SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
•
0 likes•1,238 views
Too many incidents related to “ransomware” in North East of Italy. Companies needs to understand how to protect themselves and ensure continued access to the digital data. The damage of a cyber incidents exceed the threshold of US $ 25mil. Safe rating of Intangible Assets of a company need enhancement of the cyber risks insurance market. But a weak competence require clarification on this topic. The research intent was to identify the real risks and digital vulnerabilities in companies. We have done an evaluation of typical insurance products on IT risk and we have made a CIO/CISO Survey. The final scope was a guideline for approacing the problem of outsourcing Cyber Risk Protection.
Report
Share
Report
Share
Download to read offline
Recommended
INFOSEK 2016 Slovenia - Cyber Risk Insurance - Scenario and Evaluation
Too many incidents related to "ransomware" in North East of Itally. Companies needs to understand how to protect themselves and ensure continued access to the digital data. The damage of a cyber incidents exceed the threshold of US $ 25mil. Safe rating of Intangible Assets of a company need enhancement of the cyber risks insurance market. But a weak competence require clarification on this topic. The research intent was to identify the real risks and digital vulnerabilities in companies. We have done an evaluation of typical insurance products on IT risk and we have made a CIO/CISO Survey. The final scope was a guideline for approacing the problem of outsourcing Cyber Risk Protection.
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
Talk Luca Moroni - Via Virtuosa
Cyber security awareness of critical infrastructures in N/E of Italy: scenarios and guidelines for self-assesement
Ozaveščenost o varnosti spleta in kritične infrastrukture v severni Italiji: Scenariji in smernice kako opraviti samooceno
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Critical Infrastructures (IC) are essential elements in our economic and social life. Cyber incidents in such organizations could create a “domino effect”. This must be an important concern in a National Cyber Security Policy. Now EU Cybersecurity Act
Infosek Luca Moroni Nova Gorica (SLO)
The document introduces ISACA's Cybersecurity Audit Certificate program. It provides information about Luca Moroni, who will be taking the Cybersecurity Audit Certificate exam. It outlines the exam structure, including that it contains 75 multiple choice questions, takes 2 hours to complete, and requires a passing score of 65% to pass. It also provides sample exam questions and information about the Cybersecurity Audit Certificate online course to help prepare for the exam.
Presentazione Security Challenga 12/9/16 Bologna
This document summarizes Via Virtuosa's strategy and goals. It discusses Via Virtuosa's offerings for customers in northeast Italy such as knowledge of market requirements and startup support. It notes Via Virtuosa's growth between 2010-2015 with 78 new customers and increasing annual revenue. The document outlines future goals such as expanding internationally and industrializing their brokering business model. It seeks future sponsors like business angels, startups, and EU companies seeking an external cybersecurity business unit.
What is needed to start trusting the security of your applications in the cloud?
This document discusses how ISO/IEC 27034 can help verify the security of operational applications hosted in the cloud. It introduces key concepts like understanding the scope of an application versus its security scope. It outlines a three-layer cloud application architecture and examines existing cloud security certifications. ISO/IEC 27034 improves upon these by providing elements like Application Security Controls (ASCs), an ASC Library, and an Application Security Life Cycle Reference Model to make security implementation, validation, and auditing more measurable and repeatable.
Accountability for Corporate Cybersecurity - Who Owns What?
Data breaches have progressed from low probability, high consequence events to high probability, high consequence events. This shift requires that senior executives become more involved to help reduce financial impact and protect their companies’ reputation and brand.
Cybersecurity frameworks like NIST, HITRUST, PCI DSS, COBIT, and OSI provide the structure to facilitate senior executive participation. The technical perspective, sophistication, and complexity of frameworks can lead to silos of cybersecurity management. Cross-functional accountability for effective corporate cybersecurity management is required.
A Responsibility Assignment Matrix within a cybersecurity framework can visually and effectively illustrate cross-functional ownership of the corporate cybersecurity plan. Ownership of the creation and maintenance of the corporate security plan should remain with either the security or IT department. Many aspects of cybersecurity accountability naturally reside outside of the security and IT departments.
Please visit this site and explore how corporate accountability can be incorporated with cybersecurity planning.
http://processdeliverysystems.com/v2pds_nist/index.htm
Click here to download the presentation Accountability for Corporate Cybersecurity, Who Owns What?
http://processdeliverysystems.com/v2pds_nist/documents/PDS_Accountabiliy_NIST_Cybersecurity_Framework.pdf
Click here to download the Responsibility Assignment Matrix for the NIST Cybersecurity Framework.
http://processdeliverysystems.com/v2pds_nist/documents/PDS_NIST_Cybersecurity_Framework_RACI.pdf
We welcome your questions, insights, and comments.
Challenges of doing security in uncharted territory
The document discusses the challenges of security in industrial IoT (IIoT) systems, which operate in uncharted territory. It outlines several technical, business, legal, and acceptance challenges in securing IIoT architectures and protocols. These include choosing standards, managing keys and firmware updates, addressing privacy concerns, and the lack of joint security and development expertise. The document proposes starting with basics like simplifying systems, making security understandable, and following simple rules like "fail safe" and "fail secure" designs to build a more secure IIoT future.
Recommended
INFOSEK 2016 Slovenia - Cyber Risk Insurance - Scenario and Evaluation
Too many incidents related to "ransomware" in North East of Itally. Companies needs to understand how to protect themselves and ensure continued access to the digital data. The damage of a cyber incidents exceed the threshold of US $ 25mil. Safe rating of Intangible Assets of a company need enhancement of the cyber risks insurance market. But a weak competence require clarification on this topic. The research intent was to identify the real risks and digital vulnerabilities in companies. We have done an evaluation of typical insurance products on IT risk and we have made a CIO/CISO Survey. The final scope was a guideline for approacing the problem of outsourcing Cyber Risk Protection.
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
Talk Luca Moroni - Via Virtuosa
Cyber security awareness of critical infrastructures in N/E of Italy: scenarios and guidelines for self-assesement
Ozaveščenost o varnosti spleta in kritične infrastrukture v severni Italiji: Scenariji in smernice kako opraviti samooceno
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Critical Infrastructures (IC) are essential elements in our economic and social life. Cyber incidents in such organizations could create a “domino effect”. This must be an important concern in a National Cyber Security Policy. Now EU Cybersecurity Act
Infosek Luca Moroni Nova Gorica (SLO)
The document introduces ISACA's Cybersecurity Audit Certificate program. It provides information about Luca Moroni, who will be taking the Cybersecurity Audit Certificate exam. It outlines the exam structure, including that it contains 75 multiple choice questions, takes 2 hours to complete, and requires a passing score of 65% to pass. It also provides sample exam questions and information about the Cybersecurity Audit Certificate online course to help prepare for the exam.
Presentazione Security Challenga 12/9/16 Bologna
This document summarizes Via Virtuosa's strategy and goals. It discusses Via Virtuosa's offerings for customers in northeast Italy such as knowledge of market requirements and startup support. It notes Via Virtuosa's growth between 2010-2015 with 78 new customers and increasing annual revenue. The document outlines future goals such as expanding internationally and industrializing their brokering business model. It seeks future sponsors like business angels, startups, and EU companies seeking an external cybersecurity business unit.
