How Machine Learning & AI Will Improve Cyber SecurityDevOps.com
Machine Learning (ML) and Artificial Intelligence (AI) have been proclaimed as perhaps the next great leap in human quality of life, as well as a potential reason for our extinction. Somewhere in between lies how ML & AI can potentially improve our Cyber Security efforts. But are ML & AI a true panacea or merely the next shiny trinket for the cyber industry to fixate on? In this webinar we will explore:
How ML & AI are currently being utilized in cyber security efforts.
What is working and what has not worked
What is on the both the short term and near-term horizon for ML &AI
Practical steps you can take now to begin leveraging these technologies to tangibly improve your cyber security posture
Join our panel of industry experts as we explore this brave new frontier in cyber security with a candid look cutting through the hype.
AI In Cybersecurity – Challenges and SolutionsZoneFox
With the rise of automation and artificial intelligence, you may be wondering how much of an impact this has on IT security. The question is, where will the future of machine learning and AI in cybersecurity take us and what are the limitations and advantages this technology offers in defending against the insider threat?
Join us to find out more about AI and where you should be applying it right now.
Learning outcomes:
The current state of AI practice and research, and how this is impacting its use in cyber security
What the current strengths and weaknesses are with existing AI approaches
What next generation AI will deliver for us with regards to ensuring we can promptly detect and respond to security incidents
Exploration Draft Document- CEM Machine Learning & AI Project 2018Leslie McFarlin
Draft document to present findings of exploratory work on the incorporation of machine learning and AI into an existing data security product. The project was abandoned due to conflicting work done by product management.
Geeta Chauhan presented on data analytics in the real world. The presentation covered challenges like evolving technology, data cleansing, and cultural adoption of data-driven decision making. Architectural patterns discussed included lambda architecture with real-time and batch layers, edge analytics closer to data sources, and using data centers like distributed computing clusters. Key takeaways emphasized continuous learning, experimentation, and automation to enable rapid iteration in analytics projects.
Hacking" is the word that shakes everyone whenever it is said or heard by someone. Everyone born in this world with attitude wants to be a Hacker. But it is not a job of a new born baby or an old grown lady. A Hacker needs a brilliant mind to hack anything. His skills should be so powerful that no other hacker can hack him. A Hacker doesn't need software to hack. There are many rules that he should learn to become an Ethical Hacker. These rules include knowledge of HTML, JavaScript, Computer Tricks, and Cracking & Breaking etc.
This document discusses ethical hacking and provides an overview of the topic. It defines ethical hacking as illegally accessing a computer system, but doing so for legitimate purposes such as testing security vulnerabilities. The summary outlines the 8 step process of ethical hacking: preparation, footprinting, scanning, enumeration, vulnerability identification, attack/exploitation, clearing tracks, and reporting. It also notes some of the advantages of ethical hacking like preventing security breaches and closing network holes, as well as the skills needed to become an ethical hacker like coding ability and network/security knowledge.
AI shows promise to help address challenges in cybersecurity by automating tasks, enhancing human abilities, and detecting complex patterns that humans cannot. However, developing effective AI solutions is difficult and requires expertise in both cybersecurity and data science. When evaluating AI products, organizations should consider factors like data and training requirements, error rates, integration with existing tools and processes, and potential new risks introduced. While AI may help alleviate strain on security teams, its use is still nascent, and human oversight will likely remain important.
How Machine Learning & AI Will Improve Cyber SecurityDevOps.com
Machine Learning (ML) and Artificial Intelligence (AI) have been proclaimed as perhaps the next great leap in human quality of life, as well as a potential reason for our extinction. Somewhere in between lies how ML & AI can potentially improve our Cyber Security efforts. But are ML & AI a true panacea or merely the next shiny trinket for the cyber industry to fixate on? In this webinar we will explore:
How ML & AI are currently being utilized in cyber security efforts.
What is working and what has not worked
What is on the both the short term and near-term horizon for ML &AI
Practical steps you can take now to begin leveraging these technologies to tangibly improve your cyber security posture
Join our panel of industry experts as we explore this brave new frontier in cyber security with a candid look cutting through the hype.
AI In Cybersecurity – Challenges and SolutionsZoneFox
With the rise of automation and artificial intelligence, you may be wondering how much of an impact this has on IT security. The question is, where will the future of machine learning and AI in cybersecurity take us and what are the limitations and advantages this technology offers in defending against the insider threat?
Join us to find out more about AI and where you should be applying it right now.
Learning outcomes:
The current state of AI practice and research, and how this is impacting its use in cyber security
What the current strengths and weaknesses are with existing AI approaches
What next generation AI will deliver for us with regards to ensuring we can promptly detect and respond to security incidents
Exploration Draft Document- CEM Machine Learning & AI Project 2018Leslie McFarlin
Draft document to present findings of exploratory work on the incorporation of machine learning and AI into an existing data security product. The project was abandoned due to conflicting work done by product management.
Geeta Chauhan presented on data analytics in the real world. The presentation covered challenges like evolving technology, data cleansing, and cultural adoption of data-driven decision making. Architectural patterns discussed included lambda architecture with real-time and batch layers, edge analytics closer to data sources, and using data centers like distributed computing clusters. Key takeaways emphasized continuous learning, experimentation, and automation to enable rapid iteration in analytics projects.
Hacking" is the word that shakes everyone whenever it is said or heard by someone. Everyone born in this world with attitude wants to be a Hacker. But it is not a job of a new born baby or an old grown lady. A Hacker needs a brilliant mind to hack anything. His skills should be so powerful that no other hacker can hack him. A Hacker doesn't need software to hack. There are many rules that he should learn to become an Ethical Hacker. These rules include knowledge of HTML, JavaScript, Computer Tricks, and Cracking & Breaking etc.
This document discusses ethical hacking and provides an overview of the topic. It defines ethical hacking as illegally accessing a computer system, but doing so for legitimate purposes such as testing security vulnerabilities. The summary outlines the 8 step process of ethical hacking: preparation, footprinting, scanning, enumeration, vulnerability identification, attack/exploitation, clearing tracks, and reporting. It also notes some of the advantages of ethical hacking like preventing security breaches and closing network holes, as well as the skills needed to become an ethical hacker like coding ability and network/security knowledge.
