Security challenges in 2017

•Download as PPTX, PDF•

0 likes•73 views

Current challenges in delivering security in the enterprise. Exploring why people are the biggest problem facing security today.

Technology

SECURITY CHALLENGES IN 2017
Prevalent cyber security challenges facing businesses today.
Etienne Liebetrau - CISSP
Infrastructure Architects @Woolworths Holdings
Security Consultant
Technical Writer
Solution Deployment Contractor
Researcher
Firewall / UTM collector
Public Speaker – working on it!
The views and opinions expressed in this presentation are my personal ones based on experience in the field. It is not sanctioned by any 3rd party
customer or vendor.

PEOPLE ARE THE
PROBLEM
• Getting adequate focus and funds allocated to security initiatives
• Technically focused individuals can’t translate the needs to business motivators
• Use C-suite to further your cause – explain liability
• Security seen as a non functional service, as a preventative measure
• Focus rather on the enablement
• Create visibility
• Find your weak spots

LACKING SECURITY IMPLEMENTATION
• People
• Lack of understanding the issues
• Lack of ability to execute a solution
• Lack of caring – not my issue
• Process
• Poor change control – low value
• Slow to adapt to change
• Slow to respond to incident
• BCP and DR confusion
• Technology
• Sweating assets beyond common sense
• Budget cycles
• Business priority
• Technical Debt racks up with cloud adoption

MANY PROBLEMS -
MANY SOLUTIONS
• Patch management
• Software and device vulnerabilities
• Capacity and replacement
• Device management
• Network access – BYODisaster
• RBAC
• Lack of visibility, lack of understanding
• Solutions are all over
• Various frameworks to address the issues
• Users are a weak spot
Snowden showed how well it worked

SECURITY SUGGESTIONS
• Simplify – deployments – solutions and process. Less is more
• Update – Update - Update
• Consolidate on a technology partner
• Leverage all value from single platform before adding another
• Multi instances better than monolithic
• Leverage cloud technologies
• Visibility is key
• Perimeter, core and endpoint security
• Cryptography is your friend and your enemy
• Talk to anyone who will listen – create awareness - change the culture
• Challenge the status quo – attackers don’t care about your change freeze
• Test “people – process – technology” and do it often

RISK BASED ASSESSMENT
• Attackers go after low hanging fruit first, so should you.
• Stay up to date with attack vectors and methods
• User awareness such as phishing tools and campaigns
• Have an automated plan for alerting and incident response
• Red team, Blue team and Command
• Red team - Basic vulnerability testing of environment (fun team)
• Blue team – Detect, Defend, Secure, Remediate (sitting ducks)
• Command – Takes care of paperwork – escalates up the chain

EXECUTIVE LIABILITY
• Law varies per country and region - GDPR
• More and more executive liability
• Negligence leading to personal fines or jail time
• Inter company or corporate disciplinary actions
• Statistically - breach, attack or compromise is inevitable
• Know what is and is not your burden
• Cover yourself
• Non-repudiation communication of issues
• If all else fails and no one listens…

SECURITY CHALLENGES IN 2017
Prevalent cyber security challenges facing businesses today.
Questions and discussions

Disaster recovery, emergency response and business continuity plans are usually developed when no disaster exists. We think we’ve covered all contingencies. We think we’ve trained all the appropriate players. We’ve tested. We’ve re-tested. We think we’re ready to face whatever event there is looming out their with our name on it! The real world has a nasty habit of triggering disasters at the least opportune time, often featuring a twist that throws plans into disarray. This presentation focuses on three real-world plans, each of which with a fatal flaw. We will discuss elements that should be in a plan beyond the normal guidance from the Disaster Recovery Institute (DRI) and a set of actions that should be included in planning and preparation.

