The document summarizes some of the computer security research activities at University College Cork. It discusses three areas: user-centered security, business-centered security, and federated security. For each area, it provides examples of research projects that aim to advance foundational security results by considering practical applications. It also discusses related teaching activities.
Management of the IT infrastructure begins at its Foundation. Better Understand how that is defined, implemented and leveraged beyond traditional IT management solutions but in an accreative way.
To ensure security, it is important to build-in security in both the planning and the design phases and adapt a security architecture which makes sure that regular and security related tasks, are deployed correctly. Security requirements must be linked to the business goals. We identified four domains that affect security at an organization namely, organization governance, organizational culture, the architecture of the systems, and service management. In order to identify and explore the strength and weaknesses of particular organization’s security, a wide range model has been developed. This model is proposed as an information security maturity model (ISMM) and it is intended as a tool to evaluate the ability of organizations to meet the objectives of security.
Biznesa infrastruktūras un datu drošības juridiskie aspektiebuc
Biznesa infrastruktūras un datu drošības juridiskie aspekti. Carlos Trigoso, EY Eiropas, Vidējo Austrumu, Indijas un Āfrikas reģiona vadības konsultāciju centra Informācijas drošības virziena vecākais projektu vadītājs.
Management of the IT infrastructure begins at its Foundation. Better Understand how that is defined, implemented and leveraged beyond traditional IT management solutions but in an accreative way.
To ensure security, it is important to build-in security in both the planning and the design phases and adapt a security architecture which makes sure that regular and security related tasks, are deployed correctly. Security requirements must be linked to the business goals. We identified four domains that affect security at an organization namely, organization governance, organizational culture, the architecture of the systems, and service management. In order to identify and explore the strength and weaknesses of particular organization’s security, a wide range model has been developed. This model is proposed as an information security maturity model (ISMM) and it is intended as a tool to evaluate the ability of organizations to meet the objectives of security.
Biznesa infrastruktūras un datu drošības juridiskie aspektiebuc
Biznesa infrastruktūras un datu drošības juridiskie aspekti. Carlos Trigoso, EY Eiropas, Vidējo Austrumu, Indijas un Āfrikas reģiona vadības konsultāciju centra Informācijas drošības virziena vecākais projektu vadītājs.
Information Security - Back to Basics - Own Your VulnerabilitiesJack Nichelson
When a security program isn't as good as it should be it can be tempting to conclude that it needs more resources and solutions. Jack Nichelson decided to take a different approach: simplification. By focusing on fewer problems with bigger returns, he was able to reduce malware by 60 percent and improve the results of his annual pen report. He’ll share a back-to-the-basics case study for removing complexity and running a simple, effective, start-up worthy security program.
This Talk is for - Security Managers looking to better focus on the real vulnerabilities and more effectively communicate your progress
The Goals of this talk – Find the real problems, create a formal plan, build support for the plan, and report the progress
Information Security is becoming a focus for the entire enterprise, not just IT. This need to align both business and technology is forcing IT to move Information Security from afterthought to forethought. Architects now ponder how Information Security can be integrated into the broader topic of Enterprise Architecture. This session shows how to make the integration happen. You will learn how to integrate assets and define trusts and threat models as a part of your overall EA plan. You will also understand how Information Security is traced all the way from business architecture to the technology implementation. Participants will understand the components of an Integrated EA and Information Security framework and ensuring the traceability between business goals and IT security solutions delivered from the framework.
Key Issues:
-Understand the need to think early about Information Security
-Learn to incorporate Information Security into your EA blueprint and roadmap
-Integrate Informatoin Security Goals, objectives and capabilities with your EA view of strategy
-Integrate security policies, services and mechanisms with your EA view of solutions
-Integrate security mechanisms, standards, and guidelines into your implementations
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
Building secure apps and systems requires upfront and close coordination among many groups.
In this slidecast, George Hulme discusses how enterprise architects can drive that coordination and effect the required change that depends on it.
Navigating the complex Risk Management Framework (RMF) requirements can be daunting. Learn best practices and gain a better understanding of NIST's RMF.
