How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...Ignyte Assurance Platform
The emerging CMMC model applies to one of the most diverse industries in the world, known as the Defense Industrial Base (DIBs), which includes businesses of all sizes, in every sector that the U.S. government works with, including healthcare, financial services, insurance, manufacturing, and traditional defense contractors. The CMMC aims to become the de facto cross-industry cybersecurity certification to provide a minimal level of assurance for organizations of all sizes. CMMC has the potential to replace all other information security certifications such as SOC 2, ISO 27001, HITRUST, etc.
Local security and business leaders from all industries are invited to learn the essential and most critical elements of the CMMC framework that go beyond traditional security frameworks. This presentation will share vital information such as entity level or business level scope of certification, technical scope, controlled unclassified information (CUI), and most importantly, how to professionally prepare for an audit.
Ignyte Assurance team has worked with 70+ businesses across the United States that are considered critical to the U.S. DoD Supply Chain to implement this framework. In addition, Ignyte is currently going through a complete top-down audit being performed by the Defense Contractor Management Agency (DCMA) to formally be recognized as one of the few Certified Third-Party Assessor Organizations (C3PAO) in our region. This presentation will help our local businesses understand the impact of the emerging certification requirements imposed by the Department of Defense, known as the Cybersecurity Maturity Model Certification (CMMC).
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
The Cloud Controls Matrix (CCM) is an industry accepted set of principles and guidelines that can be leveraged to assess services, products, and your own security posture in the cloud. The framework is based on security requirements and criteria from research conducted by the Cloud Security Alliance (CSA). Learn about the architectural elements of the framework, its impact on international standards, and how it maps to over 30 other industry regulations.
Cybersecurity Maturity Model Certification (CMMC)Robert E Jones
CMMC compliance is the key to winning and retaining government contracts. CMMC requirements will soon appear in all Department of Defense (DoD) RFPs, contracts and grants and are expected to materialize in all federal government contracts as already evidenced by GSA's STARS III RFP.
How will this impact your business? CMMC requires all government contractors and subcontractors to be certified to at least Level I (basic cyber hygiene) with increasing levels of certification for CUI/CDI and special or high-risk programs. In fact, Level III certification is required for all contracts involving CUI.
And just like it takes a village to raise a child, it takes a team of professionals to prepare for and maintain CMMC compliance. From government contract compliance to CMMC readiness to implementation of technical solutions, you need a team of professionals to achieve and maintain CMMC compliance.
We recognize that CMMC certification is a process (journey), not a destination, and take a bit-sized approach to a continuous effort on your part. While you must achieve the appropriate level of certification for a specific contract before submitting your bid/proposal, we realize that you will not achieve the goal overnight.
This webinar will help you understand the basic CMMC requirements, certification process, timeline, and roles of your strategic partners.
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Alan Yau Ti Dun
When weighing options for increasing enterprise computing capabilities or seeking ways
to improve IT operational efficiency, the prevailing method is to integrate an external IT
services vendor, commonly referred to as a cloud service provider (CSP). There is a
high probability that audit clients will engage this CSP service to manage their IT needs.
Learn how to cope with the audit and risk assessment challenges related to this
emerging technology trend in this key session.
•Understanding the various Cloud Service Levels and Implementation Types
•Identifying Compliance, Service Level Agreement and other Important Duties each
party must perform
•Understand the Complexities of Auditing internal controls, data security, privacy and
performancerelated to cloud
•Mitigating the underlying Business Risks associated with adopting a cloud-based IT model
In January 2020, the Department of Defense released the initial version of Cybersecurity Maturity Model Certification (CMMC) standard. Certifications will begin for new and existing defense contractors this year. As you are preparing for the CMMC now by becoming NIST 800-171 compliant, it is critical to ensure you can continue bidding on RFPs. Any type of cybersecurity audit takes time and getting compliant to NIST 800-171 ahead of an audit is no different.
Whether your organization’s security and compliance are 80% of the way there, or you think your infrastructure needs a complete overhaul, get tips and insights to get you closer to compliance.