What is needed to start trusting the security of your applications in the cloud?
This document discusses how ISO/IEC 27034 can help verify the security of operational applications hosted in the cloud. It introduces key concepts like understanding the scope of an application versus its security scope. It outlines a three-layer cloud application architecture and examines existing cloud security certifications. ISO/IEC 27034 improves upon these by providing elements like Application Security Controls (ASCs), an ASC Library, and an Application Security Life Cycle Reference Model to make security implementation, validation, and auditing more measurable and repeatable.
Accountability for Corporate Cybersecurity - Who Owns What?
Data breaches have progressed from low probability, high consequence events to high probability, high consequence events. This shift requires that senior executives become more involved to help reduce financial impact and protect their companies’ reputation and brand.
Cybersecurity frameworks like NIST, HITRUST, PCI DSS, COBIT, and OSI provide the structure to facilitate senior executive participation. The technical perspective, sophistication, and complexity of frameworks can lead to silos of cybersecurity management. Cross-functional accountability for effective corporate cybersecurity management is required.
A Responsibility Assignment Matrix within a cybersecurity framework can visually and effectively illustrate cross-functional ownership of the corporate cybersecurity plan. Ownership of the creation and maintenance of the corporate security plan should remain with either the security or IT department. Many aspects of cybersecurity accountability naturally reside outside of the security and IT departments.
Please visit this site and explore how corporate accountability can be incorporated with cybersecurity planning.
http://processdeliverysystems.com/v2pds_nist/index.htm
Click here to download the presentation Accountability for Corporate Cybersecurity, Who Owns What?
http://processdeliverysystems.com/v2pds_nist/documents/PDS_Accountabiliy_NIST_Cybersecurity_Framework.pdf
Click here to download the Responsibility Assignment Matrix for the NIST Cybersecurity Framework.
http://processdeliverysystems.com/v2pds_nist/documents/PDS_NIST_Cybersecurity_Framework_RACI.pdf
We welcome your questions, insights, and comments.
Challenges of doing security in uncharted territory
The document discusses the challenges of security in industrial IoT (IIoT) systems, which operate in uncharted territory. It outlines several technical, business, legal, and acceptance challenges in securing IIoT architectures and protocols. These include choosing standards, managing keys and firmware updates, addressing privacy concerns, and the lack of joint security and development expertise. The document proposes starting with basics like simplifying systems, making security understandable, and following simple rules like "fail safe" and "fail secure" designs to build a more secure IIoT future.
Étude mondiale d'EY sur la cybersécurité (2018)
Organizations are increasing spending on cybersecurity but many still have vulnerabilities. While larger organizations are improving protection and increasing budgets, over 75% still lack sufficient cybersecurity. Common vulnerabilities include careless employees, outdated security controls, and unauthorized access. Few organizations have matured programs across threat intelligence, vulnerability management, breach detection and response. Most breaches go undetected, and many organizations only increase security after experiencing harm from a breach. Overall, while awareness and spending are rising, many organizations still have work to do to strengthen basic protections of their most critical assets and information.
Cybersecurity isaca
This document discusses cybersecurity trends in Europe. It outlines key drivers of improving cybersecurity like consumerization, regulatory pressures, and emerging threats. It describes the lifecycle of advanced persistent threats and differences between targeted attacks. European strategies on cybersecurity and the Network Information Security Directive are presented. The directive aims to enhance resilience to cyber threats and ensure network security across the EU. Requirements for competent authorities, cooperation between states, and risk management are discussed. Implementation in France and guidance from ISACA on applying the European framework are also summarized.
Reality of cybersecurity 11.4.2017
This document summarizes a presentation on cybersecurity realities by Jari Pirhonen, Security Director at Samlink. The presentation covers:
- An introduction of Pirhonen and his background in cybersecurity.
- Key topics in cybersecurity including digitalization trends, security objectives, the state of threats, and the importance of security governance.
- Challenges in the financial sector including legacy systems, critical infrastructure dependencies, and recent phishing and malware attacks on banks in Finland.
- Essential steps for organizations to improve security governance such as securing management support, assigning security responsibilities, identifying critical assets, training staff, and considering people, processes, technology, and suppliers.
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
This document is the final report of the CSRIC Working Group 2A, which focused on addressing cyber security best practices in the communications industry. It provides an executive summary of the group's work reviewing and updating best practices from previous efforts to address new technologies and threats. It identifies that the group developed 397 best practices across five verticals and four horizontals, with 41% being new and 41% being modified from previous work. It encourages service providers, network operators, and equipment suppliers to prioritize review and implementation of the recommended best practices.
Cyber security
Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access
New CISO - The First 90 Days
As a new CISO, you want to have an impact as quickly as possible - people will be watching and judging. But at the same time, you need to be practical about what's achievable in an organization that you're still getting to know. It's also important to consider the experience you bring to the role and how it applies - or doesn't - to your new job.
In this webinar, we'll discuss three fundamental differences you're likely to experience in your new job and offer recommendations on strategic activities you can focus on in your first 90 days. New CISOs will gain a framework for identifying these quick wins. Existing CISOs will get an opportunity to refresh and revitalize their security program.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Bill Campbell, IT Executive and Serial CISO
Are you a CIPP holder? (CIPP/US, CIPP/C, CIPP/E, CIPP/G and CIPP/IT) Attend this webinar for CPE credit.
Cyber Six: Managing Security in Internet
Holistic view to educate people on how to secure internet from information abused - this is a presentation that is specially designed for ESDM Ministry conference in Bali
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Slides from Cohesive Networks' COO Dwight Koop at the April 2015 meeting of the Chicago Electronic Crimes Task Force, sponsored by Cohesive Networks and the United States Secret Service.
On April 30, 2015 Dwight Koop presented “The Chicago School of Cybersecurity Thinking: A Pragmatic Mid-Western Look at Cybersecurity Risk and Regulation”
About the ECTF:
CECTF represents a diverse membership of over 600 public and private security professionals, academia representatives and law enforcement officials throughout Illinois, Wisconsin, and Northern Indiana. The United States Secret Service contributes to the CECTF by bringing together experts in an interactive environment. These professionals bring experience, knowledge, and resources to support electronic and financial crimes investigations, computer forensic examinations, and judicial testimony. Many members are investigators trained as responders to IT-related incidents, including network intrusion. The CECTF is dedicated to sharing knowledge of cutting-edge technologies, identifying cyber-based vulnerabilities, developing strategies to combat cyber and financial crimes, and the protection of our nation's critical financial infrastructure.
Cyber Security Strategies and Approaches
This document discusses cyber security strategies and approaches used by various governments and organizations. It outlines national strategies from the UK, US, Estonia, and Singapore, as well as approaches at the European Union level. Common themes across strategies include recognizing the interconnected nature of IT systems, moving from attack detection to prevention, and the need for joint public-private collaboration to develop regulations, share intelligence, and protect critical infrastructure and society.
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
The document discusses the evolving cyber threat landscape and increasing risks posed by cyber attacks. It notes that cyber attacks are now the third largest risk facing corporations. Several high profile cyber attacks on companies like Target, Anthem, JP Morgan Chase, and Sony are summarized to illustrate the rising scale and impact of such incidents. The document advocates for a strategic, institution-wide approach to cyber security involving leadership, risk management, security operations, and resilience to protect against modern cyber threats. Threat intelligence and collaboration are also highlighted as important for effective cyber security.
