Examining the challenges of adopting security frameworks from larger countries and how we can work together to improve automation, reuse and collaboration in security. Includes launch of opensecurity.nz
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...NetworkCollaborators
The document discusses the challenges of cybersecurity in a world of digital business and relentless change. It notes that data has become currency, but that information overload, skills gaps, and evolving threats pose challenges. It asks how organizations can change the equation to more effectively protect themselves through approaches like controlling network access, quickly finding and containing problems, simplifying network segmentation, and stopping threats at the edge. The document advocates the Cisco security architecture and threat intelligence approach to enable seeing threats once and protecting everywhere across endpoints, cloud, and networks. It provides examples of challenges like WannaCry and the transition to multi-cloud environments.
The document is a report from Accenture on cybersecurity for high technology companies. It finds that only 44% of respondents have confidence in their cybersecurity capabilities across key domains. Failure rates for security breaches are alarmingly high, with thousands to millions of random breach attempts per week and over 144 focused attacks per year resulting in one in four attacks being successful breaches. Internal breaches are particularly problematic, with 41% of security impacts coming from malicious insiders. The report recommends that companies pressure test security capabilities, make security a shared responsibility, protect key assets from within, increase executive engagement, continually innovate defenses, and ensure security is connected to business needs.
This document discusses building risk scenarios. It provides examples of using risk scenario analysis for proactive risk assessments, audits, and management inquiries. It outlines steps for scoping a risk scenario, including identifying threats, assets, events, controls and assumptions. Data sources that can inform the analysis are described, such as private organizational data, industry reports, audits, and security tools. The webinar is the second in a three part series on scenario based risk analysis.
Defining A Cyber Moonshot: Getting Safer in Five Yearsscoopnewsgroup
The document calls for a "cyber moonshot" - a concerted national effort - to address the growing threats posed by cybersecurity issues. It proposes that such an effort require leadership, specific calls to action, and sustained investment. It suggests that incentives must be put in place to encourage securing data rather than penalties alone, and that data sharing should be viewed as a common good rather than a source of financial gain. The effort would aim to organize and direct national energies and skills towards achieving the hard goal of improving cybersecurity, similar to the spirit of President Kennedy's moonshot initiative. It asks what the single most important thing is that could be done now to ignite this national cyber moonshot effort.
This 10 step document provides recommendations for building a more secure business. It advises to 1) embed security in the foundation to promote innovation, 2) regularly monitor and test security systems to ensure resilience, and 3) identify the biggest risks and focus on minimizing each threat to stay protected.
The document discusses advanced persistent threats and how the Triton system from Websense can defend against them. It notes that the threat landscape has changed, with attacks now using zero-day exploits and aiming for financial gain rather than damage. Traditional signature-based defenses are ineffective against these new threats. The presentation then argues that Triton can better stop these threats through real-time, content-aware and unified threat analytics rather than just signature matching. It concludes by thanking the audience.
This document discusses cybersecurity risk management. It outlines that the primary goals of any cybersecurity endeavor are to thwart attacks and train people and systems to recognize infiltration. Effective cybersecurity risk management requires identifying risks, assessing them, and taking steps to reduce risks to an acceptable level. This involves identifying operational risks from internal and external events, and treating risks through avoidance, transfer, mitigation, or exploitation. The document promotes investing in professional cybersecurity risk assessments.
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...NetworkCollaborators
The document discusses the challenges of cybersecurity in a world of digital business and relentless change. It notes that data has become currency, but that information overload, skills gaps, and evolving threats pose challenges. It asks how organizations can change the equation to more effectively protect themselves through approaches like controlling network access, quickly finding and containing problems, simplifying network segmentation, and stopping threats at the edge. The document advocates the Cisco security architecture and threat intelligence approach to enable seeing threats once and protecting everywhere across endpoints, cloud, and networks. It provides examples of challenges like WannaCry and the transition to multi-cloud environments.
The document is a report from Accenture on cybersecurity for high technology companies. It finds that only 44% of respondents have confidence in their cybersecurity capabilities across key domains. Failure rates for security breaches are alarmingly high, with thousands to millions of random breach attempts per week and over 144 focused attacks per year resulting in one in four attacks being successful breaches. Internal breaches are particularly problematic, with 41% of security impacts coming from malicious insiders. The report recommends that companies pressure test security capabilities, make security a shared responsibility, protect key assets from within, increase executive engagement, continually innovate defenses, and ensure security is connected to business needs.
