The document discusses STKI's cyber governance initiative. It outlines challenges organizations face with cybersecurity and compliance, including executives not fully comprehending cyber risks. The initiative aims to strike a balance between business needs and cybersecurity/compliance requirements. It provides recommendations for organizations to improve cyber governance, such as demonstrating CEO and board responsibilities, allocating proper budgets, and following guidelines from Israel's National Cyber Directorate. The initiative also addresses preparing for future regulations and the impacts of standards like GDPR.
Le white paper de l'Ilnas sur la blockchain et les DLTPaperjam_redaction
e White Paper, développé dans le cadre de la stratégie normative luxembourgeoise, vise à favoriser une meilleure compréhension du domaine blockchains et DLT, tant au niveau technologique qu’en termes de potentiel économique, mais également via une vue d’ensemble des travaux récemment initiés au niveau international pour la normalisation technique en relation. La mise en place de normes techniques offre, en effet, un support non négligeable pour les futurs développements de ces technologies, notamment en termes d’interopérabilité, de sécurité, de respect de la vie privée ou encore en matière de gouvernance.
Data driven economy: l’impatto sulle infrastrutture IT e la data governance a...IDC Italy
Abstract della presentazione di Giancarlo Vercellino, Research & Consulting Manager di IDC Italia, tenuta nel corso dell'evento Building the Scalable Data Foundation for Digital Transformation svoltosi a Milano il 16 novembre 2016
2020 Tehnology Mega Trends - Nov. 2019 I Nouamane CherkaouiNouamane Cherkaoui
The 4th industrial revolution is certainly technological. Here are the 10 most striking trends that we will have to prepare for in 2020, CIOs and Business Lines.
Gartner and Forrester are aligned with these trends. But let's not forget the human factor, the relationship, the interest of the client and the support of our employees. We could also add the 5G network, autonomous driving or predictive medicine, but I will come back in detail on these technologies later this year.
FinTech Apps are designed to transform conventional banking and financial services infrastructure. We're a renowed finance and banking application development company that have helped dozens of banking and financial institutions go online. With FinTech in place, customers are able to access financial services via their mobile devices. There is also a new line of financial services that is possible via FinTech Apps.
Visit Our Site for more Information- https://www.nimbleappgenie.com/fintech-app-development
Privacy continues to increase in importance for organizations around the world and
those they serve. Data privacy remains mission critical and an attractive investment
for organizations as reflected in its integration into business priorities and processes,
economic value, and visibility to senior management and the Board of Directors. Yet,
organizations’ priorities regarding the use of personal data are not fully aligned to
those of consumers, especially when it comes to using Artificial Intelligence (AI) and
automation to make decisions that affect the individual. This report, our sixth annual
review of key privacy challenges for organizations, examines privacy’s impact on
organizations around the world.
What trends will 2018 bring for Business Continuity Professionals?PECB
Many business continuity practitioners are perceiving a higher level of risk than ever before in their careers. Unfortunately, these risks are more often resulting in real incidents which require emergency response and continuity of operations. Being prepared may be the most important thing an organization can do in 2018. But what should we prepare for, and how should we prepare for it? This discussion will walk through some of the emerging threats concepts, tools, and techniques that business continuity professionals can expect to see more of in 2018.
Main points covered:
- What should we prepare for in 2018?
- How should we prepare?
- The emerging threats, concepts, tools, and techniques expected in 2018
- Emerging threats creating new risks
Presenter:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Organizer: Nevila Muka
Date: January 17, 2018
Link to the recorded webinar:
The explosive growth of data and the value it creates calls on data professionals to level up their programs to build, demonstrate, and maintain trust. The days of fine print, pre-ticked boxes, and data hoarding are gone and strong collaboration from data, privacy, marketing and ethics teams is necessary to design trustworthy data-driven practices.