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Supply Chain Risk Management
- The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has in place the processes to identify, assess and manage supply chain risks. ID.SC-2: Identify, prioritize and assess suppliers and partners of critical information systems, components and services using a cyber supply chain risk assessment process.
Looking into the future of security
Smart Buildings, Deep Learning AI, Drones, Robotics, and IoT....What is next?
Martin Sheridan, CTO of Sheridan Solutions Consulting and his co-author, our COO Scott Taylor explore the challenges and opportunities that emerging technologies are driving across security industry.
cybersecurity strategy planning in the banking sector
Olivier Busolini discusses cybersecurity strategy planning in the banking sector. He outlines an approach that includes understanding business risks, assessing gaps, agile planning, implementation, and monitoring. Key aspects are controls hygiene and compliance using frameworks like NIST and ANSSI. A security program should focus on people, processes, infrastructure, applications, and data, and increase maturity over multiple years. Risks and tips from experience are also covered, like focusing on people, defining risk appetite, and ensuring budget supports ongoing work.
The State of Cyber
EY Principal and Cyber Threat Management Leader Anil Markose shows you best practices for cyber risk management and how to sense, resist, and react to cyber attacks on your company.
Why Executives Underinvest In Cybersecurity
Learn how to get around misguided thinking that leads to executive under investment in cyber security, and secure the resources you need. You'll learn how to:
- Work around CEO and CFO human biases
- Motivate decision makers to invest more in cyber infrastructure
- Replace your CEO’s mental model with new success metrics
- Compare your company’s performance with similar firms to overcome executive overconfidence
Watch the full video recording!
ITrust Company Overview EN
ITrust is a leading French cybersecurity company that provides expertise, products, and security operations center services. It has over 200 clients, 100% annual growth, and offices in Paris, Toulouse, New York, and Shanghai. ITrust's flagship product is the IKare vulnerability management tool, which can reduce vulnerabilities by 90% by identifying and helping to correct security flaws. The company is working on new behavioral analytics and AI solutions to better detect unknown cyber threats.
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
ISACA Kyiv Chapter presentation at TAIEX Workshop on Advancing Cyber Security Capacity in Critical Infrastructure
Cyber Security Landscape: Changes, Threats and Challenges
- Bloxx is a cyber security company that provides content filtering and protection solutions using patented Tru-View technology.
- The cyber security landscape has changed significantly, with security breaches increasing in both scale and cost while organizations decrease security spending. Insider threats and BYOD policies pose challenges.
- Adopting a comprehensive security approach including awareness training, robust policies, and the right tools is important given the "not if but when" reality of breaches. Moving operations to the cloud also requires careful planning and security measures.
- Bloxx offers solutions to help organizations securely enable flexibility and mobility through real-time filtering, encryption, authentication, and centralized management across hardware, virtual, and cloud deployments.
Cyber Secuirty Visualization
Case study on how to use Interactive Data Visualization and Predictive Modeling to find the needle in the haystack in SIEM Analytics and Cyber Security. We discuss how to create an analytical sandbox in front of your correlation systems, as well as intrusion, firewall, and virus scan / endpoint protection systems.
Our clients include Fortune 100 companies, governments and government agencies, two of the top SIEM vendors, and a variety of mid-sized companies.
The Importance of Risk Management
The document discusses the importance of risk management for ISO27001 certification. It summarizes the previous webinar on why organizations should pursue ISO27001 certification. The webinar covers key terms like assets, threats, vulnerabilities, risks, and risk assessment. It emphasizes that risk assessment is critical to inform security controls and ensure spending is properly balanced against business risks. The webinar promotes an upcoming series of webinars and resources on carrying out ISO27001 risk assessments.
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
According to cybersecurity experts, cyber risks are now the top concern globally. The top risks in 2023 include the lack of standardized cybersecurity practices, intensifying severity of data breaches, and increasing social engineering attacks. To mitigate these risks, organizations should implement a five-step strategy: 1) conduct user education and training, 2) perform vulnerability scanning, 3) conduct regular penetration testing, 4) ensure compliance with security standards, and 5) implement an internal security policy and train employees on following it. This will help organizations better manage growing cybersecurity threats and reduce risks of data breaches.
Cisco Yıllık Güvenlik Raporu 2015
The document summarizes key findings from the Cisco 2015 Annual Security Report. It discusses how exploit kit authors have adapted their techniques in response to law enforcement actions against previous dominant exploit kits. While no single exploit kit has achieved dominance, Angler and Sweet Orange have emerged as particularly sophisticated and dynamic kits. It also notes that exploit kit authors may now view maintaining a mid-level position as a sign of success to avoid detection, and outlines strategies used by Angler, Sweet Orange, and Goon kits to evade security defenses and remain effective over time.
More Related Content
What's hot
Étude mondiale d'EY sur la cybersécurité (2018)
Organizations are increasing spending on cybersecurity but many still have vulnerabilities. While larger organizations are improving protection and increasing budgets, over 75% still lack sufficient cybersecurity. Common vulnerabilities include careless employees, outdated security controls, and unauthorized access. Few organizations have matured programs across threat intelligence, vulnerability management, breach detection and response. Most breaches go undetected, and many organizations only increase security after experiencing harm from a breach. Overall, while awareness and spending are rising, many organizations still have work to do to strengthen basic protections of their most critical assets and information.
Cybersecurity isaca
This document discusses cybersecurity trends in Europe. It outlines key drivers of improving cybersecurity like consumerization, regulatory pressures, and emerging threats. It describes the lifecycle of advanced persistent threats and differences between targeted attacks. European strategies on cybersecurity and the Network Information Security Directive are presented. The directive aims to enhance resilience to cyber threats and ensure network security across the EU. Requirements for competent authorities, cooperation between states, and risk management are discussed. Implementation in France and guidance from ISACA on applying the European framework are also summarized.
Reality of cybersecurity 11.4.2017
This document summarizes a presentation on cybersecurity realities by Jari Pirhonen, Security Director at Samlink. The presentation covers:
- An introduction of Pirhonen and his background in cybersecurity.
- Key topics in cybersecurity including digitalization trends, security objectives, the state of threats, and the importance of security governance.
- Challenges in the financial sector including legacy systems, critical infrastructure dependencies, and recent phishing and malware attacks on banks in Finland.
- Essential steps for organizations to improve security governance such as securing management support, assigning security responsibilities, identifying critical assets, training staff, and considering people, processes, technology, and suppliers.
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
This document is the final report of the CSRIC Working Group 2A, which focused on addressing cyber security best practices in the communications industry. It provides an executive summary of the group's work reviewing and updating best practices from previous efforts to address new technologies and threats. It identifies that the group developed 397 best practices across five verticals and four horizontals, with 41% being new and 41% being modified from previous work. It encourages service providers, network operators, and equipment suppliers to prioritize review and implementation of the recommended best practices.
Cyber security
Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access
New CISO - The First 90 Days
As a new CISO, you want to have an impact as quickly as possible - people will be watching and judging. But at the same time, you need to be practical about what's achievable in an organization that you're still getting to know. It's also important to consider the experience you bring to the role and how it applies - or doesn't - to your new job.
