveness of security controls. The document is authored by Phillip Banks and copyrighted by The Banks Group Inc., which provides risk consulting and security services. It references numerous standards and guidelines for risk and security management.
Poster created for Leadership for Tomorrow, The Ohio State University.
Authors are Anne Mims Adrian, Rhonda Conlon, Kevin Gamble, Beth Raney, and Jerry Thomas
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
Companies have AI projects. Security products use AI to keep attackers out and insiders at bay. But what is this "AI" that everyone talks about? In this talk we will explore what artificial intelligence in cyber security is, where the limitations and dangers are, and in what areas we should invest more in AI. We will talk about some of the recent failures of AI in security and invite a conversation about how we verify artificially intelligent systems to understand how much trust we can place in them.
Alongside the AI conversation, we will discover that we need to make a shift in our traditional approach to cyber security. We need to augment our reactive approaches of studying adversary behaviors to understanding behaviors of users and machines to inform a risk-driven approach to security that prevents even zero day attacks.
From ATLSecCon program:
There is a need to make well-informed security decisions that align with business expectations. It’s always been there; we’re just more explicit about it today. This session focuses on a core tenant that bridges the gap in communication between security and business focuses: risk. Our most familiar approaches to risk measurement are failing us. What else is out there? And what are the implications for various security disciplines? We will dive into these topics and flesh out a way forward that aligns our security concerns with their business needs.
Applying advanced analytic techniques to enable rapid real-time enterprise threat intelligence and awareness. This presentation looks at how data + algorithms can help enterprises improve their overall threat posture.
The document discusses how humans are poor decision makers due to numerous cognitive biases that cause irrational behavior. It explains that real-world decision making often involves hastily choosing the first option without proper analysis or review, unlike the ideal process of considering alternatives and revisiting choices. Some recommendations are provided on improving decision making through understanding cognitive biases, engaging imagination, probabilistic reasoning, assigning credibility scores to information sources, and promoting diversity.
Economically driven Cyber Risk ManagementOsama Salah
Why we need to move away from qualitative risk management and embrace quantitative risk management.
Advocating for FAIR as a pragmatic quantitative risk analysis model.
Presented at MESCON 2018, Dubai
A lot of people talk about Data Mining, Machine Learning and Big Data. It clearly must be important, right?
A lot of people are also trying to sell you snake oil - sometimes half-arsed and overpriced products or solutions promising a world of insight into your customers or users if you handover your data to them. Instead, trying to understanding your own data and what you could do with it, should be the first thing you’d be looking at.
In this talk, we’ll introduce some basic terminology about Data and Text Mining as well as Machine Learning and will have a look at what you can on your own to understand more about your data and discover patterns in your data.
This document discusses how information security professionals can better convey their value proposition to management. It argues that security's value is in managing risk by reducing the frequency and impact of losses. However, common misconceptions about quantifying risk must be addressed. The document provides examples of how to package risk information clearly and concisely for decisions around spending, prioritization, and multi-year strategies. Effectively communicating value can increase influence, but also brings new challenges like politics and decisions you may not agree with. Overall it emphasizes quantifying risk to reduce losses in a way that is clear, concise and defensible to management.
Presentation on Machine Learning and Data Miningbutest
The document discusses the differences between automatic learning/machine learning and data mining. It provides definitions for supervised vs unsupervised learning, what automated induction is, and the base components of data mining. Additionally, it outlines differences in the scientific approach between automatic learning and data mining, as well as differences from an industry perspective, including common data mining techniques used and tips for successful data mining projects.
AI-Driven Logical Argumentation in Active Cyber DefenseShawn Riley
Shawn Riley discusses using artificial intelligence techniques like symbolic AI (top-down) and non-symbolic AI (bottom-up) to automate logical argumentation in active cyber defense. Symbolic AI uses deductive reasoning from existing knowledge to generate explanations, while non-symbolic AI uses inductive reasoning from data to generate predictions. Cognitive playbooks capture human reasoning to automate the claim, evidence, reasoning framework. The techniques help automate different parts of the cyber OODA loop like sensing, sense-making, decision-making, and acting with feedback to improve defenses.