Session 2 (two) of the course Information Technology Security and Business Continuity . Objective if information security, attacking method, responsibilities, risk management and Security System Development Life Cycle are discussed
Presented at Bangladesh Institute of Management on 21 November 2015.
RMF Training, Risk Management Framework ImplementationBryan Len
RMF Training, Risk Management Framework Implementation
RMF Training, Risk Management Framework Implementation Course Description.
RMF Training, Risk Management Framework Implementation training gives you a grouped approach and well ordered strategy to actualize the RMF standard into your data framework. RMF can be connected through unique distribution of National Institute of Standards and Technology (NIST), NIST 800-37 to government data frameworks.
Risk management framework has been produced by the Joint Task Force Transformation Initiative Work Group which changes the conventional Certification and Accreditation (C&A) process into six stages Risk Management Framework (RMF).
TONEX as a pioneer in security industry for over 15 years is currently declaring the Risk Management Framework (RMF) Implementation training which encourages you to comprehend security controls in consistence with laws, directions and strategies and execute the risk management framework to data frameworks in government offices and associations.
Risk Management Framework (RMF) Implementation training by TONEX gives you a well ordered strategy and rule keeping in mind the end goal to actualize the RMF into your association in view of as of late refreshed norms. In addition, class dialogs and hands on encounters will be given to you for each period of RMF implementation.
RMF Training course covers assortment of themes in RMF Implementation region, for example, Introduction to Risk Management Framework (RMF), directions and laws to execute RMF, System Development Life Cycle (SDCL), vital strides to actualize RMF, arranging the data framework (RMF Phase 1), choosing security controls (RMF stage 2), executing security control (RMF stage 3), surveying security control (RMF stage 4), approving the data framework (RMF stage 5), observing security control (RMF stage 6), RMF curios and RMF extension for DoD and Intelligence Community (IC).
Visit Tonex for more information
https://www.tonex.com/training-courses/rmf-training-risk-management-framework-implementation/
Information Security - Back to Basics - Own Your VulnerabilitiesJack Nichelson
When a security program isn't as good as it should be it can be tempting to conclude that it needs more resources and solutions. Jack Nichelson decided to take a different approach: simplification. By focusing on fewer problems with bigger returns, he was able to reduce malware by 60 percent and improve the results of his annual pen report. He’ll share a back-to-the-basics case study for removing complexity and running a simple, effective, start-up worthy security program.
This Talk is for - Security Managers looking to better focus on the real vulnerabilities and more effectively communicate your progress
The Goals of this talk – Find the real problems, create a formal plan, build support for the plan, and report the progress
Information Security is becoming a focus for the entire enterprise, not just IT. This need to align both business and technology is forcing IT to move Information Security from afterthought to forethought. Architects now ponder how Information Security can be integrated into the broader topic of Enterprise Architecture. This session shows how to make the integration happen. You will learn how to integrate assets and define trusts and threat models as a part of your overall EA plan. You will also understand how Information Security is traced all the way from business architecture to the technology implementation. Participants will understand the components of an Integrated EA and Information Security framework and ensuring the traceability between business goals and IT security solutions delivered from the framework.
Key Issues:
-Understand the need to think early about Information Security
-Learn to incorporate Information Security into your EA blueprint and roadmap
-Integrate Informatoin Security Goals, objectives and capabilities with your EA view of strategy
-Integrate security policies, services and mechanisms with your EA view of solutions
-Integrate security mechanisms, standards, and guidelines into your implementations
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
Building secure apps and systems requires upfront and close coordination among many groups.
In this slidecast, George Hulme discusses how enterprise architects can drive that coordination and effect the required change that depends on it.
Navigating the complex Risk Management Framework (RMF) requirements can be daunting. Learn best practices and gain a better understanding of NIST's RMF.
Session 2 (two) of the course Information Technology Security and Business Continuity . Objective if information security, attacking method, responsibilities, risk management and Security System Development Life Cycle are discussed
Presented at Bangladesh Institute of Management on 21 November 2015.
RMF Training, Risk Management Framework ImplementationBryan Len
RMF Training, Risk Management Framework Implementation
RMF Training, Risk Management Framework Implementation Course Description.