The Datacenter Security Continuum

Martin Hingley

Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...

centralohioissa

IT Security Management -- People, Procedures and Tools

Andrew S. Baker (ASB)

The document discusses approaches for ensuring IT security for NGOs with global presences and limited resources. It emphasizes managing security through the lens of people, procedures, and tools. The presentation outlines key premises of information security, such as treating it as a lifestyle rather than an event. It provides suggestions for dealing with challenges like maintaining security on a limited budget and in a global setting. It stresses the importance of having the right people, clear and simple procedures, and tools used to implement security policies.

Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...

Sreejesh Madonandy

Keynote Information Security days Luxembourg 2015

Claus Cramon Houmann

NZISF Talk: Six essential security services

Hinne Hettema

Keynote at the Cyber Security Summit Prague 2015

Claus Cramon Houmann

- The document discusses a major hack that showed existing security tools and next-generation tools have limitations and can be bypassed. It notes how easily malware can detect sandboxes and analyzes new attack surfaces like the Internet of Things. It advocates for building defenses in key "hot zones" like endpoints, networks, data in transit, and cloud infrastructure. It provides best practices around gaining situational awareness, operational excellence, and deploying appropriate countermeasures. The overall message is that security must be a strategic priority requiring budget, skills, vigilance and alliance between security and IT teams.

Endpoint security involves securing devices like laptops and ensuring they comply with security policies before being granted network access. Major endpoint security solutions include Cisco NAC, Microsoft NAP, and TCG's Trusted Network Connect standard, but all take the approach of evaluating devices and enforcing admission control policies using tools like 802.1x and RADIUS. While endpoint security is important, it also requires significant resources to deploy and its solutions are still evolving.

2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design

NCC Group

This document discusses developing mobile apps with security in mind from the start. It notes that considering security early in the design process is cheaper, easier and less likely to result in fundamental flaws compared to addressing security as an afterthought. While building security into apps from the beginning requires more initial effort, it can improve user experience and privacy, lead to more integrated and upgradable security, and provide better ROI long term compared to last minute approaches. When using commercial off-the-shelf apps, gaining security assurances can be challenging and often relies on black box assessments rather than code access. Proper response planning is also important in case issues arise.

BSIDES DETROIT 2015: Data breaches cost of doing business

Joel Cardella

Joel Cardella has over 20 years of experience in IT, including infrastructure operations, data centers, sales support, network operations, and security. He provides his email and Twitter contact information. The document discusses using a risk-based approach to cybersecurity and focusing on reducing risks to the business using positive return on investment. It provides examples of security strategies and a layered security model.

Bill Stankiewicz Copy Scope 2010 Npi Company

BillStankiewicz

This document discusses how to prepare supply chains for unknown threats by getting disaster recovery basics right through contracts. It notes that disruptive events will happen and outlines challenges like balancing preparedness and budget. The document recommends conducting risk assessments, identifying essential functions, securing data, establishing redundant infrastructure, and documenting/testing plans. It discusses disaster recovery options like traditional hot/cold sites, advanced recovery, and outsourcing, noting advantages, disadvantages and costs of each. The document also identifies spending pitfalls to avoid like being locked into contracts, apps not being cloud-ready, in-house inefficiencies, and licensing issues. It provides action items focused on assessment, prioritization, security, options evaluation, and testing.

2 ppt final dan shoemaker dd1 stockholm presentation

GlobalForum

The document discusses supply chain risk management (SCRM) and outlines its goals of ensuring sourced hardware and software products are functional and secure. SCRM encompasses five categories of risk related to malicious or counterfeit components, production disruptions, unqualified suppliers, and vulnerabilities. The key outcome of SCRM is guaranteeing products only do their intended functions. SCRM is implemented through security controls and a formal process to analyze and prioritize risks through defense in depth. The aim of SCRM is to fully understand risks when making sourcing decisions.