Deep learning in medicine: An introduction and applications to next-generatio...Allen Day, PhD
Deep learning has enabled dramatic advances in image recognition performance. In this talk I will discuss using a deep convolutional neural network to detect genetic variation in aligned next-generation sequencing human read data. Our method, called DeepVariant, both outperforms existing genotyping tools and generalizes across genome builds and even to other species. DeepVariant represents a significant step from expert-driven statistical modeling towards more automatic deep learning approaches for developing software to interpret biological instrumentation data.
Data Reliability Challenges with Spark by Henning Kropp (Spark & Hadoop User ...Comsysto Reply GmbH
Current Data Lake projects are facing enormous issues over generating business value. According to Gartner, more than 65% of the projects are failing. The most common reasons for projects to fail are centered around data reliability and performance issues resulting in delays, complexity, and errors.
Delta is the next-generation analytics engine as part of the Databricks Runtime tackling some of the most challenging issues with Spark today. Delta provides ACID, Data Versioning, and Schema Enforcement on top of Apache Parquet. In this talk, we will discuss the current challenges and give a live demo of Delta.
The Science of Cyber Security Experimentation: The DETER ProjectDETER-Project
Ms. Terry Benzel's keynote presentation slides at the Annual Security Applications Conference (ACSAC) on December 9, 2011. Ms. Benzel's presentation crystalizes many of the key concepts that she (principal investigator) and her team have been working on in The DETER Project (www.deter-project.org). It provides descriptions of the research focused on new transformational methods of increasing knowledge, incorporating higher level, semantic information about experiments, new approaches to scalable modeling and Emulation, and techniques for increasing the efficiency and efficacy of experimentation. Further described at: http://www.deter-project.org/blog/deter_-_keynote_address_acsac_key_new_web_site
This document discusses the need for Chief Security Officers (CSOs) to become "measured" by relying on metrics and data to make decisions and continuously improve security programs. It outlines two key systems a measured CSO must manage - one focused on developing metrics and models to detect and prevent threats, and one focused on metrics to plan, build and manage security operations. The document advocates using frameworks like VERIS to classify security information and incidents to identify patterns and risk factors. It also stresses the importance of data warehousing and analytics to enrich security data from various sources. Overall, the document argues that relying on measurable facts rather than subjective standards is critical for CSOs to advance the security field in a scientific manner.
Risk management is a process that helps organizations minimize vulnerabilities and prevent losses while allowing for controlled risk-taking and innovation. It involves identifying and assessing risks, then developing strategies, like risk avoidance, reduction, sharing or even acceptance, to manage potential losses. The key is to prioritize risks based on potential damage or loss, and establish plans and procedures to mitigate threats of high impact or probability.
The document discusses evidence-based risk management and the VERIS framework. It explains that VERIS provides a common language for describing security incidents in a structured way. Incidents are broken down into a series of events involving an agent, action, asset, and attribute. This data can then be used to better understand risk, make data-driven decisions, and identify optimal controls. The goal is to move from random observations to formal modeling and evidence-based management.
The document discusses threat modeling and risk management. It introduces VERIS, an open framework developed by Verizon for categorizing cyber security incidents. VERIS breaks incidents down into metrics including demographics, a classification of the incident using an "A3" model of agents, actions and assets, details on discovery and mitigation, and impact classification including estimated losses. VERIS aims to enable pattern matching across incidents to better understand behaviors and risks. The presentation argues that a data-driven, behavioral approach is needed for effective risk management of complex adaptive systems.
1) Current risk management approaches are problematic because they are either too notional and abstract or too focused on tangible metrics.
2) A new evidence-based approach is proposed that uses incident data frameworks to extract metrics that can be used to build models of threats, impacts, and management capabilities.
3) By analyzing patterns in incident data, more accurate assessments of risk can be made based on an organization's unique loss landscape, threat landscape, controls landscape, and how these change over time. This moves risk management from superstition to a measurable science.
The presentation Mortman & Hutton gave at Security B-Sides in Las Vegas as well as our Black Hat presentation mixed in.
More at http://www.newschoolsecurity.com
Best Competitive Marble Pricing in Dubai - ☎ 9928909666Stone Art Hub
Stone Art Hub offers the best competitive Marble Pricing in Dubai, ensuring affordability without compromising quality. With a wide range of exquisite marble options to choose from, you can enhance your spaces with elegance and sophistication. For inquiries or orders, contact us at ☎ 9928909666. Experience luxury at unbeatable prices.