RMF Training, Risk Management Framework Implementation training gives you a grouped approach and well ordered strategy to actualize the RMF standard into your data framework. RMF can be connected through unique distribution of National Institute of Standards and Technology (NIST), NIST 800-37 to government data frameworks.
Risk management framework has been produced by the Joint Task Force Transformation Initiative Work Group which changes the conventional Certification and Accreditation (C&A) process into six stages Risk Management Framework (RMF).
TONEX as a pioneer in security industry for over 15 years is currently declaring the Risk Management Framework (RMF) Implementation training which encourages you to comprehend security controls in consistence with laws, directions and strategies and execute the risk management framework to data frameworks in government offices and associations.
Risk Management Framework (RMF) Implementation training by TONEX gives you a well ordered strategy and rule keeping in mind the end goal to actualize the RMF into your association in view of as of late refreshed norms. In addition, class dialogs and hands on encounters will be given to you for each period of RMF implementation.
RMF Training course covers assortment of themes in RMF Implementation region, for example, Introduction to Risk Management Framework (RMF), directions and laws to execute RMF, System Development Life Cycle (SDCL), vital strides to actualize RMF, arranging the data framework (RMF Phase 1), choosing security controls (RMF stage 2), executing security control (RMF stage 3), surveying security control (RMF stage 4), approving the data framework (RMF stage 5), observing security control (RMF stage 6), RMF curios and RMF extension for DoD and Intelligence Community (IC).
Visit Tonex for more information
https://www.tonex.com/training-courses/rmf-training-risk-management-framework-implementation/
This whitepaper discusses some common challenges and myths about data security when outsourcing engineering and looks at some industry best practices to address these concerns.
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
We are witnessing an onslaught of attacks coming in from highly organized cybercriminals. It is so bad, in fact, that the situation was recently described by U.S. Secretary of State, John Kerry as, “…pretty much the wild west…”.
By United Security Providers
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
For decades, security has essentially remained reactive – looking for the known bad or mitigating the threats after the damage is done. Remember, the attackers are getting smarter every day. So, what can you do?
This paper will give you an idea on why data center micro-segmentation using internal firewalls may not be the best way forward, and why a software-defined approach wins.
ColorTokens platform-agnostic software-defined security enables enterprises to efficiently secure their dynamic application environments in minutes.
For more info, visit www.colortokens.com. Live Demo - http://bit.ly/CTLiveDemo
Information Security between Best Practices and ISO StandardsPECB
Main points covered:
• Information Security best practices (ESA, COBIT, ITIL, Resilia)
• NIST security publications (NIST 800-53)
• ISO standards for information security (ISO 20000 and ISO 27000 series)
- Information Security Management in ISO 20000
- ISO 27001, ISO 27002 and ISO 27005
• What is best for me: Information Security Best Practices or ISO standards?
Presenter:
This webinar was presented by Mohamed Gohar. Mr.Gohar has more than 10 years of experience in ISM/ITSM Training and Consultation. He is one of the expert reviewers of CISA RM 26th edition (2016), ISM Senior Trainer/Consultant at EGYBYTE.
Link of the recorded session published on YouTube: https://youtu.be/eKYR2BG_MYU
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Key Trends Shaping the Future of Infrastructure.pdf
Simon Foley
1. Academic Perspective
Some Security Activities at University College Cork
Simon Foley
Department of Computer Science,
University College Cork, Ireland
www.cs.ucc.ie/~s.foley
2. Overview of Computer Security Activities
User Centered
Security
Advance foundational results in security by
Business Centered considering the application of security in practice.
Security
Federated Security
Research
¢ Security policy models and mechanisms
¢ Federated and distributed systems security
¢ Security risk management and governance
Teaching
¢ Computer security (undergraduate)
¢ Network security & Mobile systems security (postgraduate)
¢ Final year BSc and taught MSc projects in Security.
2 / 15
4. Security Policy Requirements Elicitation
User Centered
Security
Policy elicitation often driven by technical concerns.
Business Centered
Security
¢ Technical policies designed by technical people.
Federated Security
¢ Based on the system artifacts with which users interact:
groups, roles, transactions, etc.