Piggy Backing & Tailgating (Security)

GAURAV. H .TANDON

This document discusses piggybacking and tailgating as security risks. Piggybacking refers to when an unauthorized person gains entry by following an authorized person, while tailgating implies the unauthorized person follows without consent. The document outlines various methods used for piggybacking, like surreptitiously following others or blending into large crowds. Tailgating is a security and compliance issue that can result in costs from theft, data breaches, and loss of productivity. The document recommends both physical security measures and social engineering or policy solutions to address tailgating risks.

Why implement a robust cyber security policy?

Jisc

Common WebApp Vulnerabilities and What to Do About Them

Eoin Woods

This document discusses common web security threats and how to defend against them. It begins by introducing common threats like injection attacks, authentication issues, and sensitive data exposure. It then details the OWASP Top 10 list of most critical web application security risks, which include injection, cross-site scripting, insecure object references, and more. The document recommends defenses like input validation, access control, encryption, and keeping systems up to date. It emphasizes that attacks usually combine multiple vulnerabilities and simplicity is key to security. Useful tools for analyzing threats are also presented.

Risk Factory: How to Implement an Effective Incident Response Programme

Risk Crew

The document outlines steps for establishing an effective incident response plan in 3 stages: preparation, response, and review. It recommends identifying stakeholders and their roles, crafting policies and procedures for responding to incidents, collecting evidence, and conducting training. Key elements include defining incident severity levels, outlining response procedures, documenting actions taken, and measuring outcomes to improve security. The goal is to limit damage from incidents, recover quickly, and prevent future issues.

Preparing a Next Generation IT Strategy

Bishop Fox

1) The document discusses preparing a next-generation IT security strategy and outlines key aspects to consider such as security drivers, guiding principles, traditional vs next-generation approaches, and capabilities, challenges, and context. 2) It recommends moving from a traditional defense-in-depth approach to an integrated next-generation strategy that focuses on capabilities, challenges to security assumptions, and understanding context. 3) This next-generation approach evaluates what can be enforced through controls and what can be learned through continuous challenge and adaptation between red and blue teams.

10 Security issues facing NZ Enterprises

Nigel Hanson

Applied mobile chaos theory

SecureITExperts

The document discusses Network Computing Architects' (NCA) 12-step plan to address challenges related to mobile workforce mobility. It begins by describing how mobility has changed and the challenges it poses. It then discusses applying chaos theory concepts to mobility and having a holistic perspective that addresses needs, risks, policies, ecosystem, and more. The 12 steps proposed are needs, risks, policy, ecosystem, virtualization, device management, identity management, end-point protection, remote access, data protection, training and awareness, and loss/incident handling.

FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...

FinTech Belgium

This document discusses evaluating security needs for integrating cybersecurity services. It suggests considering: 1. Rules and regulations the client needs to comply with from regulators and expectations of risk tolerance from both the client and provider. 2. The technical capabilities of both the client and provider to execute security measures. 3. Grouping identified risks into categories of customer-facing systems, core corporate systems, and user devices to define a cybersecurity strategy. The document advocates a "Keep It Simple" approach and evaluating all factors to appropriately define a cybersecurity integration stack that meets the client's needs.

Mining IT Summit Nov 6 2014

Lisa Abe-Oldenburg, B.Comm., JD.

This document provides tips and best practices for negotiating IT contracts in the mining industry, with a focus on software licensing, cloud computing, and IT outsourcing agreements. Some key points discussed include: doing due diligence on software licenses; understanding cloud computing risks around data location and security; and structuring outsourcing agreements to clearly define responsibilities, service level agreements, and allocation of risk. The document provides detailed recommendations in each of these areas to help mining companies negotiate successful IT contracts.

Cyber Threat Prevention

Jonathan Posner

This document discusses current cybersecurity trends, approaches to network security, and common threats like DDoS and zero-day attacks. It also covers risk profiling, PCI DSS compliance, and prioritizing security investments. The document introduces Paul Coady, a cybersecurity specialist with over 25 years of experience who provides consultancy services to enterprise clients through Caretower on the latest challenges and how to shape security improvement programs.