In this webinar, we'll discuss three fundamental differences you're likely to experience in your new job and offer recommendations on strategic activities you can focus on in your first 90 days. New CISOs will gain a framework for identifying these quick wins. Existing CISOs will get an opportunity to refresh and revitalize their security program.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Bill Campbell, IT Executive and Serial CISO
Are you a CIPP holder? (CIPP/US, CIPP/C, CIPP/E, CIPP/G and CIPP/IT) Attend this webinar for CPE credit.
Cyber Six: Managing Security in Internet
Holistic view to educate people on how to secure internet from information abused - this is a presentation that is specially designed for ESDM Ministry conference in Bali
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Slides from Cohesive Networks' COO Dwight Koop at the April 2015 meeting of the Chicago Electronic Crimes Task Force, sponsored by Cohesive Networks and the United States Secret Service.
On April 30, 2015 Dwight Koop presented “The Chicago School of Cybersecurity Thinking: A Pragmatic Mid-Western Look at Cybersecurity Risk and Regulation”
About the ECTF:
CECTF represents a diverse membership of over 600 public and private security professionals, academia representatives and law enforcement officials throughout Illinois, Wisconsin, and Northern Indiana. The United States Secret Service contributes to the CECTF by bringing together experts in an interactive environment. These professionals bring experience, knowledge, and resources to support electronic and financial crimes investigations, computer forensic examinations, and judicial testimony. Many members are investigators trained as responders to IT-related incidents, including network intrusion. The CECTF is dedicated to sharing knowledge of cutting-edge technologies, identifying cyber-based vulnerabilities, developing strategies to combat cyber and financial crimes, and the protection of our nation's critical financial infrastructure.
Cyber Security Strategies and Approaches
This document discusses cyber security strategies and approaches used by various governments and organizations. It outlines national strategies from the UK, US, Estonia, and Singapore, as well as approaches at the European Union level. Common themes across strategies include recognizing the interconnected nature of IT systems, moving from attack detection to prevention, and the need for joint public-private collaboration to develop regulations, share intelligence, and protect critical infrastructure and society.
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
The document discusses the evolving cyber threat landscape and increasing risks posed by cyber attacks. It notes that cyber attacks are now the third largest risk facing corporations. Several high profile cyber attacks on companies like Target, Anthem, JP Morgan Chase, and Sony are summarized to illustrate the rising scale and impact of such incidents. The document advocates for a strategic, institution-wide approach to cyber security involving leadership, risk management, security operations, and resilience to protect against modern cyber threats. Threat intelligence and collaboration are also highlighted as important for effective cyber security.
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Supply Chain Risk Management
- The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has in place the processes to identify, assess and manage supply chain risks. ID.SC-2: Identify, prioritize and assess suppliers and partners of critical information systems, components and services using a cyber supply chain risk assessment process.
Looking into the future of security
Smart Buildings, Deep Learning AI, Drones, Robotics, and IoT....What is next?
Martin Sheridan, CTO of Sheridan Solutions Consulting and his co-author, our COO Scott Taylor explore the challenges and opportunities that emerging technologies are driving across security industry.
cybersecurity strategy planning in the banking sector
Olivier Busolini discusses cybersecurity strategy planning in the banking sector. He outlines an approach that includes understanding business risks, assessing gaps, agile planning, implementation, and monitoring. Key aspects are controls hygiene and compliance using frameworks like NIST and ANSSI. A security program should focus on people, processes, infrastructure, applications, and data, and increase maturity over multiple years. Risks and tips from experience are also covered, like focusing on people, defining risk appetite, and ensuring budget supports ongoing work.
The State of Cyber
EY Principal and Cyber Threat Management Leader Anil Markose shows you best practices for cyber risk management and how to sense, resist, and react to cyber attacks on your company.
Why Executives Underinvest In Cybersecurity
Learn how to get around misguided thinking that leads to executive under investment in cyber security, and secure the resources you need. You'll learn how to:
- Work around CEO and CFO human biases
- Motivate decision makers to invest more in cyber infrastructure
- Replace your CEO’s mental model with new success metrics
- Compare your company’s performance with similar firms to overcome executive overconfidence
Watch the full video recording!
ITrust Company Overview EN
ITrust is a leading French cybersecurity company that provides expertise, products, and security operations center services. It has over 200 clients, 100% annual growth, and offices in Paris, Toulouse, New York, and Shanghai. ITrust's flagship product is the IKare vulnerability management tool, which can reduce vulnerabilities by 90% by identifying and helping to correct security flaws. The company is working on new behavioral analytics and AI solutions to better detect unknown cyber threats.
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
ISACA Kyiv Chapter presentation at TAIEX Workshop on Advancing Cyber Security Capacity in Critical Infrastructure
Cyber Security Landscape: Changes, Threats and Challenges
- Bloxx is a cyber security company that provides content filtering and protection solutions using patented Tru-View technology.
- The cyber security landscape has changed significantly, with security breaches increasing in both scale and cost while organizations decrease security spending. Insider threats and BYOD policies pose challenges.
- Adopting a comprehensive security approach including awareness training, robust policies, and the right tools is important given the "not if but when" reality of breaches. Moving operations to the cloud also requires careful planning and security measures.
- Bloxx offers solutions to help organizations securely enable flexibility and mobility through real-time filtering, encryption, authentication, and centralized management across hardware, virtual, and cloud deployments.
Cyber Secuirty Visualization
Case study on how to use Interactive Data Visualization and Predictive Modeling to find the needle in the haystack in SIEM Analytics and Cyber Security. We discuss how to create an analytical sandbox in front of your correlation systems, as well as intrusion, firewall, and virus scan / endpoint protection systems.
Our clients include Fortune 100 companies, governments and government agencies, two of the top SIEM vendors, and a variety of mid-sized companies.
What's hot (19)
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk Management
cybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sector
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
Similar to SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
The Importance of Risk Management
The document discusses the importance of risk management for ISO27001 certification. It summarizes the previous webinar on why organizations should pursue ISO27001 certification. The webinar covers key terms like assets, threats, vulnerabilities, risks, and risk assessment. It emphasizes that risk assessment is critical to inform security controls and ensure spending is properly balanced against business risks. The webinar promotes an upcoming series of webinars and resources on carrying out ISO27001 risk assessments.
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
According to cybersecurity experts, cyber risks are now the top concern globally. The top risks in 2023 include the lack of standardized cybersecurity practices, intensifying severity of data breaches, and increasing social engineering attacks. To mitigate these risks, organizations should implement a five-step strategy: 1) conduct user education and training, 2) perform vulnerability scanning, 3) conduct regular penetration testing, 4) ensure compliance with security standards, and 5) implement an internal security policy and train employees on following it. This will help organizations better manage growing cybersecurity threats and reduce risks of data breaches.
Cisco Yıllık Güvenlik Raporu 2015
The document summarizes key findings from the Cisco 2015 Annual Security Report. It discusses how exploit kit authors have adapted their techniques in response to law enforcement actions against previous dominant exploit kits. While no single exploit kit has achieved dominance, Angler and Sweet Orange have emerged as particularly sophisticated and dynamic kits. It also notes that exploit kit authors may now view maintaining a mid-level position as a sign of success to avoid detection, and outlines strategies used by Angler, Sweet Orange, and Goon kits to evade security defenses and remain effective over time.