This document discusses building risk scenarios. It provides examples of using risk scenario analysis for proactive risk assessments, audits, and management inquiries. It outlines steps for scoping a risk scenario, including identifying threats, assets, events, controls and assumptions. Data sources that can inform the analysis are described, such as private organizational data, industry reports, audits, and security tools. The webinar is the second in a three part series on scenario based risk analysis.
Defining A Cyber Moonshot: Getting Safer in Five Yearsscoopnewsgroup
The document calls for a "cyber moonshot" - a concerted national effort - to address the growing threats posed by cybersecurity issues. It proposes that such an effort require leadership, specific calls to action, and sustained investment. It suggests that incentives must be put in place to encourage securing data rather than penalties alone, and that data sharing should be viewed as a common good rather than a source of financial gain. The effort would aim to organize and direct national energies and skills towards achieving the hard goal of improving cybersecurity, similar to the spirit of President Kennedy's moonshot initiative. It asks what the single most important thing is that could be done now to ignite this national cyber moonshot effort.
This 10 step document provides recommendations for building a more secure business. It advises to 1) embed security in the foundation to promote innovation, 2) regularly monitor and test security systems to ensure resilience, and 3) identify the biggest risks and focus on minimizing each threat to stay protected.
The document discusses advanced persistent threats and how the Triton system from Websense can defend against them. It notes that the threat landscape has changed, with attacks now using zero-day exploits and aiming for financial gain rather than damage. Traditional signature-based defenses are ineffective against these new threats. The presentation then argues that Triton can better stop these threats through real-time, content-aware and unified threat analytics rather than just signature matching. It concludes by thanking the audience.
This document discusses cybersecurity risk management. It outlines that the primary goals of any cybersecurity endeavor are to thwart attacks and train people and systems to recognize infiltration. Effective cybersecurity risk management requires identifying risks, assessing them, and taking steps to reduce risks to an acceptable level. This involves identifying operational risks from internal and external events, and treating risks through avoidance, transfer, mitigation, or exploitation. The document promotes investing in professional cybersecurity risk assessments.
How to Establish a Culture of Safety ExcellencePECB
The document discusses how to establish a culture of safety excellence. It outlines five key questions organizations should ask themselves: 1) How is safety excellence defined? 2) What is common when safety excellence is achieved? 3) What is the safety excellence strategy and can the culture carry it out? 4) What data prioritizes initiatives and validates progress? 5) What does the organization need to stop doing? The document advocates using a balanced scorecard approach with lagging, leading, and transformational indicators to measure progress towards a culture of safety excellence.
Falcon OverWatch Experts Hunt 24/7 To Stop Incidents Before They Become Breaches
Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.
A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.
Download the webcast slides to learn:
--How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security
--Why an approach that includes proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats
--How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches
DevSecOps refers to a software engineering culture that introduces security early in the development lifecycle to mitigate risks. It emphasizes collaboration between developers and security teams, where they previously worked independently. DevSecOps combines these teams to strengthen security testing without disrupting the development cycle. There is a need for DevSecOps because security and compliance are now major priorities, and developers can inadvertently release software with vulnerabilities. Key principles include integrating security practices into development, continuous learning, collaboration between teams, sharing threat intelligence, and delivering secure software quickly.
2015 CPA Congress - Disruption - 10 things to pay attention to for your industryTodd Davies
Extract from CPA Congress presentation on the future of audit - a futurecast to 2030 and what to learn to apply today. This extract is a very quick snapshot on 10 things to be alert to about industry disruption and how it might hit you.
Lessons Learned from Fire Escapes for Cybersecurityscoopnewsgroup
This document discusses the similarities between fire safety and cybersecurity. It notes that both require better prevention, detection, and response approaches rather than just bolting on extra protections after the fact. The document advocates adopting a security framework, looking at supply chain security, and taking a comprehensive approach focused on prevention, detection, response, and recovery rather than just attaching on extra protections like fire escapes. It was presented by a Global Compliance Product Lead at Google Cloud with experience in security and as a retired fire chief.
Information Security for startups was presented on 11 September 2010 at the Barcamp meeting in Antwerp, Belgium. It presents issues, tips and interesting information security pointers for startup businesses in the world of e-commerce.