Ellen Burstyn: From Detroit Dreamer to Hollywood Legend | CIO Women MagazineCIOWomenMagazine
In this article, we will dive into the extraordinary life of Ellen Burstyn, where the curtains rise on a story that's far more attractive than any script.
Storytelling is an incredibly valuable tool to share data and information. To get the most impact from stories there are a number of key ingredients. These are based on science and human nature. Using these elements in a story you can deliver information impactfully, ensure action and drive change.
Call8328958814 satta matka Kalyan result satta guessing➑➌➋➑➒➎➑➑➊➍
Satta Matka Kalyan Main Mumbai Fastest Results
Satta Matka ❋ Sattamatka ❋ New Mumbai Ratan Satta Matka ❋ Fast Matka ❋ Milan Market ❋ Kalyan Matka Results ❋ Satta Game ❋ Matka Game ❋ Satta Matka ❋ Kalyan Satta Matka ❋ Mumbai Main ❋ Online Matka Results ❋ Satta Matka Tips ❋ Milan Chart ❋ Satta Matka Boss❋ New Star Day ❋ Satta King ❋ Live Satta Matka Results ❋ Satta Matka Company ❋ Indian Matka ❋ Satta Matka 143❋ Kalyan Night Matka..
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...APCO
The Radar reflects input from APCO’s teams located around the world. It distils a host of interconnected events and trends into insights to inform operational and strategic decisions. Issues covered in this edition include:
IMPACT Silver is a pure silver zinc producer with over $260 million in revenue since 2008 and a large 100% owned 210km Mexico land package - 2024 catalysts includes new 14% grade zinc Plomosas mine and 20,000m of fully funded exploration drilling.
[To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
This presentation is a curated compilation of PowerPoint diagrams and templates designed to illustrate 20 different digital transformation frameworks and models. These frameworks are based on recent industry trends and best practices, ensuring that the content remains relevant and up-to-date.
Key highlights include Microsoft's Digital Transformation Framework, which focuses on driving innovation and efficiency, and McKinsey's Ten Guiding Principles, which provide strategic insights for successful digital transformation. Additionally, Forrester's framework emphasizes enhancing customer experiences and modernizing IT infrastructure, while IDC's MaturityScape helps assess and develop organizational digital maturity. MIT's framework explores cutting-edge strategies for achieving digital success.
These materials are perfect for enhancing your business or classroom presentations, offering visual aids to supplement your insights. Please note that while comprehensive, these slides are intended as supplementary resources and may not be complete for standalone instructional purposes.
Frameworks/Models included:
Microsoft’s Digital Transformation Framework
McKinsey’s Ten Guiding Principles of Digital Transformation
Forrester’s Digital Transformation Framework
IDC’s Digital Transformation MaturityScape
MIT’s Digital Transformation Framework
Gartner’s Digital Transformation Framework
Accenture’s Digital Strategy & Enterprise Frameworks
Deloitte’s Digital Industrial Transformation Framework
Capgemini’s Digital Transformation Framework
PwC’s Digital Transformation Framework
Cisco’s Digital Transformation Framework
Cognizant’s Digital Transformation Framework
DXC Technology’s Digital Transformation Framework
The BCG Strategy Palette
McKinsey’s Digital Transformation Framework
Digital Transformation Compass
Four Levels of Digital Maturity
Design Thinking Framework
Business Model Canvas
Customer Journey Map
Discover timeless style with the 2022 Vintage Roman Numerals Men's Ring. Crafted from premium stainless steel, this 6mm wide ring embodies elegance and durability. Perfect as a gift, it seamlessly blends classic Roman numeral detailing with modern sophistication, making it an ideal accessory for any occasion.
https://rb.gy/usj1a2
Cover Story - China's Investment Leader - Dr. Alyce SUmsthrill
In World Expo 2010 Shanghai – the most visited Expo in the World History
https://www.britannica.com/event/Expo-Shanghai-2010
China’s official organizer of the Expo, CCPIT (China Council for the Promotion of International Trade https://en.ccpit.org/) has chosen Dr. Alyce Su as the Cover Person with Cover Story, in the Expo’s official magazine distributed throughout the Expo, showcasing China’s New Generation of Leaders to the World.