European Risk Management Seminar 2018 - Cyber Report
Not long ago, it seemed like we could be heading for cybergeddon; the forecasts about the threats from cyber space posed such a threat to the digital revolution. Today, as this report illustrates, we are finding a way to make cyber risk manageable, quantifiable and insurable.
The importance of information security risk management
Vigilant Software discusses the importance of ISO27001 and ISO27005, including the business benefits of information security risk assessments.
Effectiveness of Cyber Security Awareness.pdf
Chinatu Uzuegbu is a cyber security expert with over 20 years of experience in IT and 10 years specifically in cyber security. She discusses the importance of cyber security awareness and outlines some best practices. Effective cyber security awareness programs should be targeted to specific audiences, interactive, aligned with business objectives, and involve collaboration between cyber security professionals. Regular awareness training and reinforcement of knowledge is needed to help organizations and individuals protect against the growing threat of cyber attacks.
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
The webinar covers:
• An overview of Cybersecurity
• Explaining of Cybersecurity Relationship with other types of security
• Guidance for addressing common Cybersecurity issues.
• Convincing stakeholders to collaborate on resolving Cybersecurity issues.
Presenter:
This webinar was presented by PECB Partner and Trainer Mr. Fabrice DePaepe, who is Managing Director at Nitroxis Sprl and has more than 15 years of experience in IT and Information Security.
Link of the recorded session published on YouTube: https://youtu.be/fQUSQEoLsYc
Cyber Security Awareness Month 2017-Wrap-Up
Yayyy, we have come to the end of the Cyber Security Awareness Month 2017. It was an exciting and revealing time! Let the culture of Stop, Think and Connect stick. Please consult us for your Cyber Security Needs and Training
Maintaining and updating your risk assessment using vsRisk
The document discusses maintaining and updating risk assessments. It recaps previous webinars on information security and risk management. Regular risk assessment reviews are required by ISO 27001 to account for changes to the organization, technology, objectives and threats. The vsRisk software helps with automated and compliant reviews by storing past data, comparing reviews, and providing audit logs. It was demonstrated and allows easy maintenance of ISO 27001 documentation.
Using vsRisk to carry out a risk assessment
Vigilant Software discusses the importance of ISO27001 and ISO27005, including the business benefits of information security risk assessments.
Scot Secure 2019 Edinburgh (Day 1)
This document provides an overview of Europol and its role in combating cybercrime. Some key points:
- Europol supports cooperation between member states to prevent and combat serious crimes affecting two or more countries, including terrorism and cybercrimes.
- Europol's EC3 division focuses on areas like decryption, financial cybercrime, and working with partners in law enforcement, industry, and academia.
- Recent Europol operations highlighted include Avalanche against botnets, and actions against major ransomware like WannaCry and NotPetya.
- Emerging threats discussed include the convergence of criminal groups from script kiddies to nation states in cyber space, as well as challenges of
4 P's of Insurtech - Matteo Carbone
Presentation given by Matteo Carbone at the 2017 Global Insurance Symposium.
Showreel ICSA Technology Conference
The document summarizes an ICSA Technology Conference focused on cyber security that was held on Friday, November 4, 2017. The conference included chair remarks, discussions on building business confidence in cyber security, the evolving cyber threat landscape, ransomware and cyber extortion, and how to respond to a cyber security breach. Speakers addressed questions organizations have about current cyber risk levels and how to understand and address cyber threats through practical measures.
Cybrary's navigating a security wasteland
1. The document summarizes an interview with Malcolm Harkins, Chief Security and Trust Officer at Cylance, about preventing malware infections and how organizations struggle to keep up with prevention methods and identifying risks.
2. Harkins notes that organizations suffer from alert fatigue and are unable to keep up with the constant "whack-a-mole" of security issues. He suggests deploying lightweight prevention agents that can work both online and offline.
3. When asked about how customers struggle, Harkins says they need solutions to reduce risks, lower security costs, and decrease friction between security and business operations. Most organizations find it difficult to continuously manage all the new technologies, software, and third parties joining
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
In today's rapidly evolving digital landscape, cybersecurity has become a top priority for organizations across all industries, especially those operating in the information technology (IT) sector. With the ever-increasing threat of cyberattacks and data breaches, it is essential for IT industries and organizations striving for ISO 27001 compliance to adopt robust security measures to safeguard their sensitive data and protect against potential vulnerabilities. One such crucial security practice is Vulnerability Assessment and Penetration Testing (VAPT).
Vulnerability Assessment and Penetration Testing, commonly referred to as VAPT, is a proactive approach to identifying and addressing security vulnerabilities within IT systems, networks, and applications. It involves a comprehensive assessment of an organization's digital infrastructure to identify weaknesses that could be exploited by cybercriminals. VAPT consists of two main components:
Maintaining and updating your risk assessment using vsRisk
Vigilant Software discusses the importance of ISO27001 and ISO27005, including the business benefits of information security risk assessments.
Cyber crime liability report
This document is a report submitted to India Insure Risk Management and Insurance Broking Services Pvt. Ltd. by Sayali Sawant for her internship project analyzing the feasibility of a cyber crime and insurance policy. The report was completed under the guidance of Mr. Manish Parikh from April 1st to June 30th, 2015. It includes an acknowledgements section, table of contents, literature review on cyber crime risks, definitions of different types of cyber crimes, and an analysis of cyber crime insurance policies and how they can help organizations mitigate risks from cyber attacks.
Why ISO27001/ISO27005 for my organisation
Vigilant Software discusses the importance of ISO27001 and ISO27005, including the business benefits of information security risk assessments.
Cybersecurity Risk Management for Financial Institutions
The New York State Department of Financial Services has been closely monitoring this ever-growing threat and has proposed regulations that would require financial services companies to adopt a cybersecurity program to protect their customers, employees, data and operations. Its proposed changes are expected to take effect on March 1, 2017. Financial services companies would have until Feb. 15, 2018, to submit a certificate of compliance with the program. Components of New York's proposed cybersecurity program are outlined in this article.
Iso 27001 2005- by netpeckers consulting
This document introduces a presentation on the direct and indirect advantages of implementing ISO 27001:2005 for an organization. It provides background on ISO 27001, including that it was published in 2005 and replaced BS7799-2. It also describes what an Information Security Management System (ISMS) is and the risks and challenges of information security.
Similar to SFScon17 - Luca Moroni: "Outsourcing Cyber Risks" (20)
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
European Risk Management Seminar 2018 - Cyber Report
European Risk Management Seminar 2018 - Cyber Report
The importance of information security risk management
The importance of information security risk management
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
Maintaining and updating your risk assessment using vsRisk
Maintaining and updating your risk assessment using vsRisk
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
Maintaining and updating your risk assessment using vsRisk
Maintaining and updating your risk assessment using vsRisk
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
More from South Tyrol Free Software Conference
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...South Tyrol Free Software Conference
The complexity of agricultural droughts requires a consistent, reliable, and systematic method for monitoring and reporting. Amongst the various indices used to monitor this phenomenon, the soil moisture anomaly has been proven to be a more reliable predictor. However, the datasets required for computing this index are often large and computationally demanding. To address this challenge, we have developed SMODEX, a Python package that enables scalable, fast, and open-source standard-compliant computation and visualization of soil moisture anomalies.