How to Protect Your Mainframe from Hackers (v1.0)

Rui Miguel Feio

Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)

Rui Miguel Feio

Cyber security and the mainframe (v1.3)

Rui Miguel Feio

In a digital age of cloud computing and mobile systems; where cyber security, cyber crime and cyber war are part of the day-to-day vocabulary, how secure is the mainframe? Is it safe to assume that the mainframe is secure by default? Can we ignore the fact that the mainframe is just another platform in the great scheme of things? How vital is the mainframe and the data that it stores for you and your company?

FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – Keynote – M.Akker...

FinTech Belgium

This document discusses key considerations for scaling up a business. It outlines ingredients for successful scale-ups including having a strong vision and brand, focusing on solutions not just products, prioritizing time to market, selling to customers and references, building a global geographical footprint, hiring expert talent, having a top-notch executive team, and carefully selecting investors. The document also emphasizes that cybersecurity and compliance must be taken seriously for scaling businesses, as they face many cyber threats and regulatory pressures, and their prospects are often regulated organizations demanding high data protection standards. It advises businesses to adopt a long-term cybersecurity vision and hire internal and external experts to address these challenges.

(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)

Rui Miguel Feio

Today's Breach Reality, The IR Imperative, And What You Can Do About It

Resilient Systems

Despite changing threats and the near certainty of compromise, most IT security programs are much the same as they were a decade ago. How have attacker motivations and tactics changed, and why? What does this mean for IT security departments, and how must they adapt? This webinar will detail the security challenges organizations face today, the implications of changes in attacker tactics and motivations, and what firms can do to better align their security program with today's reality. Our featured speakers for this webinar will be: - Ted Julian, Chief Marketing Officer, Co3 Systems - Colby Clark, Director of Incident Management, Fishnet Security

Andrew kozma - security 101 - atlseccon2011

Atlantic Security Conference

This document provides an overview of security principles, models, and concepts. It discusses defense in depth, which involves layering security measures so that failure of one layer does not compromise the entire system. The OSI model defines a framework for implementing protocols across seven layers, and security can be added to each layer. Physical security, data link security, network security, host security, the human factor, logging, security lifecycles, and aligning security with business needs are also examined. The key lessons are that security requires being right at all times, defense in depth is not a security blanket, good enough is no longer sufficient, and security must be continuously improved, monitored, and reported on.

What's hot

Info Sec2007 End Point Final

Ben Rothke

2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design

NCC Group

BSIDES DETROIT 2015: Data breaches cost of doing business

Joel Cardella

Bill Stankiewicz Copy Scope 2010 Npi Company

BillStankiewicz

2 ppt final dan shoemaker dd1 stockholm presentation

GlobalForum

Piggy Backing & Tailgating (Security)

GAURAV. H .TANDON

Why implement a robust cyber security policy?

Jisc

Common WebApp Vulnerabilities and What to Do About Them

Eoin Woods

Risk Factory: How to Implement an Effective Incident Response Programme

Risk Crew

Preparing a Next Generation IT Strategy

Bishop Fox

10 Security issues facing NZ Enterprises

Nigel Hanson

Applied mobile chaos theory

SecureITExperts

FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...

FinTech Belgium

Mining IT Summit Nov 6 2014

Lisa Abe-Oldenburg, B.Comm., JD.

Cyber Threat Prevention

Jonathan Posner

How to Protect Your Mainframe from Hackers (v1.0)

Rui Miguel Feio

Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)

Rui Miguel Feio

Cyber security and the mainframe (v1.3)

Rui Miguel Feio

FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – Keynote – M.Akker...

FinTech Belgium

(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)

Rui Miguel Feio

What's hot (20)

Info Sec2007 End Point Final

2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design

BSIDES DETROIT 2015: Data breaches cost of doing business

Bill Stankiewicz Copy Scope 2010 Npi Company

2 ppt final dan shoemaker dd1 stockholm presentation

Piggy Backing & Tailgating (Security)

Why implement a robust cyber security policy?