The most unique thing about DevSecOps is that it introduces security at the early stage of the software development lifecycle to mitigate security risks and achieve their objectives. Let’s know more about it!
Intelligent Cybersecurity for the Real WorldNetCraftsmen
Cisco is investing heavily in cybersecurity to address the growing threat landscape and security effectiveness gap. The company's threat-centric security model provides visibility, control, intelligence and context across networks, endpoints, mobile devices, virtual systems and the cloud to speed detection and remediation times. Cisco's integrated threat defense architecture aims to simplify security through automation and sharing of global intelligence while improving efficacy.
Design highly available and secure systemAndi Pangeran
The document discusses designing highly available and secure systems. It covers security concepts like threats, vulnerabilities, and controls. Common security threats like OWASP top 10 vulnerabilities are explained. Symmetric and asymmetric encryption techniques are described along with digital certificates and SSL. Web security best practices are provided. For availability, concepts like MTBF, MTTR and downtime calculations are covered. Tactics to improve availability like embracing failures, bulkheading and circuit breakers are presented.
STAREAST 2017- Optimize Performance Testing Using Cloud and DevOpsTroy Marshall
Traditional performance testing practices don't scale when you begin delivering software using cloud computing and DevOps. Troy Marshall shares how Ellucian transformed their performance testing program using the same principles DevOps uses to deliver software. It isn't enough just to automate the execution of performance tests. You must continually optimize every step—from building the performance test tool infrastructure, configuring test scripts and scenarios, collecting metrics, and reporting results. In addition, by using cloud computing to implement performance testing, you create significant business value by reducing the cost, increasing velocity, and bringing more visibility to your application’s performance. Join Troy to learn how to enable your development teams to consume performance testing as just another service in the CI/CD pipeline, freeing them to focus attention on developing their products.
Key Learnings
-----------------
•Tools and techniques - understanding the taxonomy
•Top use cases for the SOC
•Attack surfaces
-Insider threat (ignored at the moment)
-Credential theft
-Endpoint compromise
-Application attack
•Monitoring / Building / SWIFT Fraud
•Analytics and hunting playbooks for SWIFT
The two-day symposium will cover principles and practices for building an incident-free culture and achieving safety excellence. Day 1 will discuss elements that drive safety performance, how safety improves performance in other areas, and keys to measuring culture and leadership for success. Day 2 will provide tools to analyze incidents, use safety data to reduce risk, and define behaviors to advance safety. Attendees will learn how to empower workers, inspire excellence through leadership, and create a roadmap to achieve lasting safety improvements.
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Mighty Guides, Inc.
The document discusses strategies for communicating security program effectiveness to upper management using security metrics. It features essays from 22 security experts in Asia-Pacific who provide their perspectives on meaningful security metrics. Some of the key strategies and metrics discussed include compliance metrics but also risk-based metrics like vulnerability rates over time and a security maturity score. Tracking externally reported security incidents over time and the results of penetration testing are also presented as useful metrics to share with leadership. The experts emphasize selecting metrics that show risk reduction and how security enhances business success.
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdfStéphane Nappo
"One of the main Cyber risks is to think they don't exist. The other is to try to treat all risks".
Key cybersecurity quotes, key methodologies, and advanced risk management approches. Seeking for simplicity and efficiency in the complex realm... Do read.
The document summarizes a presentation given by Craig Walker, CTO of Xero Ltd, about ensuring full-proof security at Xero. It discusses how Xero engaged Aura Software Security as virtual security officers to help deliver secure software as a service (SaaS) over the long term. Aura took an integrated approach to security including threat modelling, attack trees, penetration testing, and ongoing monitoring to identify security risks and weaknesses in Xero's software and hosting environment. The presentation emphasizes that security is an ongoing process requiring a holistic approach and continuous improvement.
Google takes several steps to protect user data including building security into their systems from the ground up, maintaining global infrastructure like undersea cables, employing over 450 security engineers for 24/7 monitoring, and conducting security research. They also focus on agility to prevent incidents and respond quickly through fast development and deployment. For businesses, Google provides tools to comply with privacy laws and ensures user data remains under their control with transparency around Google's legal commitments and compliance.