AI shows promise to help address challenges in cybersecurity by automating tasks, enhancing human abilities, and detecting complex patterns that humans cannot. However, developing effective AI solutions is difficult and requires expertise in both cybersecurity and data science. When evaluating AI products, organizations should consider factors like data and training requirements, error rates, integration with existing tools and processes, and potential new risks introduced. While AI may help alleviate strain on security teams, its use is still nascent, and human oversight will likely remain important.
How is ai important to the future of cyber security Robert Smith
Today’s era is driven by technology in every aspect of our lives, so much that we’ve now increased our dependence on technology on a daily basis. With an increase in the dependency, we’re now very vulnerable and exposed to the intermittent threat posed as cyber-attacks. Cyber-attack threats have plagued businesses, corporates, governments, and institutions.
The document discusses Cyber Diligence, a company that provides network security, cyber security investigations, and incident response services. They monitor network traffic to detect confidential data leakage, theft, and criminal activities. Cyber Diligence uses specialized tools and forensics labs to investigate security incidents, identify risks, ensure compliance, and help clients manage IT and operational risks. They serve clients across various industries and can customize their services for an organization's needs.
Kadhambari Anbalagan, a software architect at RedBlackTree Terrace, will give a talk on Monday, April 8th at 5:00pm about security best practices for mobile apps. Research shows that the majority of top free and paid apps have been subjected to hacking. Common mobile app security issues include improper platform usage, insecure data storage, insecure communication, insecure authentication, insufficient cryptography, insecure authorization, code quality issues, code tampering, reverse engineering, and including extraneous functionality. The talk will provide best practices to address each of these issues.
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory RealmShawn Tuma
The #CyberAvengers' Paul Ferrillo (a/k/a Director Fury) and Shawn Tuma (a/k/a Hulk) presented at the Practical Cybersecurity Risk Management Strategies program of the New Jersey State Bar Association (NJSBA) Cybersecurity Institute on November 17, 2017. In this presentation, Fury and Hulk focused the core #CyberAvengers message of the real-life cybersecurity issues facing most companies -- the basics of good cyber hygiene -- and explained how artificial intelligence and machine learning will help companies do a better job at getting these right, along with how and why AI/ML play a critical role in the future of cybersecurity.
Talking about Application Security with Dev, QA and Ops. This presentation is based on my own personal experience with developers, deployments and the implementations of such systems. #nightmares
Information Security & Ethical HackingIshan Agarwal
This document discusses information security and ethical hacking. It covers various security measures like defense in depth, password security, antivirus software, and data backups. It then explains that ethical hacking, or penetration testing, involves thinking like a hacker to test a system's security vulnerabilities but with permission and without malicious intent. Various ethical hacking techniques are outlined, like footprinting, scanning, enumeration, and intrusive probing. The goal of ethical hacking is to strengthen security by identifying weaknesses before criminals can exploit them. Finally, it discusses cross-site scripting attacks, which inject malicious scripts into legitimate trusted sites and how they are a significant web security risk.
Hacking can take many forms, both legal and illegal. The document outlines different types of hacking such as website, email, network, and password hacking. Ethical hacking is performed legally by computer experts to test vulnerabilities, while illegal hacking can have serious consequences like fines, imprisonment, and computer seizure. Proper precautions are recommended to prevent hacking threats.
Privacy and Security in the Internet of ThingsJeff Katz
Jeff Katz from KIWI discusses topics relating to Privacy and Security in the Internet of Things. What you should do, what you should never do, and what to avoid becoming. From the IoT Conference September 2015 in Berlin
The document discusses different types of hackers and hacking techniques. It describes script kiddies, professional criminals, virus writers and their motives. It then explains various web application hacks like file query, SQL injection, and cross-site scripting. The document also discusses ethical hacking and how organizations use ethical hackers to evaluate security vulnerabilities by attempting to break into systems. Ethical hackers possess strong programming and networking skills along with knowledge of operating systems, hardware, protocols and project management. Their evaluations seek to determine what an attacker can access and how they may go undetected.
The document discusses cybersecurity, artificial intelligence, and how AI can help improve cybersecurity. It notes that while organizations spend billions on cybersecurity, chief information security officers still feel highly exposed. Traditional security methods focus on preventing infiltration but are always one step behind evolving threats. The document argues that AI can help enforce cyber hygiene practices like least privilege to shrink the attack surface, making the problem more bounded and manageable compared to always chasing threats. It discusses how AI is well-suited for understanding intended application behavior based on established rules and data from good software.
Thread Legal and Microsoft 365 SecurityThread Legal
Safeguard your business against external threats and leaks, and easily manage devices with Microsoft 365. Protect business data, and control who has access to sensitive information. Learn more in this in-depth deck.
AI and cyber security: new directions, old fearsDavid Strom
AI and cybersecurity is an area with both fears and opportunities. There are concerns that AI could be misused to create powerful malware, while the current malware situation already poses challenges. However, AI also has potential to help with security issues like fraud detection if implemented carefully. Some companies are working on innovative ways to use AI to enhance cybersecurity.
This document defines hacking and different types of hackers. It discusses website, network, email, password and computer hacking. It also covers advantages like finding security weaknesses, and disadvantages like privacy harm. Preventive measures include strong antivirus and unique passwords. The document provides steps to take after being hacked like shutting down systems, and restoring from backups. It concludes that while hackers have innovative spirits, their actions should not harm others.
The document summarizes ethical hacking, including who hackers are (black hats, white hats, grey hats), why ethical hacking is important (to find flaws and vulnerabilities, measure risk, design controls), approaches to ethical hacking (remote network, dial up, locker network, stolen network, physical entry, social engineering), and careers in ethical hacking (security professionals are in demand and ethical hackers can earn $120,000 annually or $10,000-$45,000 per assignment).
This document discusses encryption and decryption of email. It begins by defining encryption as a process that converts plain text into ciphertext using an encryption algorithm. There are two main types of encryption: asymmetric and symmetric. Asymmetric encryption is more secure but slower, while symmetric encryption is faster but less secure. The document then discusses why encryption is used, such as for authentication, privacy, accountability, and integrity of data. It provides examples of encryption in web browsers, email, hard drives and operating systems. While some businesses cannot use encryption due to lack of skills or budget, over half of surveyed companies encrypt stored and transmitted data to protect sensitive information.