Common WebApp Vulnerabilities and What to Do About Them

Risk Factory: How to Implement an Effective Incident Response Programme

Preparing a Next Generation IT Strategy

10 Security issues facing NZ Enterprises

Applied mobile chaos theory

FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...

Mining IT Summit Nov 6 2014

Cyber Threat Prevention

How to Protect Your Mainframe from Hackers (v1.0)

Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)

Cyber security and the mainframe (v1.3)

FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – Keynote – M.Akker...

(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)

Similar to Security challenges in 2017

Today's Breach Reality, The IR Imperative, And What You Can Do About It

Resilient Systems

Andrew kozma - security 101 - atlseccon2011

Atlantic Security Conference

bh-win-04-conacher.ppt

Rakesh Kumar

Information security risks increase during mergers and acquisitions due to changes in the threat model and potential for disgruntled employees. The document outlines a 6 phase approach for managing information security risks during an M&A: pre-target, target, due diligence, sign-off, integration, and post-integration. It recommends identifying key assets, securing backups and perimeter defenses, developing policies, and educating teams to protect the acquiring company and target during integration.

Bil Harmer - Myths of Cloud Security Debunked!

centralohioissa

Despite the meteoric rise of cloud based applications and services, as well as its subsequent adoption by a significant number of enterprises, security still remains a major concern for many organizations. The elephant in the room is the misconception that the cloud is less secure than on-premise capabilities. Gartner eloquently describes this as “more of a trust issue than based on any reasonable analysis of actual security capabilities”. A recent global study by BT revealed that 76% of large organizations cited security as their main concern for using cloud-based services. 49% admitted being “very” or “extremely anxious” about the security complications of these services. However according to Gartner, the reality is “most breaches continue to involve on-premises data center environments” Where do you stand on this issue? In this talk. we will debunk the top myths of cloud security, including: Myth 1: We don’t really use the cloud Myth 2: I lose control of my data when it goes to the cloud Myth 3: Cloud is less secure than on-premise solutions Myth 4: I’m at the mercy of cloud vendors for patching Myth 5: Appliances provide greater control over scalability/performance Myth 6: Cloud security is more difficult to manage Myth 7: Cloud resources are more exposed to attack Myth 8: Multi-Tenant Clouds Expose Privacy Concerns Myth 9: Cloud vendors lack transparency Myth 9: Cloud vendors lack transparency Myth 10: Appliances are more reliable than the cloud

chapter 1. Introduction to Information Security

elmuhammadmuhammad

Current & Emerging Cyber Security Threats

NCC Group

The document outlines current and emerging cyber security threats. It discusses threat actors, primary threats like poor software design and lack of network security, and common attack vectors. Current threats include accidental data loss, deliberate exfiltration, and targeted attacks. Emerging threats involve issues from bring your own device (BYOD) use, large data volumes, fast-paced technology evolution, and increased consumer coding and internet of things devices. The document emphasizes that perimeter security is not enough and that cyber risk responsibility cannot be outsourced.

Managing security threats in today’s enterprise

Quick Heal Technologies Ltd.

Evolving technologies and business models have led to advanced network security threats that never existed a few years back. Moreover, enterprises are also relying on outdated security solutions to shut out such threats and this is leading to bigger and frequent data breaches. So if your company recognizes the need for a reliable IT security solution, then you should join our webinar to learn the following: - An overview of the prevalent enterprise security threats - The evolving security landscape and the obsolete security mechanisms - What Seqrite does to ensure enterprise security and network compliance

CISO's first 100 days

MichaelSadeghiPhDABD

- The document outlines a roadmap for a CISO's first 100 days in a new role. It discusses assessing the organization's security posture, planning security strategy and goals, and taking initial actions like redefining teams. Key steps include preparing for day one, assessing people and processes, planning strategy and a 2-3 year roadmap, acting on projects and technology selection, and measuring program impact and providing executive reports. The roadmap is meant to help a new CISO gain insight, define a security vision, and show early progress and wins.