We Share:
- An overview of the compliance requirements,
- Tips for analyzing current cyber security measures and processes,
- How the Microsoft 365 Cloud helps ensure compliance
- Measures you can put in place to help you meet NIST 800-171 compliance
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...Ignyte Assurance Platform
The emerging CMMC model applies to one of the most diverse industries in the world, known as the Defense Industrial Base (DIBs), which includes businesses of all sizes, in every sector that the U.S. government works with, including healthcare, financial services, insurance, manufacturing, and traditional defense contractors. The CMMC aims to become the de facto cross-industry cybersecurity certification to provide a minimal level of assurance for organizations of all sizes. CMMC has the potential to replace all other information security certifications such as SOC 2, ISO 27001, HITRUST, etc.
Local security and business leaders from all industries are invited to learn the essential and most critical elements of the CMMC framework that go beyond traditional security frameworks. This presentation will share vital information such as entity level or business level scope of certification, technical scope, controlled unclassified information (CUI), and most importantly, how to professionally prepare for an audit.
Ignyte Assurance team has worked with 70+ businesses across the United States that are considered critical to the U.S. DoD Supply Chain to implement this framework. In addition, Ignyte is currently going through a complete top-down audit being performed by the Defense Contractor Management Agency (DCMA) to formally be recognized as one of the few Certified Third-Party Assessor Organizations (C3PAO) in our region. This presentation will help our local businesses understand the impact of the emerging certification requirements imposed by the Department of Defense, known as the Cybersecurity Maturity Model Certification (CMMC).
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
The Cloud Controls Matrix (CCM) is an industry accepted set of principles and guidelines that can be leveraged to assess services, products, and your own security posture in the cloud. The framework is based on security requirements and criteria from research conducted by the Cloud Security Alliance (CSA). Learn about the architectural elements of the framework, its impact on international standards, and how it maps to over 30 other industry regulations.
Cybersecurity Maturity Model Certification (CMMC)Robert E Jones
CMMC compliance is the key to winning and retaining government contracts. CMMC requirements will soon appear in all Department of Defense (DoD) RFPs, contracts and grants and are expected to materialize in all federal government contracts as already evidenced by GSA's STARS III RFP.
How will this impact your business? CMMC requires all government contractors and subcontractors to be certified to at least Level I (basic cyber hygiene) with increasing levels of certification for CUI/CDI and special or high-risk programs. In fact, Level III certification is required for all contracts involving CUI.
And just like it takes a village to raise a child, it takes a team of professionals to prepare for and maintain CMMC compliance. From government contract compliance to CMMC readiness to implementation of technical solutions, you need a team of professionals to achieve and maintain CMMC compliance.
We recognize that CMMC certification is a process (journey), not a destination, and take a bit-sized approach to a continuous effort on your part. While you must achieve the appropriate level of certification for a specific contract before submitting your bid/proposal, we realize that you will not achieve the goal overnight.
This webinar will help you understand the basic CMMC requirements, certification process, timeline, and roles of your strategic partners.
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Alan Yau Ti Dun
When weighing options for increasing enterprise computing capabilities or seeking ways
to improve IT operational efficiency, the prevailing method is to integrate an external IT
services vendor, commonly referred to as a cloud service provider (CSP). There is a
high probability that audit clients will engage this CSP service to manage their IT needs.
Learn how to cope with the audit and risk assessment challenges related to this
emerging technology trend in this key session.
•Understanding the various Cloud Service Levels and Implementation Types
•Identifying Compliance, Service Level Agreement and other Important Duties each
party must perform
•Understand the Complexities of Auditing internal controls, data security, privacy and
performancerelated to cloud
•Mitigating the underlying Business Risks associated with adopting a cloud-based IT model
In January 2020, the Department of Defense released the initial version of Cybersecurity Maturity Model Certification (CMMC) standard. Certifications will begin for new and existing defense contractors this year. As you are preparing for the CMMC now by becoming NIST 800-171 compliant, it is critical to ensure you can continue bidding on RFPs. Any type of cybersecurity audit takes time and getting compliant to NIST 800-171 ahead of an audit is no different.