This document provides information about a 2-day penetration testing and ethical hacking training course offered by Cyber 51 LLC. The course is designed for networking and IT professionals and teaches students how to scan, test, hack and secure their own systems from the perspective of an ethical hacker. Over the two days, students will learn skills like footprinting, reconnaissance, scanning networks, system hacking and exploits, sniffers, social engineering, denial of service attacks, session hijacking, hacking web servers and applications, and wireless hacking. The goal is to help students enhance their IT security careers by understanding the tools and techniques used by hackers to then better secure systems.
A detailed information on ethical hacking. which explains type of hackers ,difference between black and white hat hackers and importance of ethical hacking.
Cybersecurity means the protection of computer networks and data from unauthorized access. Hackers hack information, and they can use it for any illegal purpose, disturber business, and protect against cybercrime. Cybersecurity is very important for that, so you need a certified cybersecurity service provider, so Sara Technologies is a good option for that we provide services worldwide. We deal with all kinds of cyberattacks and help you to recover your data also.
This talk focuses on how AI can be leveraged to solve some of the subproblems in cybersecurity. The talk will start with a discussion on why there is a surge in data breaches, and cybersecurity attacks? Then I will discuss some of the use cases, data pipeline, and architectural details of AI solutions for the cybersecurity. Here is a detailed plan for the talk:
(1) The current state of Information security and tools (5 mins).
(2) A brief history and current status of using AI for the InfoSec (5 mins).
Currently, security data science tools primarily process raw data from multiple data sources such as network flows, authentication logs, firewall logs, endpoints, and detect anomalous events. These tools generate a large number of false positives, and they need to be further investigated by security analysts. Specifically, I will address the following questions:
- What is the foundation of current security data science tools?
- What are the pros and cons of existing tools?
(3) AI use cases, data pipeline, architecture, and data experiments (15 mins): Following questions will be addressed:
- What are the different use cases that can be enabled by AI?
- How would it transform the incident response?
What's a typical data pipeline and architecture of cybersecurity AI solution?
Demo 1: PowerShell Obfuscation Detection using Deep Learning Neural Networks
Demo 2: Malicious URL Detection using Recurrent Neural Networks
(4) Challenges and limitations of using AI alone for cybersecurity (5 mins)
- AI generates too many false positives
- Enterprises can investigate only 2-5% of alerts due to the limited number of security analysts
Need for an automated response, not just detection
(5) Our approach: fuse deception with AI (10 mins):
A key objective of the deception is to deceive the inside-network attacks and threats to detect, engage, trap, and remediate them. Deception provides high fidelity alerts, and AI delivers an ability to construct context about the alert. By fusing deception and data science, security analysts can do proactive defense. We shall demonstrate our approach with specific case studies:
- Demo 3- Detecting and Inferring threats in a high interaction decoy using AI engine
(6) Q&A (5 mins)
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
ในงาน THE FIRST NIDA BUSINESS ANALYTICS AND DATA SCIENCES CONTEST/CONFERENCE จัดโดย คณะสถิติประยุกต์และ DATA SCIENCES THAILAND
Nonprofits often struggle with how to secure their network and IT resources. During this webinar, Steve Longenecker, Project Manager, and Mark Kraemer, Network Administrator, shared IT security best practices, both from a strategic, planning perspective and also in terms of dealing with day-to-day IT issues.
Some of the questions addressed during the webinar include:
1. What kind of policies does your organization need in terms of IT security?
2. What are the risks? What threats should you be most concerned about?
3. What type of training does your staff need?
4. What are some best practices in terms of upgrading hardware and updating software?
5. What are some ways to prevent virus and malware attacks?
Webinar - Compliance with the Microsoft Cloud- 2017-04-19TechSoup
Everyone throws around the word compliance but how do you actually achieve that? In this free, 60-minute webinar Sam Chenkin from Tech Impact discusses achievable goals for the nonprofit community to keep their data safe with the Microsoft Cloud. We explore account security like two-factor authentication, data security like encryption, and how to make sure only compliant devices can access your data.
How is ai important to the future of cyber security Robert Smith
Today’s era is driven by technology in every aspect of our lives, so much that we’ve now increased our dependence on technology on a daily basis. With an increase in the dependency, we’re now very vulnerable and exposed to the intermittent threat posed as cyber-attacks. Cyber-attack threats have plagued businesses, corporates, governments, and institutions.
The document discusses Cyber Diligence, a company that provides network security, cyber security investigations, and incident response services. They monitor network traffic to detect confidential data leakage, theft, and criminal activities. Cyber Diligence uses specialized tools and forensics labs to investigate security incidents, identify risks, ensure compliance, and help clients manage IT and operational risks. They serve clients across various industries and can customize their services for an organization's needs.
Kadhambari Anbalagan, a software architect at RedBlackTree Terrace, will give a talk on Monday, April 8th at 5:00pm about security best practices for mobile apps. Research shows that the majority of top free and paid apps have been subjected to hacking. Common mobile app security issues include improper platform usage, insecure data storage, insecure communication, insecure authentication, insufficient cryptography, insecure authorization, code quality issues, code tampering, reverse engineering, and including extraneous functionality. The talk will provide best practices to address each of these issues.
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory RealmShawn Tuma
The #CyberAvengers' Paul Ferrillo (a/k/a Director Fury) and Shawn Tuma (a/k/a Hulk) presented at the Practical Cybersecurity Risk Management Strategies program of the New Jersey State Bar Association (NJSBA) Cybersecurity Institute on November 17, 2017. In this presentation, Fury and Hulk focused the core #CyberAvengers message of the real-life cybersecurity issues facing most companies -- the basics of good cyber hygiene -- and explained how artificial intelligence and machine learning will help companies do a better job at getting these right, along with how and why AI/ML play a critical role in the future of cybersecurity.
Talking about Application Security with Dev, QA and Ops. This presentation is based on my own personal experience with developers, deployments and the implementations of such systems. #nightmares
Information Security & Ethical HackingIshan Agarwal
This document discusses information security and ethical hacking. It covers various security measures like defense in depth, password security, antivirus software, and data backups. It then explains that ethical hacking, or penetration testing, involves thinking like a hacker to test a system's security vulnerabilities but with permission and without malicious intent. Various ethical hacking techniques are outlined, like footprinting, scanning, enumeration, and intrusive probing. The goal of ethical hacking is to strengthen security by identifying weaknesses before criminals can exploit them. Finally, it discusses cross-site scripting attacks, which inject malicious scripts into legitimate trusted sites and how they are a significant web security risk.