Join for a discussion on the latest trends in trusted data and how you can take critical steps to build trust in data practices by:
- Embedding privacy by design into data operations
- Respecting individual choice and optimizing the ongoing relationship with consumers
- Preparing for future data challenges including responsible AI and sustainability
Le white paper de l'Ilnas sur la blockchain et les DLTPaperjam_redaction
e White Paper, développé dans le cadre de la stratégie normative luxembourgeoise, vise à favoriser une meilleure compréhension du domaine blockchains et DLT, tant au niveau technologique qu’en termes de potentiel économique, mais également via une vue d’ensemble des travaux récemment initiés au niveau international pour la normalisation technique en relation. La mise en place de normes techniques offre, en effet, un support non négligeable pour les futurs développements de ces technologies, notamment en termes d’interopérabilité, de sécurité, de respect de la vie privée ou encore en matière de gouvernance.
Data driven economy: l’impatto sulle infrastrutture IT e la data governance a...IDC Italy
Abstract della presentazione di Giancarlo Vercellino, Research & Consulting Manager di IDC Italia, tenuta nel corso dell'evento Building the Scalable Data Foundation for Digital Transformation svoltosi a Milano il 16 novembre 2016
2020 Tehnology Mega Trends - Nov. 2019 I Nouamane CherkaouiNouamane Cherkaoui
The 4th industrial revolution is certainly technological. Here are the 10 most striking trends that we will have to prepare for in 2020, CIOs and Business Lines.
Gartner and Forrester are aligned with these trends. But let's not forget the human factor, the relationship, the interest of the client and the support of our employees. We could also add the 5G network, autonomous driving or predictive medicine, but I will come back in detail on these technologies later this year.
FinTech Apps are designed to transform conventional banking and financial services infrastructure. We're a renowed finance and banking application development company that have helped dozens of banking and financial institutions go online. With FinTech in place, customers are able to access financial services via their mobile devices. There is also a new line of financial services that is possible via FinTech Apps.
Visit Our Site for more Information- https://www.nimbleappgenie.com/fintech-app-development
Privacy continues to increase in importance for organizations around the world and
those they serve. Data privacy remains mission critical and an attractive investment
for organizations as reflected in its integration into business priorities and processes,
economic value, and visibility to senior management and the Board of Directors. Yet,
organizations’ priorities regarding the use of personal data are not fully aligned to
those of consumers, especially when it comes to using Artificial Intelligence (AI) and
automation to make decisions that affect the individual. This report, our sixth annual
review of key privacy challenges for organizations, examines privacy’s impact on
organizations around the world.
What trends will 2018 bring for Business Continuity Professionals?PECB
Many business continuity practitioners are perceiving a higher level of risk than ever before in their careers. Unfortunately, these risks are more often resulting in real incidents which require emergency response and continuity of operations. Being prepared may be the most important thing an organization can do in 2018. But what should we prepare for, and how should we prepare for it? This discussion will walk through some of the emerging threats concepts, tools, and techniques that business continuity professionals can expect to see more of in 2018.
Main points covered:
- What should we prepare for in 2018?
- How should we prepare?
- The emerging threats, concepts, tools, and techniques expected in 2018
- Emerging threats creating new risks
Presenter:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Organizer: Nevila Muka
Date: January 17, 2018
Link to the recorded webinar:
The explosive growth of data and the value it creates calls on data professionals to level up their programs to build, demonstrate, and maintain trust. The days of fine print, pre-ticked boxes, and data hoarding are gone and strong collaboration from data, privacy, marketing and ethics teams is necessary to design trustworthy data-driven practices.
Join for a discussion on the latest trends in trusted data and how you can take critical steps to build trust in data practices by:
- Embedding privacy by design into data operations
- Respecting individual choice and optimizing the ongoing relationship with consumers
- Preparing for future data challenges including responsible AI and sustainability
Why Zero Trust Architecture Will Become the New Normal in 2021Cloudflare
The COVID-19 pandemic brought changes no IT team was ready for: employees were sent home, customer interaction models changed, and cloud transformation efforts abruptly accelerated. Cloudflare recently commissioned Forrester Consulting to explore the impact of 2020 disruptions on security strategy and operations among companies of all sizes. To do so, they surveyed 317 global security decision makers from around the world.