The document summarizes key takeaways from the RSA Conference 2016. It discusses the rising threat of ransomware and the need to back to basics on security fundamentals like authentication, firewalls, and software updates. It also notes that the target of attacks is expanding to cloud and big data, and that organizations need to treat data as toxic. Other topics covered include new approaches to threat modeling, developing resilience after a breach, extending security teams through outsourcing, and reassessing threat detection capabilities. The document provides an agenda and information on speakers for an upcoming cybersecurity summit event.
How to Establish a Culture of Safety ExcellencePECB
The document discusses how to establish a culture of safety excellence. It outlines five key questions organizations should ask themselves: 1) How is safety excellence defined? 2) What is common when safety excellence is achieved? 3) What is the safety excellence strategy and can the culture carry it out? 4) What data prioritizes initiatives and validates progress? 5) What does the organization need to stop doing? The document advocates using a balanced scorecard approach with lagging, leading, and transformational indicators to measure progress towards a culture of safety excellence.
Falcon OverWatch Experts Hunt 24/7 To Stop Incidents Before They Become Breaches
Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.
A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.
Download the webcast slides to learn:
--How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security
--Why an approach that includes proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats
--How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches
DevSecOps refers to a software engineering culture that introduces security early in the development lifecycle to mitigate risks. It emphasizes collaboration between developers and security teams, where they previously worked independently. DevSecOps combines these teams to strengthen security testing without disrupting the development cycle. There is a need for DevSecOps because security and compliance are now major priorities, and developers can inadvertently release software with vulnerabilities. Key principles include integrating security practices into development, continuous learning, collaboration between teams, sharing threat intelligence, and delivering secure software quickly.
2015 CPA Congress - Disruption - 10 things to pay attention to for your industryTodd Davies
Extract from CPA Congress presentation on the future of audit - a futurecast to 2030 and what to learn to apply today. This extract is a very quick snapshot on 10 things to be alert to about industry disruption and how it might hit you.
Lessons Learned from Fire Escapes for Cybersecurityscoopnewsgroup
This document discusses the similarities between fire safety and cybersecurity. It notes that both require better prevention, detection, and response approaches rather than just bolting on extra protections after the fact. The document advocates adopting a security framework, looking at supply chain security, and taking a comprehensive approach focused on prevention, detection, response, and recovery rather than just attaching on extra protections like fire escapes. It was presented by a Global Compliance Product Lead at Google Cloud with experience in security and as a retired fire chief.
Information Security for startups was presented on 11 September 2010 at the Barcamp meeting in Antwerp, Belgium. It presents issues, tips and interesting information security pointers for startup businesses in the world of e-commerce.
The most unique thing about DevSecOps is that it introduces security at the early stage of the software development lifecycle to mitigate security risks and achieve their objectives. Let’s know more about it!
Intelligent Cybersecurity for the Real WorldNetCraftsmen
Cisco is investing heavily in cybersecurity to address the growing threat landscape and security effectiveness gap. The company's threat-centric security model provides visibility, control, intelligence and context across networks, endpoints, mobile devices, virtual systems and the cloud to speed detection and remediation times. Cisco's integrated threat defense architecture aims to simplify security through automation and sharing of global intelligence while improving efficacy.
Design highly available and secure systemAndi Pangeran
The document discusses designing highly available and secure systems. It covers security concepts like threats, vulnerabilities, and controls. Common security threats like OWASP top 10 vulnerabilities are explained. Symmetric and asymmetric encryption techniques are described along with digital certificates and SSL. Web security best practices are provided. For availability, concepts like MTBF, MTTR and downtime calculations are covered. Tactics to improve availability like embracing failures, bulkheading and circuit breakers are presented.
STAREAST 2017- Optimize Performance Testing Using Cloud and DevOpsTroy Marshall
Traditional performance testing practices don't scale when you begin delivering software using cloud computing and DevOps. Troy Marshall shares how Ellucian transformed their performance testing program using the same principles DevOps uses to deliver software. It isn't enough just to automate the execution of performance tests. You must continually optimize every step—from building the performance test tool infrastructure, configuring test scripts and scenarios, collecting metrics, and reporting results. In addition, by using cloud computing to implement performance testing, you create significant business value by reducing the cost, increasing velocity, and bringing more visibility to your application’s performance. Join Troy to learn how to enable your development teams to consume performance testing as just another service in the CI/CD pipeline, freeing them to focus attention on developing their products.