Secure Iowa Oct 2016

Larry Slobodzian

The document discusses insider threats and cybersecurity. It notes that the biggest threat companies face is from insiders like employees and vendors. While doing nothing on cybersecurity risks costly data breaches and fines, companies should implement regular employee training, vet vendors thoroughly, and create a risk management plan to address vulnerabilities. The presentation provides tools to assess risks like DREAD and STRIDE models and recommends prioritizing the highest impact risks with mitigation strategies and an incident response plan.

2015 Cyber Security

Allen Zhang

This document discusses why enterprise security often fails against cyber threats and provides recommendations. It summarizes that the traditional enterprise security model was designed for compliance rather than addressing modern cyber warfare tactics, resulting in vulnerabilities. The document recommends adopting the Cybersecurity Framework to better identify all IT assets, protect against threats through elimination techniques, and improve detection abilities. It also stresses the importance of response and recovery plans as well as measuring security effectiveness through readiness, capability, and quick response times.

Rothke stimulating your career as an information security professional

Ben Rothke

SAL-DR-01-ELC 10 Understanding the SOC Audience.pptx

hforhassan101

Pat Kelly is a SOC analyst who is experiencing burnout due to being overwhelmed by security incidents and alerts. As a SOC analyst 1, Pat is responsible for monitoring security data and generating tickets for security incidents around the clock. Pat wants to be appreciated for the important contributions made to the organization's security but finds the job demanding. SOC analysts experience challenges like identifying threats among hundreds of thousands of data points daily, getting other teams to prioritize security issues, and feeling underqualified due to the sophisticated nature of modern threats. They need solutions that provide more insight, visibility, and automation to resolve problems faster and reduce stress.

Nonprofit IT Trends 2018

Community IT Innovators

What your scanner isn't telling you

Core Security

Virtual Gov Day - Security Breakout - Deloitte

Splunk

Introduction to information security

Kumawat Dharmpal

Information security aims to balance information risks and controls. It began with early computer security focused on physical threats. A successful security approach uses multiple layers including physical, personal, operations, communications, network, and information security. Managing information security requires a structured methodology similar to implementing a major system, such as the Security Systems Development Life Cycle.

01Introduction to Information Security.ppt

it160320737038

BATbern48_How Zero Trust can help your organisation keep safe.pdf

BATbern

Commercial and government cyberwarfare

Nicholas Davis

This document summarizes key points from a lecture on commercial and government cyberwarfare. It discusses prospect theory and how it relates to selling information security. It introduces the concept of cyberwarfare and different types of cyber attacks like cyber espionage, web vandalism, gathering sensitive information, and attacking critical infrastructure. The document also covers technical vs administrative information security controls and examples of each.

Commercial And Government Cyberwarfare

Nicholas Davis

Similar to Security challenges in 2017 (20)

Today's Breach Reality, The IR Imperative, And What You Can Do About It

Andrew kozma - security 101 - atlseccon2011

bh-win-04-conacher.ppt

Bil Harmer - Myths of Cloud Security Debunked!

chapter 1. Introduction to Information Security

Current & Emerging Cyber Security Threats

Managing security threats in today’s enterprise

CISO's first 100 days

Secure Iowa Oct 2016

2015 Cyber Security

Rothke stimulating your career as an information security professional

SAL-DR-01-ELC 10 Understanding the SOC Audience.pptx

Nonprofit IT Trends 2018

What your scanner isn't telling you

Virtual Gov Day - Security Breakout - Deloitte

Introduction to information security

01Introduction to Information Security.ppt

BATbern48_How Zero Trust can help your organisation keep safe.pdf

Commercial and government cyberwarfare

Commercial And Government Cyberwarfare

Recently uploaded

Essentials of Automations: Exploring Attributes & Automation Parameters

Safe Software

Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they? Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality. You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.