Whether your organization’s security and compliance are 80% of the way there, or you think your infrastructure needs a complete overhaul, get tips and insights to get you closer to compliance.
We Share:
- An overview of the compliance requirements,
- Tips for analyzing current cyber security measures and processes,
- How the Microsoft 365 Cloud helps ensure compliance
- Measures you can put in place to help you meet NIST 800-171 compliance
Managing risks related to vendors presents its own challenges particularly if they are high technology companies such as Cloud Service Providers (CSP).
Application of the Common Criteria to Building Trustworthy Automotive SDLCSeungjoo Kim
Seungyeon Jeong, Sooyoung Kang, and Seungjoo Kim, "Application of the Common Criteria to Building Trustworthy Automotive SDLC", Proc. of The 19th ICCC 2020, The 19th International Common Criteria Conference, Virtual (online) Conference, November 16-18, 2020.
In order to bid on Department of Defense (DoD) contracts, hundreds of thousands of organizations will need to be assessed for their Cybersecurity Maturity Model Certification (CMMC) Level. But how exactly does that process work?
Watch the free session here: https://www.infosecinstitute.com/webinar/cmmc-case-study-assessment/
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfJack Nichelson
All DoD contractors are now be subject to CMMC 2.0 DFARS 252.204-7012 & 7019. This means, that any DoD suppliers looking to earn new business or up for a renewal will need to complete a new NIST 800-171 Self-Assessment and upload the results to the Supplier Performance Risk System (SPRS) before a contract is awarded. If you do business with the DPD, NASA, GSA or another state/federal agency, you need to be prepared for the CMMC framework. In this presentation, we discuss the potential impacts on your business, while introducing an affordable, practical and secure solution for contractors preparing for CMMC 2.0 certification.In addition to answering questions from attendees, this presentation will cover the following topics:• What You Need to Know About CMMC• CMMC 2.0 Proposed Changes• The Crawl – Walk – Run of CMMC• Preliminary Steps for CMMC Success• How to improve your NIST SP 800-171 Self-Assessment SPRS score
MBT Webinar: Does the security of your business data keep you up at night? Jorge García
More and more manufacturers have been investing in cloud technology these days, but there is still a contingent of businesses who don’t see the appeal, or are concerned about the risks. In a recent MBT survey about cloud adoption, 50 percent of those manufacturers not using cloud computing said they didn’t because of security concerns. But are these concerns actually justified, or are businesses leaving opportunity on the table due to glaring misconceptions?
More practical insights on the 20 critical controlsEnclaveSecurity
This presentation is for both alumni of the SANS 440 / 566 courses on the 20 Critical Controls and anyone considering implementing these controls in their organizations. Since the first version of the 20 Critical Controls were released, many organizations internationally have been considering implementing these controls as guideposts and metrics for effectively stopping directed attacks. Some organizations have been doing this effectively, others have struggled. This presentation will give case studies of organizations that have implemented these controls, what they have learned from their implementations about what works and what does not work practically. Not only will the discussion focus around what organizations are doing to implement the controls, but also what vendors are doing to help automate the controls and the status of resources and projects in the industry. Students will walk away with even more tools to be effective with their implementations.
Engaging with a vendor especially one who provides some sort of Information and/or technology based services is necessary for many global organizations. Managing risks related to vendors presents its own challenges particularly if they are high technology companies such as Cloud Service Providers (CSP). Cloud based services add to the complexities of managing traditional security & compliance risks. Identifying and addressing risks associated with moving your data, applications and services are not
the only thing that an organization has to consider. An organization also needs to think about and plan for vendor related risks, legal, regulatory and contractual risks. This spectrum of risks continues to expand particularly when dealing with customers and vendors who are operating in different geographies governed by different regulations, data protection laws, culture and operating models.