Hacking can take many forms, both legal and illegal. The document outlines different types of hacking such as website, email, network, and password hacking. Ethical hacking is performed legally by computer experts to test vulnerabilities, while illegal hacking can have serious consequences like fines, imprisonment, and computer seizure. Proper precautions are recommended to prevent hacking threats.
Privacy and Security in the Internet of ThingsJeff Katz
Jeff Katz from KIWI discusses topics relating to Privacy and Security in the Internet of Things. What you should do, what you should never do, and what to avoid becoming. From the IoT Conference September 2015 in Berlin
The document discusses different types of hackers and hacking techniques. It describes script kiddies, professional criminals, virus writers and their motives. It then explains various web application hacks like file query, SQL injection, and cross-site scripting. The document also discusses ethical hacking and how organizations use ethical hackers to evaluate security vulnerabilities by attempting to break into systems. Ethical hackers possess strong programming and networking skills along with knowledge of operating systems, hardware, protocols and project management. Their evaluations seek to determine what an attacker can access and how they may go undetected.
The document discusses cybersecurity, artificial intelligence, and how AI can help improve cybersecurity. It notes that while organizations spend billions on cybersecurity, chief information security officers still feel highly exposed. Traditional security methods focus on preventing infiltration but are always one step behind evolving threats. The document argues that AI can help enforce cyber hygiene practices like least privilege to shrink the attack surface, making the problem more bounded and manageable compared to always chasing threats. It discusses how AI is well-suited for understanding intended application behavior based on established rules and data from good software.
Thread Legal and Microsoft 365 SecurityThread Legal
Safeguard your business against external threats and leaks, and easily manage devices with Microsoft 365. Protect business data, and control who has access to sensitive information. Learn more in this in-depth deck.
AI and cyber security: new directions, old fearsDavid Strom
AI and cybersecurity is an area with both fears and opportunities. There are concerns that AI could be misused to create powerful malware, while the current malware situation already poses challenges. However, AI also has potential to help with security issues like fraud detection if implemented carefully. Some companies are working on innovative ways to use AI to enhance cybersecurity.
This document defines hacking and different types of hackers. It discusses website, network, email, password and computer hacking. It also covers advantages like finding security weaknesses, and disadvantages like privacy harm. Preventive measures include strong antivirus and unique passwords. The document provides steps to take after being hacked like shutting down systems, and restoring from backups. It concludes that while hackers have innovative spirits, their actions should not harm others.
The document summarizes ethical hacking, including who hackers are (black hats, white hats, grey hats), why ethical hacking is important (to find flaws and vulnerabilities, measure risk, design controls), approaches to ethical hacking (remote network, dial up, locker network, stolen network, physical entry, social engineering), and careers in ethical hacking (security professionals are in demand and ethical hackers can earn $120,000 annually or $10,000-$45,000 per assignment).
This document discusses encryption and decryption of email. It begins by defining encryption as a process that converts plain text into ciphertext using an encryption algorithm. There are two main types of encryption: asymmetric and symmetric. Asymmetric encryption is more secure but slower, while symmetric encryption is faster but less secure. The document then discusses why encryption is used, such as for authentication, privacy, accountability, and integrity of data. It provides examples of encryption in web browsers, email, hard drives and operating systems. While some businesses cannot use encryption due to lack of skills or budget, over half of surveyed companies encrypt stored and transmitted data to protect sensitive information.
This document provides information about a 2-day penetration testing and ethical hacking training course offered by Cyber 51 LLC. The course is designed for networking and IT professionals and teaches students how to scan, test, hack and secure their own systems from the perspective of an ethical hacker. Over the two days, students will learn skills like footprinting, reconnaissance, scanning networks, system hacking and exploits, sniffers, social engineering, denial of service attacks, session hijacking, hacking web servers and applications, and wireless hacking. The goal is to help students enhance their IT security careers by understanding the tools and techniques used by hackers to then better secure systems.
A detailed information on ethical hacking. which explains type of hackers ,difference between black and white hat hackers and importance of ethical hacking.
Cybersecurity means the protection of computer networks and data from unauthorized access. Hackers hack information, and they can use it for any illegal purpose, disturber business, and protect against cybercrime. Cybersecurity is very important for that, so you need a certified cybersecurity service provider, so Sara Technologies is a good option for that we provide services worldwide. We deal with all kinds of cyberattacks and help you to recover your data also.
This talk focuses on how AI can be leveraged to solve some of the subproblems in cybersecurity. The talk will start with a discussion on why there is a surge in data breaches, and cybersecurity attacks? Then I will discuss some of the use cases, data pipeline, and architectural details of AI solutions for the cybersecurity. Here is a detailed plan for the talk:
(1) The current state of Information security and tools (5 mins).
(2) A brief history and current status of using AI for the InfoSec (5 mins).
Currently, security data science tools primarily process raw data from multiple data sources such as network flows, authentication logs, firewall logs, endpoints, and detect anomalous events. These tools generate a large number of false positives, and they need to be further investigated by security analysts. Specifically, I will address the following questions:
- What is the foundation of current security data science tools?
- What are the pros and cons of existing tools?
(3) AI use cases, data pipeline, architecture, and data experiments (15 mins): Following questions will be addressed:
- What are the different use cases that can be enabled by AI?
- How would it transform the incident response?
What's a typical data pipeline and architecture of cybersecurity AI solution?
Demo 1: PowerShell Obfuscation Detection using Deep Learning Neural Networks
Demo 2: Malicious URL Detection using Recurrent Neural Networks
(4) Challenges and limitations of using AI alone for cybersecurity (5 mins)
- AI generates too many false positives
- Enterprises can investigate only 2-5% of alerts due to the limited number of security analysts
Need for an automated response, not just detection
(5) Our approach: fuse deception with AI (10 mins):
A key objective of the deception is to deceive the inside-network attacks and threats to detect, engage, trap, and remediate them. Deception provides high fidelity alerts, and AI delivers an ability to construct context about the alert. By fusing deception and data science, security analysts can do proactive defense. We shall demonstrate our approach with specific case studies:
- Demo 3- Detecting and Inferring threats in a high interaction decoy using AI engine
(6) Q&A (5 mins)
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
ในงาน THE FIRST NIDA BUSINESS ANALYTICS AND DATA SCIENCES CONTEST/CONFERENCE จัดโดย คณะสถิติประยุกต์และ DATA SCIENCES THAILAND
Nonprofits often struggle with how to secure their network and IT resources. During this webinar, Steve Longenecker, Project Manager, and Mark Kraemer, Network Administrator, shared IT security best practices, both from a strategic, planning perspective and also in terms of dealing with day-to-day IT issues.