Join our guest Forrester VP, Principal Analyst, Chase Cunningham, and Cloudflare Go-To-Market Leader, Brian Parks, for an in-depth discussion of the survey results, followed by practical guidance for next year’s planning.
Cloud Security: A Business-Centric Approach in 12 StepsOmar Khawaja
The move to the cloud is being driven by the business (not IT), yet we continue to take an IT-centric (applications, servers, CPUs, etc.) approach to cloud security. We propose a way forward to address this incongruence, a recipe based on interactions with CIOs, CSOs and business leaders all over the world
Cyber security trends in the UK
Enterprises today are faced with three key challenges:
- Implementing new SMAC technologies to support the business, as part of their digital transformation programs, but while keeping it secure;
- Responding to the increasing and changing threat landscape of targeted attacks;
- Achieving and retaining compliance with an increasing number of rules and regulations.
How do enterprises respond, in the context of a nationwide shortage in cyber security skills? Our hypothesis for this study was that enterprises are struggling to cope with the increase in workload, and are increasingly offloading (some of) their security provision to outsourcing providers as Managed Security Services (MSS). We surveyed 230 decision makers in large companies (1000+ employees) in the UK, to understand their motivations and drivers with regard to cyber security provision.
This study deals with the following questions:
- What do companies understand about the growing cyber threat landscape?
- How are companies meeting their resource challenges in cyber security?
- How are they using external providers to meet resource challenges?
- What are the drivers and inhibitors for using external cyber security providers?
- What alternative approaches to external cyber security provision being considered?
- Which services do companies expect from a cyber security provider?
- What are the capabilities and attributes of a credible cyber security provider?
Digital has increased businesses’ cybersecurity risk – and yet few have elevated security to a senior leadership concern, according to our recent research. Here’s what businesses are thinking about cybersecurity, and a framework for strengthening their security strategies.
Open Source Insight:Banking and Open Source, 2018 CISO Report, GDPR LoomingBlack Duck by Synopsys
Cybercriminals are expected to extend their threat deeper into ransomware and IoT. In a just-released report, Synopsys examines the four “tribes” of CISOs, and the characteristics of each. A link to the complimentary report is below. And with the GDPR going into force in just four months, businesses are scrambling for compliance.
All these cybersecurity stories and more in the January 19th edition of Open Source Insight.
The Internet of Things (IoT) and cybersecurity: A secure-by-design approachDeloitte United States
Cyberattacks, data breaches and overall business disruption, caused by unsecured IoT devices in the workplace and used by third parties, are increasing. This is because companies don’t know the depth and breadth of the risk exposures they face when leveraging IoT devices and other emerging technologies. The results of a poll by Deloitte and Dragos shed light on how ready organizations are for securing connected devices.
Similar to STKI Summit 2018 Cyber Governance Initiative (20)
Recommended for CIOs and Applications Managers
In this session we will discuss how next generation business applications enable the
creation of much needed hyper-personalized experiences for customers and employees.
Center Office is a new delivery model that is emerging in response to the need to deliver
end to end hyper-personalized solutions that improve on older enterprise (legacy)
applications. Center Office relies on technologies such as APIs, microservices and
Hyperautomation (next level of automation that meshes AI tools with RPA,, enabling
scaling for complex business processes).
How do we manage employees' experiences as well as preserve talent and create
collaborative workplaces for teams? which new skills are needed? what will the
workforce of the future look like? Which new tools are needed for HR (employee well-
being)?
Recommended for CDOs and all Data & Analytics Managers
The past 2 years have had a huge impact on organizations journeys to become data driven. Existing data architectures were disrupted; rigid structures and processes were questioned, and many data strategies were re-written.