SMODEX simplifies the computation and visualization of time-series for soil moisture and soil moisture anomalies from high-dimensional climate datasets. It allows for quick and easy parallelization of the computation on a daily, weekly, and monthly timescale. Additionally, SMODEX implements a straightforward workflow for automating the use of FAIR (Findable, Accessible, Interoperable, and Reusable) principles in producing and sharing outputs by leveraging the open source STAC API. The package is extendible and provides information on how to contribute to the project, test suites, test coverage, and a use case for the South Tyrol region, all provided in the package repository. In the future, additional agricultural drought indices and indicators would be included to serve to even larger community of researchers, policy makers, and individual users.SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...South Tyrol Free Software Conference
The Open Hardware PowerPC Notebook designed around GNU/Linux will be showed at NOI Techpark. We had presented here its motherboard design in 2018. We will updates regarding last developments for u-boot AMD video drivers, re-design of heat pipes, and CE test certification process. We will give future availability milestones of this notebook and details regarding the GNU/Linux distributions or other OS that could runs on it.SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data HubSouth Tyrol Free Software Conference
RMBtec proposes using the Open Data Hub as the real-time data backbone for a start-up creating an aircraft tracking application. The Open Data Hub offers data providers visibility, infrastructure to publish data, documentation, analytics and support. It describes how aircraft position data captured by sensors could be preprocessed and sent to the Open Data Hub via MQTT, then streamed in real-time and stored in a data mart via transformers. The Open Data Hub provides an alternative to cloud services and has capabilities that could support publishing and consuming aircraft tracking data.SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...South Tyrol Free Software Conference
The transition from Web 2.0 to Web 3.0 has fueled the need for a secure and decentralized cloud storage solution for digital assets. Web 2.0 was characterized by centralized platforms where user data was under the control of companies. In contrast, Web 3.0 aims to empower individuals and foster a decentralized web that supports and benefits the Free Software and Open Data Communities.
Blockchain technologies facilitate seamless collaboration and interoperability among diverse stakeholders in the Free Software and Open Data communities. Developers can establish open and transparent ecosystems where data can be shared, verified, and integrated across multiple platforms.
Beez, with its own blockchain infrastructure, offers a secure and transparent platform for digital asset exchanges, bolstering transaction integrity and trust. By distributing data across a network of nodes, Beez ensures security and mitigates the risk of single points of failure. Users retain control over their data, safeguard their privacy, and can take advantage of the incentive mechanisms offered by blockchain networks.
During our presentation, we will explore the role of AI within Beez's ecosystem, facilitating accelerated data processing, correlation, and intelligent automation. AI unlocks valuable insights from blockchain data, and we will touch upon the use of Inductive Logic Programming (ILP) to enhance programming performance.
The integration of Blockchain and AI technologies holds great potential for advancing the safety and efficiency of the Open Data ecosystem. By combining decentralized data storage, trust-building mechanisms, and intelligent data processing, Beez is paving the way for a more secure, transparent, and user-centric digital landscape.SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...South Tyrol Free Software Conference
We are becoming more and more dependent on the Internet for our work, education, communication, personal relations and entertainment. Our digital devices conquered an unprecedented level of importance in our life.
However, we are facing a loss of control over our smartphones, tablets and other devices for internet connection. It's time to resolve monopolies and re-establish democratic control over the technology we most depend upon.
This talk will present the challenges end-users are facing to get more control over their devices and how Free Software is key for a consumer re-empowerement.
The talk will present real-life examples of policy demands against gatekeepers on digital markets, such as the struggle for Router Freedom in the last years and how Device Neutrality can serve as an important instrument for pushing forward end-user-oriented digital policies.SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...South Tyrol Free Software Conference
MOSH and MOAH are the abbreviation of two groups of chemical compounds found in mineral oils. “MOSH” stands for Mineral Oil Saturated Hydrocarbons. MOAH stands for Mineral Oil Aromatic Hydrocarbons. Both of them are under European deeply evaluation because there are two food contaminants. According to the current state of scientific knowledge, there is no sufficient toxicological evidence to prove a health risk to humans from saturated mineral oil fractions (MOSH). Meanwhile, MOAH are suspected to be carcinogenic (especially PAH-like compounds with 3-7 ring systems), therefore their levels in food should be reduced according to the ALARA-principle (as low as reasonably achievable). Gruppo FOS with CNR ( MOSH and MOAH are the abbreviation of two groups of chemical compounds found in mineral oils. “MOSH” stands for Mineral Oil Saturated Hydrocarbons. MOAH stands for Mineral Oil Aromatic Hydrocarbons. Both of them are under European deeply evaluation because there are two food contaminants. According to the current state of scientific knowledge, there is no sufficient toxicological evidence to prove a health risk to humans from saturated mineral oil fractions (MOSH). Meanwhile, MOAH are suspected to be carcinogenic (especially PAH-like compounds with 3-7 ring systems), therefore their levels in food should be reduced according to the ALARA-principle (as low as reasonably achievable). Gruppo FOS with CNR (Consiglio Nazionale delle Ricerche), Santagata 1907 and Enginius are searching the system for finding and trace their presence in the virgin and extra virgin olive oils by using open fingerprints methods, open hardware and open source blockchain and AI technologies.SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelinesSouth Tyrol Free Software Conference
Up-to date measurements of surface meteorological variables are essential to monitor weather conditions, their spatio-temporal variability and the potential effects on a wide range of sectors and applications. Moreover, when included in continuous records of long historical observations spanning several decades, they become essential for assessing long-term climate variability and change locally and on a regional level.
Automated pipelines capable of retrieving and processing near-real time meteorological data satisfy the primary prerequisites towards the development and advancement of effective and operational climate services.
With a public and operational near real-time monitoring web platform in mind, we present automated pipelines to collect and process up-to-date daily temperature and precipitation records for Trentino South Tyrol (Italy) and surrounding areas, and to derive their spatially interpolated fields at sub-km scale. Our pipelines are composed by multiple steps including data download, sanity checks, reconstruction of missing daily records, integration into the historical archive, spatial interpolation and publication onto online FAIR catalogues as (openEO) “datacubes”. The different APIs, data formats and structure across the various data sources, and the need to merge the data onto harmonized meteorological layers, make this a typical case of the so-called Extract, Transform and Load (ETL) pipelines, and, in order to follow the principles of data reproducibility and Open Science, we embraced open-source automated workflow management through GitLab’s Continuous Integration / Continuous Development (CI/CD) capabilities.
CI/CD workflows greatly help the management of the relatively complex graphs of tasks required for our climate application, ensuring seamless orchestration with thorough flow monitoring, application logs, transactions rollbacks, and exception handling in general. Native pipeline-oriented software development also fosters a clean separation of roles among the tasks, and a more modular architecture. This effectively reduces barriers to collaborative development and paves the way for robust operational climate services for researchers and decision makers in the face of the changing climate.SFSCON23 - Christian Busse - Free Software and Open Science
The Open Science movement aims to increase the transparency, reproducibility and inclusiveness of academic research. One of its central goals is therefore to make research outputs broadly available, e.g., manuscripts (Open Access) or research data (Open Data). While software/code created in the course of scientific research is a key artifact of scientific research that is clear distinct from the latter two, it has until recently not received the same attention as manuscripts or data, although it follows its own set of paradigms.