Some of the questions addressed during the webinar include:
1. What kind of policies does your organization need in terms of IT security?
2. What are the risks? What threats should you be most concerned about?
3. What type of training does your staff need?
4. What are some best practices in terms of upgrading hardware and updating software?
5. What are some ways to prevent virus and malware attacks?
Webinar - Compliance with the Microsoft Cloud- 2017-04-19TechSoup
Everyone throws around the word compliance but how do you actually achieve that? In this free, 60-minute webinar Sam Chenkin from Tech Impact discusses achievable goals for the nonprofit community to keep their data safe with the Microsoft Cloud. We explore account security like two-factor authentication, data security like encryption, and how to make sure only compliant devices can access your data.
Security is everyone's responsibility. The document discusses secure software development lifecycles (SSDLC), social media security, and information security ethics. It promotes building security into every phase of the software development process from planning through deployment. It emphasizes using strong, unique passwords for all accounts, enabling privacy settings, and being wary of suspicious links and potential scams on social media. The document also outlines a code of ethics for information security professionals, including contributing to society, avoiding harm, being honest, respecting privacy and intellectual property, and knowing and following relevant laws.
This document provides an overview of security and compliance features in Office 365. It begins by outlining common business requirements around security, retention, policies, auditing, control and reporting of information. It then details the specific security features in Office 365 like physical security, network security, encryption, anti-spam/anti-virus, and customer data isolation. Compliance features are also summarized, including standards/certifications, privacy controls, retention policies, eDiscovery and litigation holds. Finally, best practices and additional resources are recommended.
Microsoft Cloud GDPR Compliance Options (SUGUK)Andy Talbot
The presentation provides an overview of GDPR and how organizations can accelerate compliance using Microsoft cloud services. It discusses the key changes introduced by GDPR including enhanced personal privacy rights, increased duty to protect data, mandatory breach reporting, and significant penalties for non-compliance. It then outlines how Microsoft can help organizations discover, manage, protect, and report personal data through solutions like Azure, Office 365, and Enterprise Mobility + Security.
The document provides an overview of AWS security presented by Max Ramsay. It discusses AWS security capabilities that are available to all customers regardless of business type. It focuses on case studies of how Serasa Experian and Trend Micro use AWS, highlighting benefits like agility, flexibility and cost reduction. The document also covers shared security responsibilities on AWS, compliance controls, network security features, and resources for learning more about AWS security best practices.
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos De Pedro
This document discusses the causes of cybercrime and proposes an ideal technology solution. The main causes outlined are: 1) frequent changing of complex passwords decreases security by forcing users to write them down, 2) overreliance on usernames and passwords which are not suited for today's environment, 3) users forfeiting personal data by using unmemorable credentials, 4) end user malpractices like password sharing, and 5) lack of innovation in authentication methods. The document advocates for an authentication solution that identifies users based on who they are biometric attributes rather than what they possess, and argues that innovation not frequent password changes is needed to improve security.
Security in an age of collaboration 201903 - tvaugAlan Eardley
The document discusses how security is changing in the modern workplace with increased collaboration. It proposes using Azure Active Directory and SharePoint Online to securely manage access for external users. The solution assigns external users to security groups, requires multi-factor authentication, and allows access reviews. This provides security while enabling collaboration. A demo then shows how the technologies work together to identify users, devices, locations and content to ensure the right access.
Most Office 365 organizations think they are safe because they are ‘only’ using collaboration in the cloud. Think again.
Join Concept Searching for a 15 minute webinar that describes the challenge of cyber security and shows you how we solve it. conceptClassifier for Office 365 identifies unknown security or confidential exposures in real-time from diverse repositories. Identification of not only standard descriptors but also organizationally defined vocabulary are also be identified. Once identified they are routed to a repository and removed from unauthorized access and portability.
Use stand-alone or integrate with your security package. We invite you to see how it works.
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlSafeNet
This document discusses security challenges with cloud computing and sharing data in a multi-tenant environment. It notes that while cloud computing provides benefits like scalability and efficiency, security and compliance needs are not fully addressed due to increased risks from a larger attack surface, new definitions of privileged users, and difficulties applying security controls in shared environments. The document advocates approaches like encryption and strong authentication to help customers maintain ownership and control of their data and enable security in cloud models.
Regulatory compliance mandates have historically focused on IT & endpoint security as the primary means to protect data. However, as our digital economy has increasingly become software dependent, standards bodies have dutifully added requirements as they relate to development and deployment practices. Enterprise applications and cloud-based services constantly store and transmit data; yet, they are often difficult to understand and assess for compliance.
This webcast will present a practical approach towards mapping application security practices to common compliance frameworks. It will discuss how to define and enact a secure, repeatable software development lifecycle (SDLC) and highlight activities that can be leveraged across multiple compliance controls. Topics include:
* Consolidating security and compliance controls
* Creating application security standards for development and operations teams
* Identifying and remediating gaps between current practices and industry accepted "best practices”
Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...Denodo
Watch full webinar here: https://bit.ly/43qJKwn
Data-led transformations are becoming more prevalent in recent years, across numerous industries. More and more senior leaders are looking for data to drive their business decisions and impact their bottom line. One key challenge facing such businesses is the ability to pivot to new technologies while maintaining investments in legacy systems they have grown to rely on. In an age where automation, internet-scale search, and advanced analytics are driving many new advances, it is important to understand that this is not only a pivot in terms of technologies, it is a pivot in terms of how we think about and utilize data of different types. Traditional systems since the 1970’s have been built around database concepts where data is physically pipelined, mapped together, statically modeled, and locked away in vaults. The types of vaults have evolved over time from basic databases, to data warehouses, to data lakes, to lake houses, and so on.