Key Learnings
-----------------
•Tools and techniques - understanding the taxonomy
•Top use cases for the SOC
•Attack surfaces
-Insider threat (ignored at the moment)
-Credential theft
-Endpoint compromise
-Application attack
•Monitoring / Building / SWIFT Fraud
•Analytics and hunting playbooks for SWIFT
The two-day symposium will cover principles and practices for building an incident-free culture and achieving safety excellence. Day 1 will discuss elements that drive safety performance, how safety improves performance in other areas, and keys to measuring culture and leadership for success. Day 2 will provide tools to analyze incidents, use safety data to reduce risk, and define behaviors to advance safety. Attendees will learn how to empower workers, inspire excellence through leadership, and create a roadmap to achieve lasting safety improvements.
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Mighty Guides, Inc.
The document discusses strategies for communicating security program effectiveness to upper management using security metrics. It features essays from 22 security experts in Asia-Pacific who provide their perspectives on meaningful security metrics. Some of the key strategies and metrics discussed include compliance metrics but also risk-based metrics like vulnerability rates over time and a security maturity score. Tracking externally reported security incidents over time and the results of penetration testing are also presented as useful metrics to share with leadership. The experts emphasize selecting metrics that show risk reduction and how security enhances business success.
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdfStéphane Nappo
"One of the main Cyber risks is to think they don't exist. The other is to try to treat all risks".
Key cybersecurity quotes, key methodologies, and advanced risk management approches. Seeking for simplicity and efficiency in the complex realm... Do read.
The document summarizes a presentation given by Craig Walker, CTO of Xero Ltd, about ensuring full-proof security at Xero. It discusses how Xero engaged Aura Software Security as virtual security officers to help deliver secure software as a service (SaaS) over the long term. Aura took an integrated approach to security including threat modelling, attack trees, penetration testing, and ongoing monitoring to identify security risks and weaknesses in Xero's software and hosting environment. The presentation emphasizes that security is an ongoing process requiring a holistic approach and continuous improvement.
Google takes several steps to protect user data including building security into their systems from the ground up, maintaining global infrastructure like undersea cables, employing over 450 security engineers for 24/7 monitoring, and conducting security research. They also focus on agility to prevent incidents and respond quickly through fast development and deployment. For businesses, Google provides tools to comply with privacy laws and ensures user data remains under their control with transparency around Google's legal commitments and compliance.
The document summarizes key takeaways from the RSA Conference 2016. It discusses the rising threat of ransomware and the need to back to basics on security fundamentals like authentication, firewalls, and software updates. It also notes that the target of attacks is expanding to cloud and big data, and that organizations need to treat data as toxic. Other topics covered include new approaches to threat modeling, developing resilience after a breach, extending security teams through outsourcing, and reassessing threat detection capabilities. The document provides an agenda and information on speakers for an upcoming cybersecurity summit event.
Resiliency, Risk Management Add a New Dimension to Discussions about Enterpri...Dana Gardner
Transcript of a BriefingsDirect podcast from the HP Discover 2012 Conference on how our views of security need to be expanded beyond protecting the perimeter.
Industrial and Warehouse Security
Regulation breaking offenders target Industrial sites on a regular basis. Industrial sites and warehouses are an appealing target for thieves and vandals.
Office Security Services
Office safety additionally includes having safety and security at the entrance to the building to escape any type of potential threats.
Construction Site Security Services
Protecting your building site is essential to stop the loss of valuable tools, machinery and products, as well as maintaining the public and also employees safety.
Blue Line Operations Security Services are your local experts in office and building security.
We can bring our experience in safety and security, along with the latest industry training and knowledge, to help you meet your needs.
Whatever your situation, we can offer a business security assessment, so you have all the information you could want to make a decision. And after our office security assessment, if you need CCTV monitoring, security patrols, or manned guarding services, our team are here to help.
Get in touch with Blue Line Operations today to find out how you can make your offices and staff safe and secure.
https://bluelineoperations.co.uk/
1. Finding the right balance in any organization depends on assessing risk and then convincing executive management to fund security needs.
2. To justify endpoint security solutions, one expert recommends using actual metrics that show the effectiveness of something already deployed, rather than scare tactics about potential attacks.
3. When facing budget reductions, the expert advises resetting expectations by informing management how service levels may be impacted and the increased risks from reduced resources. Quantitative data showing improved security with existing tools can help make the case for continued funding.