Should consider needs of individuals and their relationships.
¢ Balance individuals’ requirements [eg, Multilateral Security].
¢ Include human issues.
How can we address this?
4 / 15
5.
6. Trust Management Policy Elicitation
User Centered
Security
Use qualitative analysis methods from social sciences to elicit trust
Business Centered management policy for photograph sharing.
Security
Federated Security ¢ Explore user-experience through semi-structured interviews.
¢ Qualitative analysis elicits policy requirements.
¢ Model the result in a Bayesian Network.
User requirements more complex
than basic access controls.
[S.N. Foley, V.M. Rooney. Qualitative Analysis for Trust Management. International Security Protocols Workshop,
Cambridge, 2009. Springer LNCS.]
6 / 15
8. Managing Security
User Centered
Security
Siloed security driven by technical concerns.
Business Centered
Security
¢ Technical mechanisms designed by technical people.
Federated Security
¢ Based on the system artifacts: groups, roles, transactions, etc.
Should align security with business strategy.
¢ Secure critical business processes, not just technologies
¢ Security threats are inevitable, need to manage the risk.
8 / 15
9.
10. Security Risk Management
User Centered
Security Use Enterprise Risk Management (ERM) to manage (operational)
Business Centered risks related to security:
Security
Federated Security
¢ security mechanisms as controls that mitigate known risks in
meeting objectives of business process,
¢ tests that audit efficacy of risk mitigation.
Security as an ongoing process:
¢ measure, prioritize, mitigate,
¢ security risk metrics and aggregation.
[S.N. Foley. Security Risk Management using Internal Controls, Proceedings of ACM Workshop on Information
Security Governance (held at ACM-CCS), 2009;
S.N. Foley, H.B. Moss. A Risk-Metric Framework for Enterprise Risk Management, IBM Journal of Research and
Development, to appear 2010.]
10 / 15
11. Risk Management of Network Access Controls
User Centered
Security
Security controls should be compliant with best practice.
Business Centered
Security ¢ 1.2.1.a Verify that inbound and outbound traffic is limited to
Federated Security that which is necessary for the cardholder data. [PCI-DSS]
Semantic configuration models facilitate automated reasoning:
¢ Analysis of n-tier network for shadowing, redundancy, etc.
¢ Encode catalogues of best practice [PCI-DSS, NIST-800-41,
NIST-800-44, RFC-3330, RFC-1918].
¢ Autonomic configuration based on catalogue search.
[W.M. Fitzgerald, S.N. Foley, M O’Foghlu. Network Access Control Interoperation using Semantic Web Techniques, In
Proceedings of 6th International Workshop on Security in Information Systems, (WOSIS 2008), June 2008;
S.N. Foley and W.M. Fitzgerald. An Approach to Autonomic Security Policy Configuration using Semantic Threat
Graphs. IFIP WG 11.3 Working Conference on Data and Applications Security 2009. Springer LNCS 5645.]
11 / 15
13. Security Policy
User Centered
Security
Centralized policy, closed system.
Business Centered
Security ¢ Centralized authority, controlled by administrator.
Federated Security
¢ Principle of no privilege.
¢ Opportunity to subvert administrator usually small.
Decentralized policy, open system.
¢ Decentralized authority across multiple stakeholders.
¢ Principle of flexible privilege
¢ Opportunity to subvert stakeholder intentions?
13 / 15
14.
15. Secure Coalitions
User Centered
Security Federation as coalition of principals/federations.
Business Centered
Security ¢ coalition policy govern actions,
Federated Security
¢ coalition formation governed by participants,
¢ policy decentralized/distributed across PKI,
¢ principal of governed flexible privilege.
In the absence of a centralized authority,
the actions of a malicious principal/coalition
should not be able to circumvent policy.
[ S.N. Foley and H. Zhou, Authorisation Subterfuge by Delegation in Decentralised Networks In Proceedings of
International Security Protocols Workshop, Cambridge UK 2005. Springer Verlag LNCS;
H. Zhou and S.N. Foley, A Framework for Establishing Decentralized Secure Coalitions. IEEE Computer Security
Foundations, 2006.]
15 / 15