The fundamental premise remains: data is placed into sealed containers, such that the critical approach is around storage, instead of being aimed at retrieval. Reversing this approach can, instead, lead to understanding data as transient, on-demand, and immediately available to end users within a certain context. This talk will discuss certain contemporary concepts that are expanding the notion of data storage devices and, instead, are moving to loosely connected data retrieval devices, or in some cases, data generation devices. We will examine this shift in approach and what it means for designing and deploying new types of technologies that can be more flexible and provide improved business value for clients in the fast-paced evolving world of Artificial Intelligence.
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
The document discusses protecting databases from insider threats using MongoDB encryption. It describes how insider threats are on the rise and how privileged users can bypass traditional security to access sensitive data. The solution presented is using Vormetric transparent encryption to encrypt MongoDB databases, which applies encryption and access controls without changes to applications or the database. Key benefits include field-level encryption, blocking administrative users' access to raw data, and centralized key management on a separate device from encrypted data.
This document provides guidance on cybersecurity best practices for organizations. It notes that no network is completely secure and individuals often enable hacking through mistakes. It recommends establishing an incident response plan, purchasing cyber insurance, developing security policies and procedures, considering outsourcing security monitoring, regularly backing up data in multiple secure locations, and using a password manager. The document also warns against common pitfalls like not sustaining long-term security resources and provides links to additional cybersecurity resources.
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
This presentation will bring insights into how the Zero Trust framework can help organizations improve their cybersecurity posture and resilience and what the organizational challenges are.
An overview of current cyber security concerns and ways to combat them, as well as an introduction to some of the capabilities of Azure Active Directory
System Security on Cloud
The document discusses system security when using cloud computing. It begins by describing the speaker's current big data system of over 10,000 users across 4 countries with over 1 billion user profiles and data ingested daily. It then discusses how infrastructure has changed from buying hardware to infrastructure as a service. Security has also changed, with cybercrime flourishing using organized groups. The rest of the document provides best practices for cloud security, such as understanding shared responsibilities and knowing your adversaries. It also promotes the services of Alert Logic for protecting cloud workloads and applications.
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfJenna Murray
Cyber Security is a protection offered to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications). To read more visit: https://www.rangtech.com/blog/cybersecurity/cyber-security-what-is-it-and-what-you-need-to-know
Similar to Security & Compliance: Core Concepts Explained (20)
Model driven Power Apps for Dummies (and non-Dynamics Folks) Alan Eardley
Have you ever built an application? Have you needed the skills of developers and DBAs and months of work to get even the simplest solution up and running? Have you created a Power App on top of a SharePoint list?
If you have done any of these then you may have reached limits of skills, time or technology that prevented you from building the app you needed.
Model-Driven Power Apps make use of the Common Data Service (CDS) to allow sophisticated applications to be built and sustained using no code.
In this session I will explain what the building blocks of Model-Driven Power Apps are and demonstrate how you can build a solution quickly and easily. We will also explore the boring stuff like the "L" word (licencing) and the exciting stuff like extensibility, automation and reporting.
Inclusion by Design - Scottish Summit 2020Alan Eardley
Alan Eardley discussed the importance of inclusive design when creating digital products and content. He explained that UK regulations now require all public sector websites and apps to meet accessibility standards. He outlined the POUR principles of inclusive design - perceivable, operable, understandable, and robust. Eardley also provided tips for making content accessible like using proper color contrast, adding alt text to images, and ensuring a logical reading order. He emphasized the need to test content for accessibility and encouraged organizations to empower users of all abilities.
SPS Oslo - To-Do: How to manage tasks effectivelyAlan Eardley
We all have to-do lists, many of us work on projects, and we all work in one or more teams. Microsoft has been kind enough to provide many tools to help us manage tasks, some may say too many tools. They all have different strengths and weaknesses, which make them appropriate for different scenarios.
This session explores some of those tools, including Exchange, Planner, Project, Dynamics 365, Visual Studio and To-Do. They will be compared and contrasted within the context of authentication, collaboration, interfaces and integration.
This session will provide an insight into the strengths and weaknesses of the tools so that you can better assess your needs and choose the best tool for the job.
Productivity in an age of collaboration sps leicesterAlan Eardley
"I have so many things to do, and there are so many tools to help me "collaborate" with my colleagues. The problem is that I end up collaborating and not getting anything done."
A familiar sentiment that affects all of us when we have E-mail, Skype for Business, Microsoft Teams, Mobile Phones and colleagues to communicate with. We all feel the need to be accessible all of the time which means we get distracted and become less productive.
In this session I will share some best practices that could help you become more productive whilst not appearing to ignore your colleagues. All of the best practices are based on a combination of psychology and technology and even some common sense!
Productivity in an age of collaboration sps london 2019Alan Eardley
"I have so many things to do, and there are so many tools to help me "collaborate" with my colleagues. The problem is that I end up collaborating and not getting anything done."
A familiar sentiment that affects all of us when we have E-mail, Skype for Business, Microsoft Teams, Mobile Phones and colleagues to communicate with. We all feel the need to be accessible all of the time which means we get distracted and become less productive.
In this session I will share some best practices that could help you become more productive whilst not appearing to ignore your colleagues. All of the best practices are based on a combination of psychology and technology and even some common sense!
You will leave this session with ideas on how to use the technology effectively to allow you to balance your time between collaborating effectively and having times to focus and be more productive.
The document discusses moving workloads to the cloud using Microsoft Azure. It defines Azure as a set of cloud services that allow building, managing and deploying applications. It provides considerations for different cloud models like SaaS, IaaS and PaaS. It also outlines potential hurdles in moving to the cloud like network topologies, identity management and security. Finally, it discusses planning the migration and provides Azure resources for architecture guidance.
To-Do: How to manage tasks effectivelyAlan Eardley
The document discusses various task management options such as Exchange, To-Do, Planner, Azure Dev Ops, SharePoint task lists, Project Online, and Dynamics365. It compares the options based on their accessibility, integration capabilities with Microsoft Flow and PowerBI, and suitability for personal, team, development, and project/program management tasks. The speaker then concludes by recommending Exchange and To Do for personal tasks, Planner and SharePoint lists for team tasks, Azure Dev Ops for development teams, Project Online for project/program management, and Dynamics 365 for sales, field service, and project service automation needs.
So your company is adopting a "Cloud First" strategy.
What do you need to do to get your applications from on-premises to the Cloud?