Accuvant is a cybersecurity firm that provides a comprehensive suite of security solutions and services to help organizations address pressing security issues. Their unique approach combines best-in-class technology with expert consulting services. They have a team of over 250 security experts called Accuvant LABS who perform research, develop solutions, and work with clients. Accuvant's services include security assessments, technology installations, managed security services, training, and consulting to help organizations secure their infrastructure and achieve security goals.
The disappearance of the network perimeter is the greatest security challenge according to one expert. Traditional network boundaries have been eroded by cloud services, mobile devices, and remote work access. This lack of a defined perimeter makes it difficult to know all assets and users on the network. Another issue is the use of unknown cloud services by employees that expose company data without IT oversight. To address this, companies need accurate asset inventories, security policies for all assets and services, and security awareness training for employees. The goal is minimizing risks so businesses can focus on their main operations.
CyberMaryland Job Fair Job Seeker Handbook December 5, 2019 BaltimoreClearedJobs.Net
Please join us if you have cyber security education or experience.
If you're cleared, visit: https://clearedjobs.net/job-fair/fair/104/
If you're not cleared, visit: https://cybersecjobs.com/job-fair/fair/79/
Open Security and Privacy Reference Architecture Asim Jahan
A book teaser for the E-book and open community project "Open Security and Privacy Reference Architecture". The book provides reusable models for both information (cyber) security and privacy.
'Unsustainably Sustainable' by Dr Carl Ungerer and Vanessa Liell at Mumbrella...Brittany Ferdinands
This document discusses sustainability and the risks it poses to organizations. It begins with defining sustainability as anything that threatens long-term business sustainability, focusing on environmental, social and governance (ESG) factors. The document then notes that overblown sustainability claims can lead to greenwashing accusations. It presents a case study on cybersecurity risks, calling it the number one governance issue and noting that failures to protect data will face regulatory, legal and reputational consequences. The document concludes by advising communicators to partner with experts, separate communication from technical issues, ask hard questions to verify facts, and avoid sustainability pitfalls.
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Mighty Guides, Inc.
According to Russ Kirby, CISO of Creditsafe, security frameworks have benefits but also limitations. Frameworks can be industry specific and slow to evolve, not keeping pace with changes in technology and regulations. However, running security programs without a framework is also impractical given today's complex IT environments and compliance needs. Adopting a framework that suits an organization's business model provides visibility that enables anticipating regulatory reporting needs. A framework facilitates understanding risk within a business and identifying the most critical security projects.
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Mighty Guides, Inc.
Lester Godsey discusses how a security framework provides a baseline for acceptable security practices in an organization and enables security conversations with other business areas. It gives context for discussing exceptions or additional controls. Most businesses customize frameworks based on their specific needs and regulations. Having a framework in place allows an organization to design security metrics that map to important controls and align with business objectives.
Lee Bailey notes that security frameworks help mature a security practice by guiding organizations from identifying needs to defining controls and processes. It enables aligning security and business objectives by making security decisions based on risk and explaining security issues to non-technical staff. For retailers, payment security standards help maintain customer trust and confidence, supporting the core business strategy. Frameworks also simplify
The agenda covers governance, risk, and compliance (GRC). GRC involves governance which defines how companies are directed, risk which is the effect of uncertainty on business objectives, and compliance which is adhering to external laws and regulations. The presenter discusses what is driving increased focus on GRC such as regulations, standards, risks, technologies, and transparency demands. Views of GRC include avoiding negative consequences and being fundamental to complex business operations. Getting started with GRC involves acknowledging that information security is about risk management and that security and auditors have similar goals. Developing a GRC strategy involves analyzing processes, discovering dependencies, and creating a roadmap.
The document provides advice from 10 security experts on how to improve security capabilities and adopt a more proactive approach to threat management. Joseph Smith, interim director of IT at the University of Maryland Eastern Shore, discusses treating endpoints as part of a larger, integrated system rather than as isolated machines. He uses a defense-in-depth strategy including traditional defenses, limited user accounts and application whitelisting. Smith believes a proactive security approach is needed given attackers' unlimited time and resources.
Fidelis Cybersecurity provides network and endpoint security solutions to detect attacks across all ports and protocols. It was founded in 2002 and has over 320 employees. Their solutions include Fidelis Endpoint and Network products as well as incident response and security consulting services. Their customers include many large companies across various industries as well as smaller organizations.