5th LF Energy Power Grid Model Meet-up Slides

DanBrown980551

5th Power Grid Model Meet-up It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology. Power Grid Model The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services. Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability. Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization. What to expect For the upcoming meetup we are organizing, we have an exciting lineup of activities planned: -Insightful presentations covering two practical applications of the Power Grid Model. -An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024. -An interactive brainstorming session to discuss and propose new feature requests. -An opportunity to connect with fellow Power Grid Model enthusiasts and users.

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...

saastr

What is an RPA CoE? Session 1 – CoE Vision

DianaGray10

Dandelion Hashtable: beyond billion requests per second on a commodity server

Antonios Katsarakis

This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).

Driving Business Innovation: Latest Generative AI Advancements & Success Story

Safe Software

Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency. During the hour, we’ll take you through: Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board. Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes. Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI. We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI. This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!

Artificial Intelligence and Electronic Warfare

Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD

Taking AI to the Next Level in Manufacturing.pdf

ssuserfac0301

Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as: 1. How quickly AI is being implemented in manufacturing. 2. Which barriers stand in the way of AI adoption. 3. How data quality and governance form the backbone of AI. 4. Organizational processes and structures that may inhibit effective AI adoption. 6. Ideas and approaches to help build your organization's AI strategy.

9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...

saastr

[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...

Jason Yip

The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.

JavaLand 2024: Application Development Green Masterplan

Miro Wengner

June Patch Tuesday

Ivanti

Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.

Nordic Marketo Engage User Group_June 13_ 2024.pptx

MichaelKnudsen27

Astute Business Solutions | Oracle Cloud Partner |

AstuteBusiness

Harnessing the Power of NLP and Knowledge Graphs for Opioid Research

Neo4j

Skybuffer SAM4U tool for SAP license adoption

Tatiana Kojar

Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool. SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.

Leveraging the Graph for Clinical Trials and Standards

Neo4j

Choosing The Best AWS Service For Your Website + API.pptx

Brandon Minnick, MBA

Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API? Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose? Which one is cheapest? Which one is fastest? Which one will scale to meet our needs? Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!

Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors

DianaGray10

Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more. The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications. We’ll discuss and demo the benefits of UiPath Apps and connectors including: Creating a compelling user experience for any software, without the limitations of APIs. Accelerating the app creation process, saving time and effort Enjoying high-performance CRUD (create, read, update, delete) operations, for seamless data management. Speakers: Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP Charlie Greenberg, host

Columbus Data & Analytics Wednesdays - June 2024

Jason Packer

Recently uploaded (20)

Essentials of Automations: Exploring Attributes & Automation Parameters

5th LF Energy Power Grid Model Meet-up Slides

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...

What is an RPA CoE? Session 1 – CoE Vision

Dandelion Hashtable: beyond billion requests per second on a commodity server

Driving Business Innovation: Latest Generative AI Advancements & Success Story

Artificial Intelligence and Electronic Warfare

Taking AI to the Next Level in Manufacturing.pdf

9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...

[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...

JavaLand 2024: Application Development Green Masterplan

June Patch Tuesday

Nordic Marketo Engage User Group_June 13_ 2024.pptx

Astute Business Solutions | Oracle Cloud Partner |

Harnessing the Power of NLP and Knowledge Graphs for Opioid Research

Skybuffer SAM4U tool for SAP license adoption

Leveraging the Graph for Clinical Trials and Standards

Choosing The Best AWS Service For Your Website + API.pptx

Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors

Columbus Data & Analytics Wednesdays - June 2024

Security challenges in 2017

1. SECURITY CHALLENGES IN 2017 Prevalent cyber security challenges facing businesses today. Etienne Liebetrau - CISSP Infrastructure Architects @Woolworths Holdings Security Consultant Technical Writer Solution Deployment Contractor Researcher Firewall / UTM collector Public Speaker – working on it! The views and opinions expressed in this presentation are my personal ones based on experience in the field. It is not sanctioned by any 3rd party customer or vendor.