During this session we will explore some of the core concepts of cloud development from Infrastructure as a Service and Platform as a Service.
We will look at the differences between on-premises and cloud architectures and considerations to take into account when planning in how to migrate applications or rebuild them in the cloud.
We will also cover security, high availability and deployment scenarios.
This is the tale of a project for a client with a "Cloud First" strategy, and how the client was unprepared for the implications and assumptions of the strategy.
We will explore the assumptions implied by the "Cloud First" strategy, and how, as they were tested, the design of the solution went from "Cloud First" to "Cloud, if possible" and finally to "Cloud, if we're lucky".
Through analysis of the assumptions and the reasons they failed, you will gain a valuable insight into the nature of a "Cloud First" strategy and some of the implications of this strategy.
The scenario that is explored includes the use of Software as a Service and Platform as a Service elements such as Office 365, Project Online, Azure Data Factory, Azure SQL DB and PowerBI.
To Do: How to manage tasks effectivelyAlan Eardley
This document summarizes options for managing tasks in different scopes and systems. It discusses what tasks are and common attributes like description, assignee, and status. It then reviews management needs like planning, monitoring, and handling changes. Major options covered include Exchange, To-Do, Planner, Visual Studio, SharePoint, Project Online, and Dynamics 365. Each has different access methods and integration features. The document concludes that Exchange and To-Do are good for personal tasks, Planner and SharePoint for teams, Visual Studio for development teams, Project Online for program management, and Dynamics 365 for sales or field service automation.
Office 365: The Art of the Possible (201603)Alan Eardley
Presented at SQL Saturday Exeter (2016)
Office 365 plays a key role in the Microsoft Cloud offering. It combines many different capabilities that have historically been separated into different products. The convergence of the products on one platform is opening up new possibilities for delivering new and exciting ways of collaborating.
This session will explain some of the ways that Office 365 is being used and demonstrate some of the capabilities that convince millions of companies to invest in Office 365 to replace existing products with a single unified environment making the most of the familiar business critical tools from Microsoft.
SharePoint Databases: What you need to know (201512)Alan Eardley
Presented at SQL Saturday Southampton (2015)
An introduction to the different databases that SharePoint uses, with recommendations for High Availability, Disaster Recovery and configuration settings for SQL Server, including the constraints imposed in a single farm, a stretched farm between data centres and a separate DR farm.
SharePoint Databases: What you need to know (201509)Alan Eardley
Presented at SQL Saturday Cambridge (2015)
An introduction to the different databases that SharePoint uses, with recommendations for High Availability, Disaster Recovery and configuration settings for SQL Server, including the constraints imposed in a single farm, a stretched farm between data centres and a separate DR farm.
This document summarizes a presentation about Office 365 given by Alan Eardley. It introduces Eardley and his background. It then outlines the topics that will be covered in the presentation, including what Office 365 is, its capabilities for communication, content, collaboration and productivity. It also discusses how Office 365 can be customized, its benefits like cloud hosting and scalability, its roadmap, and potential prizes for attendees.
SharePoint Databases: What you need to know (201504)Alan Eardley
This document discusses SharePoint databases and provides information on:
- The speaker's background and areas of expertise in SharePoint and SQL Server.
- An overview of what will be covered, including how SharePoint uses SQL databases.
- Details on the different types of databases needed for SharePoint including content, service application, and administrative databases.
- Best practices for planning database needs including sizing, growth, and high availability options.
- How a DBA can help with configuration, monitoring, backup, and other database maintenance tasks for SharePoint.
The document summarizes a project to design and launch a new intranet for a global client within 6 weeks. It discusses the client's expectations for an iPad-friendly branded site, the challenges of a tight timeline and shifting priorities, and the solution of using responsive design with jQuery, CSS media queries, and customized display templates to integrate various applications and achieve a mobile-friendly interface within the constraints. Key lessons learned included the importance of process, technical input, focus, and testing across platforms.
This document provides an overview of SharePoint and how it can be used to access databases. SharePoint is a platform for content management, document management, and collaboration. It allows users to access data from databases through features like Excel Services, Visio Services, Business Connectivity Services and Performance Point Services. The Secure Store Service provides a way to securely store credentials to external data sources and map them to SharePoint users.
To-Do: How to manage tasks effectivelyAlan Eardley
Presented at SharePoint Saturday London (2017)
We all have to-do lists, many of us work on projects, and we all work in one or more teams. Microsoft has been kind enough to provide many tools to help us manage tasks, some may say too many tools. They all have different strengths and weaknesses, which make them appropriate for different scenarios.
This session explores some of those tools, including Exchange, Planner, Project, Dynamics 365, Visual Studio and Wunderlist. They will be compared and contrasted within the context of authentication, collaboration, interfaces and integration:
• Collaboration
○ Individual
○ Team
○ Sharing
• Integrated or not
○ Flow
○ Groups
○ Teams
• Interfaces
○ Web
○ Mobile
○ Windows
• Reporting
This session will provide an insight into the strengths and weaknesses of the tools so that you can better assess your needs and choose the best tool for the job.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
From Natural Language to Structured Solr Queries using LLMsSease
This talk draws on experimentation to enable AI applications with Solr. One important use case is to use AI for better accessibility and discoverability of the data: while User eXperience techniques, lexical search improvements, and data harmonization can take organizations to a good level of accessibility, a structural (or “cognitive” gap) remains between the data user needs and the data producer constraints.
That is where AI – and most importantly, Natural Language Processing and Large Language Model techniques – could make a difference. This natural language, conversational engine could facilitate access and usage of the data leveraging the semantics of any data source.
The objective of the presentation is to propose a technical approach and a way forward to achieve this goal.
The key concept is to enable users to express their search queries in natural language, which the LLM then enriches, interprets, and translates into structured queries based on the Solr index’s metadata.
This approach leverages the LLM’s ability to understand the nuances of natural language and the structure of documents within Apache Solr.
The LLM acts as an intermediary agent, offering a transparent experience to users automatically and potentially uncovering relevant documents that conventional search methods might overlook. The presentation will include the results of this experimental work, lessons learned, best practices, and the scope of future work that should improve the approach and make it production-ready.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
High performance Serverless Java on AWS- GoTo Amsterdam 2024Vadym Kazulkin
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
"NATO Hackathon Winner: AI-Powered Drug Search", Taras KlobaFwdays
This is a session that details how PostgreSQL's features and Azure AI Services can be effectively used to significantly enhance the search functionality in any application.