Profiles of Iconic Fashion Personalities.pdfTTop Threads
The fashion industry is dynamic and ever-changing, continuously sculpted by trailblazing visionaries who challenge norms and redefine beauty. This document delves into the profiles of some of the most iconic fashion personalities whose impact has left a lasting impression on the industry. From timeless designers to modern-day influencers, each individual has uniquely woven their thread into the rich fabric of fashion history, contributing to its ongoing evolution.
The Steadfast and Reliable Bull: Taurus Zodiac Signmy Pandit
Explore the steadfast and reliable nature of the Taurus Zodiac Sign. Discover the personality traits, key dates, and horoscope insights that define the determined and practical Taurus, and learn how their grounded nature makes them the anchor of the zodiac.
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....Lacey Max
“After being the most listed dog breed in the United States for 31
years in a row, the Labrador Retriever has dropped to second place
in the American Kennel Club's annual survey of the country's most
popular canines. The French Bulldog is the new top dog in the
United States as of 2022. The stylish puppy has ascended the
rankings in rapid time despite having health concerns and limited
color choices.”
Discover the Beauty and Functionality of The Expert Remodeling Serviceobriengroupinc04
Unlock your kitchen's true potential with expert remodeling services from O'Brien Group Inc. Transform your space into a functional, modern, and luxurious haven with their experienced professionals. From layout reconfiguration to high-end upgrades, they deliver stunning results tailored to your style and needs. Visit obriengroupinc.com to elevate your kitchen's beauty and functionality today.
SATTA MATKA DPBOSS KALYAN MATKA RESULTS KALYAN CHART KALYAN MATKA MATKA RESULT KALYAN MATKA TIPS SATTA MATKA MATKA COM MATKA PANA JODI TODAY BATTA SATKA MATKA PATTI JODI NUMBER MATKA RESULTS MATKA CHART MATKA JODI SATTA COM INDIA SATTA MATKA MATKA TIPS MATKA WAPKA ALL MATKA RESULT LIVE ONLINE MATKA RESULT KALYAN MATKA RESULT DPBOSS MATKA 143 MAIN MATKA KALYAN MATKA RESULTS KALYAN CHART
NIMA2024 | De toegevoegde waarde van DEI en ESG in campagnes | Nathalie Lam |...BBPMedia1
Nathalie zal delen hoe DEI en ESG een fundamentele rol kunnen spelen in je merkstrategie en je de juiste aansluiting kan creëren met je doelgroep. Door middel van voorbeelden en simpele handvatten toont ze hoe dit in jouw organisatie toegepast kan worden.
8. hey, why are
you getting
lousy
information
from
standards
and vendors?
9. The science
hey, why are of information
you getting security & risk
management
lousy is hard
information 1. Pseudo Science &
Proto Science
from 2. Models & Data
standards 3. Complexity
and vendors?
10. The science
hey, why are of information
you getting security & risk
management
lousy is hard
information 1. Pseudo Science &
Proto Science
from 2. Models & Data
standards 3. Complexity
and vendors?
11. State of the Industry (a)
(Thomas Kuhn is way smarter than we are)
proto-science
somewhat random fact
gathering (mainly of readily
accessible data)
a“morass”of interesting,
trivial, irrelevant
observations
a variety of theories (that are
spawned from what he calls
philosophical speculation) that
provide little guidance to
data gathering
12. State of the Industry (b)
At our present skill in measurement of
security, we generally have an ordinal
scale at best, not an interval scale and
certainly not a ratio scale. In plain
terms, this means we can say whether
X is better than Y but how much better
and compared to what is not so easy.
– More from Dan Geer
13. If Science is based on
inductive observations to
derive meaning and
understanding and
measurement on quality
(ratio) scales, how about
InfoSec?
Where do we sit in the
family of sciences?
14. We’re the Crazy Uncle
with tinfoil hat antennae
used to talk to the space
aliens of Regulus V, has
47 cats, and who too
frequently (but
benignly) forgets to
wear pants.
18. decimals aren’t magic.
adding one
willy-nilly doesn’t
suddenly
transform
ordinal rankings
into ratio values.
19. The science
hey, why are of information
you getting security & risk
management
lousy is hard
information 1. Pseudo Science &
Proto Science
from 2. Models & Data
standards 3. Complexity
and vendors?
20. Data must exist in order to feed our
models...
... but creating the right models are
dependent on understanding what
data is useful!
20
24. The science
hey, why are of information
you getting security & risk
management
lousy is hard
information 1. Pseudo Science &
Proto Science
from 2. Models & Data
standards 3. Complexity
and vendors?