In this talk I will present an overview on how the core concepts of Free Software and the FAIR (findable, accessible, interoperable, reuseable) Principles intersect, what this means for managing code as research output and recent initiatives on the European level that will provide support for these issues.
SFSCON23 - Charles H. Schulz - Why open digital infrastructure matters
SFSCON23 - Charles H. Schulz - Why open digital infrastructure mattersSouth Tyrol Free Software Conference
Software freedom can be defined in many ways but in legal terms it is squarely defined by a set of approved FSF and OSI software licenses. Yet everyone realizes that beyond these licenses the goal of software freedom and digital sovereignty cannot be achieved without the ability to master and create hardware components and systems - and beyond that, to rely on open digital infrastructure (servers, datacenters, and resources) . This talk will present the challenges around these topics and what we, collectively in Europe already do and can do to ensure our independence and our freedoms.SFSCON23 - Andrea Vianello - Achieving FAIRness with EDP-portal
This document discusses efforts to make environmental data from the Environmental Data Platform (EDP) more FAIR (Findable, Accessible, Interoperable, Reusable) compliant. It describes the components of EDP including data repositories, a metadata catalog, web portal, and tools. It outlines work done to improve metadata quality for humans and interoperability for machines through signposting. This includes adding DOIs, citations, and linked data/linkset JSON files. The document emphasizes that maintaining high quality metadata requires significant ongoing effort.
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...South Tyrol Free Software Conference
The document discusses how artificial intelligence (AI) and the Internet of Things (IoT) are revolutionizing mass customization. Traditional mass customization allows customers to customize products online through selection of options. AI enables more intuitive customization by learning customer preferences and offering dynamic, individual recommendations. IoT connects devices to customize the usage experience based on a person's context and needs. The integration of these technologies has the potential to transform mass customization by enabling mood-based and natural language processing for customization as well as products designed through AI with minimal user input.SFSCON23 - Stefan Mutschlechner - Smart Werke Meran
Since 2020 Stadtwerke Meran have realized 5 Use cases:
- Control of the control cabinets of public lighting.
- Optimizing the service on Waste Press container.
- Bike Boxes
- Just Nature Project , temperature measuring over Lorawan
- Smart Lighting , communication with single light points over Lorwan.
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...South Tyrol Free Software Conference
As open source software becomes the foundation to build digital products, to run the backbones of ICT infrastructure and to ensure digital sovereignty and cyber resilience, both the technology as well as the communities that develop it inevitably move into the focus of regulators. The European Union is advancing a number of policy initiatives that regulate liability, cyber security, data handling and AI applications in digital products, among others. This is a challenge for the still quite decentralised and globally operating open source community. How could the open source community participate in legislative processes, and what may be the potential impacts of the upcoming regulation on the open source development process and community dynamics?SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free softwareSouth Tyrol Free Software Conference
The public transport in South Tyrol is going through a huge transformation: new investments, many new green vehicles and a brand new software. Transition will take time and how do we develop a fleet monitoring system to use during the transition without spending a fortune ? maybe with free software!SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...South Tyrol Free Software Conference
AICS is the Italian Agency for Development Cooperation that started operating in 2016 with the ambition of aligning Italy with the main European and international partners in the commitment to development. KNOWAGE Labs are developing for AICS a platform that is probably unique in the world and will allow both the Agency and the public to access all the major indicators on the UN Sustainable Development Goals provided by international sources (World Bank, WTO, ILO..) and easily compare them. The solution will allow analysis to start from 3 different touch points: the infographic of SDG goals, the advanced search criteria, and the virtual assistant. Then, a customized dashboard will be provided to the user, allowing to further expand the analysis by interacting with charts, maps, tables, etc. This talk will show the state of art of the solution, highlighting objectives and expected results of the project, but also the new developments of KNOWAGE related to AI.SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changerSouth Tyrol Free Software Conference
Interoperability is a core element of the ongoing digitalisation of Europe. With the Interoperable Europe Act, the EU is aiming to create a dedicated legal framework for interoperability and to enhance cross-border digital public services across the European Union. This talk will give an overview of the state of play of this proposed regulation in the ongoing EU legislative process, some of its flaws, and the important role that Free Software and its community can play in it.SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...South Tyrol Free Software Conference
How to sharpen the demand for public code across Europe and monitor progress with TEDective
For six years, the Free Software Foundation Europe has been calling with a broad alliance for publicly funded software to be published as Free Software. This initiative has become a great success: Our demand "Public Money? Public Code!" has found its way into government strategy papers, party programs, as well as coalition treaties, and is being discussed in public administrations across Europe.
At the same time, we see less progress than expected and vendor lock ins remain a crucial issue. Digital sovereignty is redefined bypassing Free Software. There is openwashing in publicly funded companies, and government projects in favour of Free Software remain empty words. Public statistics on the procurement of Free Software are largely unavailable.
It is therefore no longer enough to promote the idea of "Public Money? Public Code!". We as the Free Software community should be even more vigilant than before – continuing to praise small steps in the right direction, but pointing out and criticising omissions and lack of implementation. We should become more like watchdogs.
In the talk we will look at some examples of lack of implementation of Free Software policies. We will discuss how we, as civil society, can identify such shortcomings and how to deal with them. We will present our initiative TEDective – a free-software solution that makes European public procurement data explorable for non-experts, aiming to provide you with a powerful tool to keep an eye on real progress towards "Public Money? Public Code!" across Europe.SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation InternetSouth Tyrol Free Software Conference
The Internet today forms the backbone of the digitisation of our society and economy. As connectivity increases, the boundaries between the real and digital world get increasingly blurred. However, there has been an erosion of trust in the Internet following revelations about the exploitation of personal data, large-scale cybersecurity and data breaches, and growing awareness of the proliferation and impacts of online disinformation.
What can be done to improve the Internet as a platform for future generations? What initiatives are currently in place to build key technological blocks of an Internet that supports human-centric values, such as privacy, security, and inclusion, while reflecting the values and norms all citizens should enjoy in Europe?
This talk will explore why the current state of the internet must be re-imagined and re-engineered in order to support healthy societies, the existing European Commission initiative to work towards doing so, and the role of Free Software in accomplishing these goals.SFSCON23 - Edoardo Scepi - The Brand-New Version of IGis Maps
2023 saw the launch, after a long and well-structured revision and development process, all based on a fruitful collaboration between several departments of the Autonomous Province of Bolzano, most of the township in South Tyrol, Informatica Alto Adige (SIAG - Technical partner) and the Consortium of Municipalities of the Province of Bolzano, of the new version of the integrated geographic data management system IGis Maps. In use for years in South Tyrol, has in the Consortium one of its most enthusiastic contributors and supporters.
The very first version was released about eight years ago and its implementation was based on the idea of creating a multi-purpose GIS management system that could support different types of users, that was highly customizable, and, above all, that could be widely shared among the various management entities, both public and private, present within our territory.