On the one hand, the global pandemic emphasized the need for organizations to raise the bar, implement strategies, improve data literacy and culture, increase investments in data and analytics, and explore AI opportunities.
On the other, it also presented new challenges such as: the war for data talent and the wide literacy gap. Inadequate structures as well as outdated processes were exposed. Major changes in the data landscape (Data Fabric, Data Mesh, Transition to Data Clouds) will further disrupt existing data architectures and enhance the need for a new adaptive architecture and organization.
Recommended for CTOs, architects, IT Managers
COVID-19 has emphasized the fact that business agility and hence technology agility are the most if not the only factors for business success. However, technology agility in most IT departments is not the “strongest muscle”. Technology adoption of Cloud, Devops, Integration, Low-Code and Zero Trust are affecting all IT departments and even the entire organization. New
processes and relationships between the various branches of the IT department should emerge, forsaking old habits and technologies. New technologies and roles\responsibilities are taking their place.
Recommended for CXOs and all IT Managers
If COVID-19 has demonstrated anything it is that organizations can no longer rely on traditional long-term strategic direction-setting, in order to succeed and grow. Today, organizations need to be able to quickly identify changes and respond with speed.
Adaptive enterprises have the technical and organizational agility to do this. In this session, we will present the organizational structure, technologies and concepts that make up an adaptive organization and discuss topics such as: Concierge hyper-personalization services; Personalized (PBC) Business Capabilities; adaptive organizational structure; Centers of Excellence; center office; hyper-automation and data centric organizations.
The 28th edition of the annual research covering all aspects of the IT Market in Israel.
Volume 1: introduction, what is POSTCOVID19 Transformation and economic issues and market analysis
STKI researches and publishes once a year a complete Market Study about the Israeli Information Technology Scene. This is a version 2 that includes changes that were found after companies presented (again) their 2018 results and STKI analysts accepted the changes.
Presentation describes innovation process for IT, from digital transformation though data centric and finally automation revolution, outcome driven innovation and data, process and technical debt
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
How world-class product teams are winning in the AI era by CEO and Founder, P...
STKI Summit 2018 Cyber Governance Initiative
1. 40
STKI’s Cyber
Governance initiative
Life is like riding a
bicycle.To keep
your balance, you
must keep
moving."
— Albert Einstein
STKI’s Cyber
Governance initiative
Page 1
STKI Company Confidential
2. 41
41
It’s well known that so many
companies get hacked
Yet many executives believe it
will not affect them
Even the largest and most
prestigious ones
Page 2
STKI Company Confidential
3. 42
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
4242
Cyber’s Problematic Reputation
“Cyber is holding us back from achieving all other initiatives”
Page 3
STKI Company Confidential
4. 43
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
4343
Cyber governance initiative destination
Striking a balance between
the business needs and cyber,
risk & compliance needsCyber, governance & compliance are crucial for the survival of organizations
But they are also holding organizations back in many ways.
Executives don’t fully comprehend the importance of cyber security and their
personal responsibility.
Page 4
STKI Company Confidential
5. 44
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
4444
Cyber Governance Initiative
Page 5
STKI Company Confidential
6. 45
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
45
45
Demonstrate CEO
BOARD their cyber
responsibility
Determine business cyber
main principles
Allocate cyber budget,
head count & org.
structure
Trek name:
Zero trust security: Get top management on board
Page 6
STKI Company Confidential
7. 46
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
4646
Source: STKI staffing report
Number of Employees/ Cyber personnel
Implement STKI’s market data &
best practices to receive
appropriate budgets and personnel!
Page 7
STKI Company Confidential
8. 47
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
47
Build risk & cyber multi-
year program
Build cyber resilience
program
Trek name:
Design a Cyber Governance Plan
Design holistic cyber
measurement program
Use “Israel National Cyber
Directorate” guidance and tools
Page 8
STKI Company Confidential
9. 48
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
4848
Israel National Cyber Directorate guidance
will boost cyber security in Israel!