27. A Comforting Thought...
“Given Newton's laws
and the current position
and velocity of every
particle in the universe,
it was possible, in
principle, to predict
everything for all time.”
-- Simon-Pierre LaPlace, 1814
31. Awww man...
...even if it were the case that the
natural laws had no longer any
secret for us, we could still only
know the initial situation
approximately. ... small
differences in the initial conditions
produce very great ones in the
final phenomenon. A small error in
the former will produce an
enormous error in the latter.
Prediction becomes impossible...
-- Henri Poincare,
1887
32. ty non
lexi -l i
p nea
C om r
13
5 6
2 2 2 2
Systems Approach
Holism
33. Complex systems contain changing
mixtures of failures latent within them.
The complexity of these systems makes it impossible for
them to run without multiple flaws being present.
... individually insufficient to cause failure
...failures change constantly because of
changing technology, work organization,
and efforts to eradicate failures.
Complex systems run in degraded mode.
“How Complex Systems Fail”
- Richard Cook
34. Security is a characteristic of systems
and not of their components
Security is an emergent property of systems; it does not
reside in a person, device or department of an organization
or system.
... it is not a feature that is separate from
the other components of the system.
...the state of Security in any system is
always dynamic
“How Complex Systems Fail”
- Richard Cook
36. Overcoming the problem
• Medicine uses an “Evidence-
Based” approach to solving
problems in the complex
system that is the body.
• Dr. Peter Tippett (MD, PhD)
applies Evidence-Based
principles to Information
Security.
36
37. What to study: Sources of Knowledge
Suggested
context:
Capability
to
manage
(skills,
resources,
asset decision
quality…)
landscape
impact
landscape
risk
threat
landscape
controls
landscape
38. How: Data Quality in Evidence-Based Practice
Evidence
level
D Evidence
level
C Evidence
level
B Evidence
level
A
Evidence
level
A Case-‐series
Consistent
Consistent
“Expert
opinion
study
or
Retrospec8ve
Randomized
without
explicit
extrapola8ons
Cohort,
Exploratory
Controlled
Clinical
cri8cal
appraisal,
from
level
B
Cohort,
Ecological
Trial,
cohort
study,
or
based
on
studies. Study,
Outcomes
all
or
none,
clinical
physiology,
bench
Research,
case-‐ decision
rule
research
or
first
control
study;
or
validated
in
principles.” extrapola8ons
from
different
level
A
studies. popula8ons.
beNer
39. Evidence-Based Risk Management
State of Nature State of Knowledge State of Wisdom
Evidence level D Lists Feeling like we’ve done
something
Evidence level C Simple derived values Outcomes with ad-hoc
with ad-hoc modeling deductive selections
Evidence level B Formal Modeling Decision making
constructs
Evidence level A
40. Evidence-Based Risk Management
State of Nature State of Knowledge State of Wisdom
Evidence level D Lists Feeling like we’ve done
something
Evidence level C Simple derived values Outcomes with ad-hoc
with ad-hoc modeling deductive selections
Evidence level B Formal Modeling Decision making
constructs
Evidence level A
41. Evidence-Based Risk Management
State of Nature State of Knowledge State of Wisdom
Evidence level D Lists Feeling like we’ve done
something
Evidence level C Simple derived values Outcomes with ad-hoc
with ad-hoc modeling deductive selections
You
are
here
Evidence level B Formal Modeling Decision making
constructs
Evidence level A
42. So
How
Do
We
Change?
Data
Models…
Standards
START
WITH
THE
OUTCOMES!
44. Knowing Success in
InfoSec is hard
- Known Success (anti-Threat ops)
- Unknown success (controls work
without us knowing)
- Dumb luck (We’re not targeted, but our
neighbor is)
49. Getting The Outcomes:
Failures
VERIS | Verizon
Enterprise Risk and
Information Sharing
VERIS takes the
incident narrative
and creates metrics
(risk determinants)
50. VERIS | Verizon
Enterprise Risk and
Information Sharing
A
free
(as
in
beer*)
framework
created
for
metrics,
modeling,
and
compara8ve
analy8cs.
A
security
incident
(or
threat
scenario)
is
modeled
as
a
series
of
events.