After years of use and ad-hoc developments, we can finally present the new version of the IGis Maps system, which incorporates all the technical and technological improvements we realized the system needed.
It was not just a major update together with new functionalities combined inside the previous software structure, but a true re-engineering that led, among other things, to a new and more efficient user interface, a major advancement regarding the internal security, an optimization and improvement of the entire editing section as well as an optimization of the section regarding the automatic geo-processes.
A mobile version is currently under development to better support any field activities, for which a very powerful option will be included, the possibility of creating special work sessions in off-line mode so as to be able to operate even in areas without a proper cellular line network coverage.
Other very important peculiarities concern that the system is developed using a totally free software code and infrastructure, that a detailed documentation has been produced to ensure sustainability to any further future evolution, even in case of technical partner turnover, and finally, that by taking advantage of the high standards and levels of security access can be guaranteed to any type of user. From professional users, through dedicated access and qualifications or, using the ordinary SPID, to the private citizen.
We will show examples of how different types of users and stakeholders now permanently use the system for the management of a variety of tasks related to their activities, and how it was possible to customize IGis Maps to create visualization and data management contexts that best meet their needs.
We will also present a related project concerning the updating and the correction of the new technical basal cartography, built upon the new Basic Core specification, achieved through the automatic conversion implemented by the SIAG team starting from the previous National Core cartography. With the new IGis Maps it was possible to create an a
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...South Tyrol Free Software Conference
KNOWAGE is the open source analytics and business intelligence suite made in Italy. KNOWAGE aims to provide company and organizations with analytical capabilities to exploit data to increase their efficiency and sustainability. Also thanks to the open source community support, the suite is constantly evolving combining the reliability of the most popular business intelligence solutions with the security and the transparency guaranteed by open source.
This talk will show the last year advancements and new features towards a more mobile, accessible and user-friendly product, focusing on the newly rewritten dashboarding tool.More from South Tyrol Free Software Conference (20)
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines
SFSCON23 - Christian Busse - Free Software and Open Science
SFSCON23 - Christian Busse - Free Software and Open Science
SFSCON23 - Charles H. Schulz - Why open digital infrastructure matters
SFSCON23 - Charles H. Schulz - Why open digital infrastructure matters
SFSCON23 - Andrea Vianello - Achieving FAIRness with EDP-portal
SFSCON23 - Andrea Vianello - Achieving FAIRness with EDP-portal
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...
SFSCON23 - Stefan Mutschlechner - Smart Werke Meran
SFSCON23 - Stefan Mutschlechner - Smart Werke Meran
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet
SFSCON23 - Edoardo Scepi - The Brand-New Version of IGis Maps
SFSCON23 - Edoardo Scepi - The Brand-New Version of IGis Maps
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...
Recently uploaded
Generating privacy-protected synthetic data using Secludy and Milvus
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Finale of the Year: Apply for Next One!
Presentation for the event called "Finale of the Year: Apply for Next One!" organized by GDSC PJATK
Artificial Intelligence for XMLDevelopment
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
A Comprehensive Guide to DeFi Development Services in 2024
DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum.
In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance.
In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape.
At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology.
Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!
Fueling AI with Great Data with Airbyte Webinar
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Choosing The Best AWS Service For Your Website + API.pptx
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays, June 2024 with Maria Copot 20
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
AWS Cloud Cost Optimization Presentation.pptx
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
Main news related to the CCS TSI 2023 (2023/1695)
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Azure API Management to expose backend services securely
How to use Azure API Management to expose backend service securely
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on automated letter generation for Bonterra Impact Management using Google Workspace or Microsoft 365.
Interested in deploying letter generation automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Recently uploaded (20)
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Azure API Management to expose backend services securely
Azure API Management to expose backend services securely
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
- 1. Outsourcing Cyber Risks Luca Moroni – Via Virtuosa SFSCON 2017 - Bozen – 10/11/2017
- 2. ISACA VENICE research team coordinator ✔ Research n.1: Vulnerability and Penetration Test. User’s guidelines about third party penetration test. ✔ Research n.5: Cyber Security Awareness of N/E Italian Critical Infrastructures: Scenarios and Guidelines for self-assessment Member of ISACA VENICE Chapter Translation team ✔Securing Mobile Devices – ITA Research team coordinator Cybersecurity Risk Insurance Graduation in Computer Science (1989. Milan), CISA, ISO 27001 and ITIL V3 certified and other tech certifications Focused on Cybersecurity since 2000, coach and lecturer in some seminars about this topic Founder of the innovative company Via Virtuosa, which focuses on scouting and promotion of expertises in Cybersecurity and IT governance in NE of Italy. Luca Moroni Who am I
- 3. Cyber Incident = Loss of Money
- 4. Cyber Risk Allianz Risk Barometer 2016 Cyber Risk 45%
- 5. Cyber Risk Zone Level The Global Risks Report 2016 11th Edition by the World Economic Forum
- 6. Our Research Cyber Insurance for Dummies VS I know about new dangerous problems! I Have a full portfolio of new products! MORE INTERESTED IN CYBERSECURITY MORE INTERESTED IN COUNTER RESIDUAL RISK Insurer CIO
- 7. • Understand CxO awareness of cyber insurance • Scenario analysis of cyber exposure • For what is a Cyber Insurance useful • Understand Italian market of cyber insurance • CxO business cases • Common protocol with Cyber Insurer • Suggest rules for Cyber Insurance requests How Outsourcing Cyber Risks … CxO must having a Risk Management Approach…
- 8. Cyber Risk Exposure in NE of Italy Sample of 70 Companies ranked using “Determining Your Organization’s Information Risk Assessment and Management” – ENISA Methodology – Via Virtuosa Research Data COPYRIGHT protected Impact Probabilityof occurrence avoid the risk 30%
- 9. Did you ever asked, if existing policies are covering/excluding cyber risks? White Paper 2016 Via Virtuosa Srls COPYRIGHT protected Cybersecurity Risk Insurance Survey on 63 companies
- 10. [] [] [] [] [] [] [] [] [] [] [] [] Who is asking you to provide Cybersecurity? White Paper 2016 Via Virtuosa Srls COPYRIGHT protected Cybersecurity Risk Insurance Survey on 63 companies
- 11. Have you registered cyber incidents involving your organization in the last five years? White Paper 2016 Via Virtuosa Srls COPYRIGHT protected Cybersecurity Risk Insurance Survey on 63 companies
- 12. Adopting standards and measures Check Controls 27002:2013 About 90% of vulnerabilities highlighted in a Gap Analysis 27001 are not residual risk
- 13. Security is not an investment that provides profit but loss prevention • First step is understand the situation • Define a protocols for measure, mitigate and manage cyber risk • About 10% of vulnerabilities highlighted in a Cyber Security Gap Analysis are residual risk • Some critical sectors (eg. Banks) are mature for Cyber Insurance • Also SMB needs to have a financial parachute • Manage Cybersecurity Life cycle reduces residual risk Conclusions
- 14. Questions?
- 15. Thanks! l.moroni@viavirtuosa.it To Download: https://www.viavirtuosa.com/whitepaper/ English Abstract http://securityaffairs.co/wordpress/57664/security/cyber-risk-cyber-insurance.html