Similar to Security confessions of a small country (20)
Mastering the Concepts Tested in the Databricks Certified Data Engineer Assoc...SkillCertProExams
• For a full set of 760+ questions. Go to
https://skillcertpro.com/product/databricks-certified-data-engineer-associate-exam-questions/
• SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
• It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
• SkillCertPro updates exam questions every 2 weeks.
• You will get life time access and life time free updates
• SkillCertPro assures 100% pass guarantee in first attempt.
This presentation by OECD, OECD Secretariat, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
XP 2024 presentation: A New Look to Leadershipsamililja
Presentation slides from XP2024 conference, Bolzano IT. The slides describe a new view to leadership and combines it with anthro-complexity (aka cynefin).
This presentation by Professor Alex Robson, Deputy Chair of Australia’s Productivity Commission, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...Suzanne Lagerweij
This is a workshop about communication and collaboration. We will experience how we can analyze the reasons for resistance to change (exercise 1) and practice how to improve our conversation style and be more in control and effective in the way we communicate (exercise 2).
This session will use Dave Gray’s Empathy Mapping, Argyris’ Ladder of Inference and The Four Rs from Agile Conversations (Squirrel and Fredrick).
Abstract:
Let’s talk about powerful conversations! We all know how to lead a constructive conversation, right? Then why is it so difficult to have those conversations with people at work, especially those in powerful positions that show resistance to change?
Learning to control and direct conversations takes understanding and practice.
We can combine our innate empathy with our analytical skills to gain a deeper understanding of complex situations at work. Join this session to learn how to prepare for difficult conversations and how to improve our agile conversations in order to be more influential without power. We will use Dave Gray’s Empathy Mapping, Argyris’ Ladder of Inference and The Four Rs from Agile Conversations (Squirrel and Fredrick).
In the session you will experience how preparing and reflecting on your conversation can help you be more influential at work. You will learn how to communicate more effectively with the people needed to achieve positive change. You will leave with a self-revised version of a difficult conversation and a practical model to use when you get back to work.
Come learn more on how to become a real influencer!
Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie WellsRosie Wells
Insight: In a landscape where traditional narrative structures are giving way to fragmented and non-linear forms of storytelling, there lies immense potential for creativity and exploration.
'Collapsing Narratives: Exploring Non-Linearity' is a micro report from Rosie Wells.
Rosie Wells is an Arts & Cultural Strategist uniquely positioned at the intersection of grassroots and mainstream storytelling.
Their work is focused on developing meaningful and lasting connections that can drive social change.
Please download this presentation to enjoy the hyperlinks!
This presentation, created by Syed Faiz ul Hassan, explores the profound influence of media on public perception and behavior. It delves into the evolution of media from oral traditions to modern digital and social media platforms. Key topics include the role of media in information propagation, socialization, crisis awareness, globalization, and education. The presentation also examines media influence through agenda setting, propaganda, and manipulative techniques used by advertisers and marketers. Furthermore, it highlights the impact of surveillance enabled by media technologies on personal behavior and preferences. Through this comprehensive overview, the presentation aims to shed light on how media shapes collective consciousness and public opinion.
3. In this talk
We are here
NZ in a global context
The best and worst
Our national traits applied to
security
Building a secure NZ
The safest version of our digital
selves
23. Willingness to improvise
Less perfectionism
Prepared to take risk
pros cons
Compromise quality
Underestimate complexity
Leave projects unfinished
24. Can embracing NZ culture improve our security?
and how can we get started
25. we can work on our vulnerabilities
Compromise quality
Underestimate complexity
Leave projects unfinished
Supporting standards that enforce and measure quality
Openly talking about complexity
Holding ourselves accountable for completion
26. More selective about when we trust
More prepared for defensive response
Developing threat models for our economy and people
we can understand our risk
More trusting
Less defensive response
Slower to adapt to changing threat levels
30. Requirements
Has a code of conduct
Has a contribution guide
Has a readme file
Open source license
Is maintained
Created in New Zealand
31. Got a project you’d like to share?
https://opensecurity.nz
https://safestack.typeform.com/to/i6wj2y
support@opensecurity.nz
32. Summary
We are here
Context matters in security
The best and worst
Need to be balanced to thrive
Building a secure NZ
Needs us to listen to smaller
voices