Every
event
is
comprised
of
the
following
4
A’s:
Agent:
Whose
acLons
affected
the
asset
AcLon:
What
acLons
affected
the
asset
Asset:
Which
assets
were
affected
AOribute:
How
the
asset
was
affected
51. VERIS takes this :
INCIDENT REPORT
“An attacker from a Russian IP address
initiated multiple SQL injection attacks
against a public-facing web application.
They were able to introduce keyloggers
and network sniffers onto internal
systems. The keyloggers captured
several domain credentials which the
attackers used to further infiltrate the
corporate network. The packet sniffers
captured data for several months which
the attacker periodically returned to
collect…”
and…
56. Framework Framework
Data Process
= Process
∑
∩ ∫√
Models =
∑
∩ ∫√
Data Models
Process
Process
Data
57. Using your metrics
program
- Identify & Measure your processes
- Identify & Measure your failures
- Get into loss factors (ABC)
- Share data
- Support data sharing efforts
65. Evidence-Based Risk Management
State of Nature State of Knowledge State of Wisdom
Evidence level D Lists Feeling like we’ve done
something
Evidence level C Simple derived values Outcomes with ad-hoc
with ad-hoc modeling deductive selections
Evidence level B Formal Modeling Decision making
constructs
Evidence level A
66. asset
landscape
A balanced
scorecard of
sorts
threat impact
landscape landscape
risk
controls
landscape
67. Where to look? The
Two True Security
Outcomes:
Success and
Failure
68. Failures:
threat
landscape incidents, red/blue team
asset vulnerabilities, misconfigurations,
landscape
unknowns...
gaps in coverage, known lack of
controls
landscape effectiveness, known underskilled/
utilized...
impact Cost-Based Accounting around
landscape
incidents, cost of operations, etc...
70. What to look? Two
types of data to find:
Focus initially
on Visibility,
then look to find
Variability.
71. How to look? The
GQM Approach:
For each
“where” for each
“what” use the
following “how”
72. How to look? The
GQM Approach:
For each
“where” for each
“what”, start by
using GQM as
“how.”
73. Goal, Question,
Metric
Conceptual level (goal)
goals defined for an object for a variety of
reasons, with respect to various models, from
various points of view.
Operational level (question)
questions are used to define models of
the object of study and then focuses on
that object to characterize the assessment
or achievement of a specific goal.
Quantitative level (metric)
Victor Basili
metrics, based on the models, is
associated with every question in order to
answer it in a measurable way.
74. The Book You
Should Buy
(Jay & Alex aren’t getting a
kickback, in case you’re
wondering)
75. GQM for Fun & Profit
Goals establish
what we want to Goal 1 Goal 2
accomplish.
Questions help us
understand how to
meet the goal. They Q1 Q2 Q3 Q4 Q5
address context.
Metrics identify the
measurements that
are needed to answer M1 M2 M3 M4 M5 M6 M7
the questions.
76. GQM for Fun & Profit
Execution Goal 1 Goal 2
Models Q1 Q2 Q3 Q4 Q5
Data M1 M2 M3 M4 M5 M6 M7
77. data about defined success
and failures
models of assets, controls,
threats contributing to impact
execution by data analysts
...Feeding standards, audits and governance
78. Using your metrics
program
- Identify & Measure your processes
- Identify & Measure your failures
- Get into loss factors (ABC)
- Share data
- Support data sharing efforts
79. Using your metrics
program
- Identify & Measure your processes
- Identify & Measure your failures
- Get into loss factors (ABC)
- Share data
- Support data sharing efforts
80. Security is now so
essential a concern
that we can no longer
use adjectives and
adverbs but must
instead use numbers.
– Dan Geer
81. Questions?
Jay Jacobs Alex Hutton
@jayjacobs @alexhutton
jay@beechplane.com alex@alexhutton.com
82. Approaching the system
as a system
asset
landscape
impact
Prioritize
landscape
risk
threat
landscape
controls
landscape De-prioritize
84. Data Sharing:
- Sources:
- Qualify this Intel according to
framework
- Treat with appropriate data quality
listings (let models shape the certainty)
85. Get Into Accounting
- Use existing models that take
advantage of accounting concepts
(ABC) to Talk to the LOBs
86. Using your metrics
program
- Identify & Measure your processes
- Identify & Measure your failures
- Share data
- Support data sharing efforts
- Get into loss factors (ABC)