Especially for non-regulated enterprises
Non-regulated CISO
I don’t have enough
budget and resources
I can’t explain this to the
CEOBoard
Page 9
STKI Company Confidential
10. 49
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
49
49
Page 10
STKI Company Confidential
11. 50
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
50
50
Organizations that want to participate in the betta program can contact tora@pmo.gov.il
Page 11
STKI Company Confidential
12. 51
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
51
Don’t forget to secure the ENTIRE supply chain!
Page 12
STKI Company Confidential
13. 52
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
52
STKI expects new regulation based on Israel National
Cyber Directorate guidance in several industries
Take a deep breath.We’ve only just started.
Page 13
STKI Company Confidential
14. 53
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
5353
Of boards are not trained to
deal with cyber security incidents!
Source: Einat Meyron cyber resilience consultant & The Cyber Security Source - 2017
Page 14
STKI Company Confidential
15. 54
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
5454
CEO board member nightmare:
One Innocent phone call
Page 15
STKI Company Confidential
18. 57
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
5757
Leverage the similarities between BCP & Cyber Resilience
BCP
(Business
Continuity Plan)
Cyber
Resilience
And make them work together in collaboration
Page 18
STKI Company Confidential
19. 58
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
5858
Trek name:
Adopt to changing regulations
Keep up with existing
regulations
Look as GDPR
becomes standard
Implement Privacy
Protection Regulation
Page 19
STKI Company Confidential
20. 59
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
5959
GDPR Hype
GDPR is searched more
than Cyber Security
GDPR
Cyber Security
Page 20
STKI Company Confidential
21. 60
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
6060
Page 21
STKI Company Confidential
22. 61
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
6161
What does GDPR mean to our business? A lot!
The right to data portability allows individuals to obtain and reuse their
personal data for their own purposes across different services.
It allows them to move, copy or transfer personal data easily from one IT
environment to another in a safe and secure way, without hindrance to usability
Page 22
STKI Company Confidential
23. 62
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
62
It will also change many processes and interaction methods.
Example first engagement with client and his consent to continue with the process:
Page 23
STKI Company Confidential
24. 63
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
6363
Consent Management
One of the new tools needed to maintain compliance
Page 24
STKI Company Confidential
25. 64
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
6464
Some organizations will have to appoint a DPO under
GDPR law
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-officers/
The first point of contact for supervisory
authorities and for individuals whose data is
processed
Informs and advises the organization and its employees
about their obligations to comply with GDPR and other
data protection laws
Monitors compliance with GDPR and other data
protection laws, including managing internal data
protection activities
Advises on data protection impact assessments
Trains staff and conducts internal audits.
Page 25
STKI Company Confidential
26. 65
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
6565
source: konfidas
GDPR and Israeli privacy act are touching the same areas
Page 26
STKI Company Confidential
27. 66
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
6666
Eventually, it will come… So be prepared
Page 27
STKI Company Confidential
28. 67
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
6767
Trek name:
Cyber Security Operations
Enforce patches
Applying to new devices
(watches, pumps, cars, etc.)
Embrace new technologies and
prepare for new vulnerabilities
Re-adjust cyber security program
Embrace
DevSecOps
Automate Cyber
Operations and Use
AIML
Page 28
STKI Company Confidential
29. 68
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
6868
DevSecOps Manifesto:
Page 29
STKI Company Confidential
30. 69
Copyright@STKI_2018 Do not remove source or attribution from any slide or graph
6969
DevSecOps tools - Embed SDLC (Secure Dev. life cycle) tools
into CICD:
• Static analysis tools
• Dynamic scanning (auto pen. tests)
• Embed operations data (logs, customer inputs) with security inputs
Page 30
STKI Company Confidential