In this session, we'll share insights on how we used PostgreSQL to facilitate precise searches across multiple fields in our mobile application. The techniques include using LIKE and ILIKE operators and integrating a trigram-based search to handle potential misspellings, thereby increasing the search accuracy.
We'll also discuss how the azure_ai extension on PostgreSQL databases in Azure and Azure AI Services were utilized to create vectors from user input, a feature beneficial when users wish to find specific items based on text prompts. While our application's case study involves a drug search, the techniques and principles shared in this session can be adapted to improve search functionality in a wide range of applications. Join us to learn how PostgreSQL and Azure AI can be harnessed to enhance your application's search capability.
In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project.
📕 Detailed agenda:
Variables and Datatypes
Workflow Layouts
Arguments
Control Flows and Loops
Conditional Statements
💻 Extra training through UiPath Academy:
Variables, Constants, and Arguments in Studio
Control Flow in Studio
Session 1 - Intro to Robotic Process Automation.pdfUiPathCommunity
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
"What does it really mean for your system to be available, or how to define w...Fwdays
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
Must Know Postgres Extension for DBA and Developer during MigrationMydbops
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
5. Terminology
• The experts talk about technology using words no-one
understands
• The differences between features are not always obvious
• Microsoft have used words interchangeably over the years
• … and they change the names of products 🤨
6. Definitions
• The protection of computer systems and networks from the theft of or damage to their
hardware, software, or electronic data, as well as from the disruption or misdirection of
the services they provide
Security
• Conforming to a rule, such as a specification, policy, standard or law
Compliance
• The system by which the current and future use of ICT is directed and controlled
Governance
14. Single-Sign On
• If you pay at the entrance can
you go on any ride?
• Do you have to pay for each
ride?
This Photo by Unknown Author is licensed under CC BY-NC-ND
21. Are you allowed?
Allowed?
User
Device
Location
Content
What are you accessing?
Finance data?
HR data?
Secret sauce recipes?
Where are you?
Our network?
Coffee shop?
North Korea?
What device are you
using?
Is it secure?
Have you lent it to a child
or friend?
Who are you?
Are you who you say you are?
How do we know?
45. Definitions
• The protection of computer systems and networks from the theft of or damage to their
hardware, software, or electronic data, as well as from the disruption or misdirection of
the services they provide
Security
• Conforming to a rule, such as a specification, policy, standard or law
Compliance
• The system by which the current and future use of ICT is directed and controlled
Governance
46. Are you allowed?
Allowed?
User
Device
Location
Content
What are you accessing?
Finance data?
HR data?
Secret sauce recipes?
Where are you?
Our network?
Coffee shop?
North Korea?
What device are you
using?
Is it secure?
Have you lent it to a child
or friend?
Who are you?
Are you who you say you are?
How do we know?
Problem – Why is it so hard to explain security and compliance? In fact what is the difference, and where does governance come in to it?
Solution – Use images and stories to explain the features
Benefits – hopefully much easier to remember
Next steps – what should you do if you need to assess and implement changes to your tenant
Why is it so hard to explain security and compliance? In fact what is the difference, and where does governance come in to it?
Do I have data to compare your answers to?
Password only
Please provide two forms of identification
As well as seeing your passport, I want to check that you are the same person so I will check that your physical attributes match those stored on the passport
I will check that you have another device that you can use to enter the right information
- I trust you if you have two devices that are both aligned to your identity
Imagine a fairground with many rides.
Single sign-on would be paying to get in at the entrance to the fair ground and then being able to go on every ride without having to pay any more
The alternative is not paying at the front gate and then paying for every ride individually
If the device you are using doesn’t have a PIN, it may not be secure, it may not be you
If the Apps are not allowed by the organisation
Even apps need to have security so that in a restaurant when your child is playing they can’t accidentally send your boss or a client an email
When you suddenly turn up in a Ferrari rather than the Ford you usually drive, that will trigger a warning
If your credentials have been found on the dark web
You may be asked to go through a higher level of authentication, or have your access blocked
Security Posture assessments – check for known vulnerabilities
Alerts aligned to industry standard events and monitoring tools
Monitor and profile user behaviour and activities
Protect user identities and reduce the attack surface
What is Microsoft Defender for Identity? | Microsoft Docs
I choose the level of authentication based different factors:
Where have you authenticated
What device are you using
Where you are coming from
Where you want to go - Are you passing through or staying for a while
Is your identity safe?
What application are you logging in to?
Terms of Use
Different level of authentication
Some doors are open
Some doors are locked
You have a bunch of keys that you have been given that allow you in to certain rooms
You can ask for other keys
Complex set of controls
Invite a user into our environment
Send a link to a specific item and change the permissions on that item
What application?
What location
Sensitivity classification of location
Each room contains content
Documents, data
To be created and edited
Marking – make sure people know that the document is important
Secure documents by forcing people to have a key to open
If you borrow a book
We may want you to use the key every time to open the book - encrypted
You might be able to use the book for a while without a key – time between auth
Warnings
Set off an alarm if a book or document passes out of the organisation
Prevention
Slam the shutters down to prevent the book leaving
Check for malicious content in emails arriving
Check that links are to safe locations – Email and Teams
Anti-virus
Anti-phising policies
Attack simulation
Keep content for a period of time
Tax records
Guarantees
Design documents
When should content be removed?
Should it be deleted
Should it be reviewed
When you need to find information from the whole library
Monitor activity
React to activity
Notifications
Rules based on frequency or quantity
Pro-actively add sensitivity to content
What is Cloud App Security? | Microsoft Docs
Microsoft 365 Defender - Microsoft 365 security | Microsoft Docs
Unified management of
For EndPoint
For Office 365
For Identity
MCAS
Manage incidents and see timeline of attack
Manage investigations
Listening not just to Microsoft 365 but any system
Azure
Firewalls
Custom solutions
Complex rules on how to identify anomalous behaviour
Sophisticated responses
What is Azure Sentinel? | Microsoft Docs
Compare your configuration to required legislation
Get recommendations on how to improve the scores
Manage tasks to improve your score
Send an emails to test how well staff respond to threats
Identify where more awareness and training is needed