2. SCARY STATS SLIDE - MANDATORY

4. PEOPLE ARE THE PROBLEM • Getting adequate focus and funds allocated to security initiatives • Technically focused individuals can’t translate the needs to business motivators • Use C-suite to further your cause – explain liability • Security seen as a non functional service, as a preventative measure • Focus rather on the enablement • Create visibility • Find your weak spots

5. LACKING SECURITY IMPLEMENTATION • People • Lack of understanding the issues • Lack of ability to execute a solution • Lack of caring – not my issue • Process • Poor change control – low value • Slow to adapt to change • Slow to respond to incident • BCP and DR confusion • Technology • Sweating assets beyond common sense • Budget cycles • Business priority • Technical Debt racks up with cloud adoption

6. MANY PROBLEMS - MANY SOLUTIONS • Patch management • Software and device vulnerabilities • Capacity and replacement • Device management • Network access – BYODisaster • RBAC • Lack of visibility, lack of understanding • Solutions are all over • Various frameworks to address the issues • Users are a weak spot Snowden showed how well it worked

7. SECURITY SUGGESTIONS • Simplify – deployments – solutions and process. Less is more • Update – Update - Update • Consolidate on a technology partner • Leverage all value from single platform before adding another • Multi instances better than monolithic • Leverage cloud technologies • Visibility is key • Perimeter, core and endpoint security • Cryptography is your friend and your enemy • Talk to anyone who will listen – create awareness - change the culture • Challenge the status quo – attackers don’t care about your change freeze • Test “people – process – technology” and do it often

8. RISK BASED ASSESSMENT • Attackers go after low hanging fruit first, so should you. • Stay up to date with attack vectors and methods • User awareness such as phishing tools and campaigns • Have an automated plan for alerting and incident response • Red team, Blue team and Command • Red team - Basic vulnerability testing of environment (fun team) • Blue team – Detect, Defend, Secure, Remediate (sitting ducks) • Command – Takes care of paperwork – escalates up the chain

9. EXECUTIVE LIABILITY • Law varies per country and region - GDPR • More and more executive liability • Negligence leading to personal fines or jail time • Inter company or corporate disciplinary actions • Statistically - breach, attack or compromise is inevitable • Know what is and is not your burden • Cover yourself • Non-repudiation communication of issues • If all else fails and no one listens…

10. GOOD STATS TO CHEER YOU UP

11. SECURITY CHALLENGES IN 2017 Prevalent cyber security challenges facing businesses today. Questions and discussions

Editor's Notes

Cyber crime is a business – some of it is organised and well funded Employee know how bad the security is and what they can get away with Noise clouds the real picture
Email is still used because it is effective Even internet facing systems remain vulnerable for a long time People are expecting cyber security issues - soon
Business is worried and not sure of security team can protect them and services gained from something like a firewall - Example – Firewall enables internet VPN on BBoF reduces MPLS cost.
Identify where you issues lie, so you don’t repeat the cycle Great technology can be defeated by a bad administrator Technology solution can have limited or delayed implementation due to bad process Required technical bits are not implemented at the same speed as cloud adoption.
Break down the problems Address them holistically Expect failure
Elegance in simplicity Update software, patches, versions, operating systems Find someone who you can trust Find a platform that will scale and grow and cover you Cover all of the bases and attack points Cryptography It keeps both you and attackers secure and undetected Softer human side of things
Some practical advice Do basic checks, often. Bug bounty, incentivise vulnerability identification.
GDPR in Europe Mid 2018 massive fine for enterprises 4% of turnover Who is responsible for security Who shares the liability Who gets fired Who owns the response plane Who executes it

Security challenges in 2017

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Security challenges in 2017

Similar to Security challenges in 2017 (20)

Recently uploaded

Recently uploaded (20)

Security challenges in 2017

Editor's Notes