For more information, visit - http://www.happiestminds.com/technology-focus/cloud-computing/
Our mission is to be a trusted provider of information technology services and solutions with core competencies in cybersecurity, information assurance, security engineering, risk management and security program and project management. Our proven methodologies and scalable solutions help our clients achieve maximum return on their investment.
We help small and medium size organization to solve business challenges of Risk, Compliance and Cyber Security areas at right price tag.
We are NOT large consulting firm; but we are large in niche area i.e. Risk, Compliance and Cyber Security.
Contact - Richard Marti - richard@grcalert.com
ciso-platform-annual-summit-2013-Mitigating the security risks of cloud servi...Priyanka Aash
Presented by Wayne Tufek at CISO Platform Annual Summit, 2013. Wayne Tufek is currently the IT Security and Risk Manager at the University of Melbourne. His career spans over 17 years as an active hands on practitioner of information security and technology risk management. He has worked in the public sector, Big 4, financial services, consumer products and education sectors.
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...Montrium
Want to deploy a new technology solution but not sure where to begin? These slides cover key considerations for choosing a vendor with cloud compliance and validation in mind. With the Office 365 subscription-based service gaining considerable momentum in the life sciences, it's important to stay ahead of the technological and regulatory curve and consider how an EDMS system will bring improvements to managing your GxP content.
Here we cover the following topics:
-Vendor assessment of Microsoft
-Subscription basics of Office 365
-Review of ISO/SOC audit reports
-Ensuring that no critical observations are made
-Security and quality controls in place
You can follow along with this presentation via webinar format:
https://info.montrium.com/strategies-for-conducting-gxp-vendor-assessment-of-cloud-service-providers
Managing risks related to vendors presents its own challenges particularly if they are high technology companies such as Cloud Service Providers (CSP).
Application of the Common Criteria to Building Trustworthy Automotive SDLCSeungjoo Kim
Seungyeon Jeong, Sooyoung Kang, and Seungjoo Kim, "Application of the Common Criteria to Building Trustworthy Automotive SDLC", Proc. of The 19th ICCC 2020, The 19th International Common Criteria Conference, Virtual (online) Conference, November 16-18, 2020.
In order to bid on Department of Defense (DoD) contracts, hundreds of thousands of organizations will need to be assessed for their Cybersecurity Maturity Model Certification (CMMC) Level. But how exactly does that process work?
Watch the free session here: https://www.infosecinstitute.com/webinar/cmmc-case-study-assessment/
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfJack Nichelson
All DoD contractors are now be subject to CMMC 2.0 DFARS 252.204-7012 & 7019. This means, that any DoD suppliers looking to earn new business or up for a renewal will need to complete a new NIST 800-171 Self-Assessment and upload the results to the Supplier Performance Risk System (SPRS) before a contract is awarded. If you do business with the DPD, NASA, GSA or another state/federal agency, you need to be prepared for the CMMC framework. In this presentation, we discuss the potential impacts on your business, while introducing an affordable, practical and secure solution for contractors preparing for CMMC 2.0 certification.In addition to answering questions from attendees, this presentation will cover the following topics:• What You Need to Know About CMMC• CMMC 2.0 Proposed Changes• The Crawl – Walk – Run of CMMC• Preliminary Steps for CMMC Success• How to improve your NIST SP 800-171 Self-Assessment SPRS score
MBT Webinar: Does the security of your business data keep you up at night? Jorge García
More and more manufacturers have been investing in cloud technology these days, but there is still a contingent of businesses who don’t see the appeal, or are concerned about the risks. In a recent MBT survey about cloud adoption, 50 percent of those manufacturers not using cloud computing said they didn’t because of security concerns. But are these concerns actually justified, or are businesses leaving opportunity on the table due to glaring misconceptions?
More practical insights on the 20 critical controlsEnclaveSecurity
This presentation is for both alumni of the SANS 440 / 566 courses on the 20 Critical Controls and anyone considering implementing these controls in their organizations. Since the first version of the 20 Critical Controls were released, many organizations internationally have been considering implementing these controls as guideposts and metrics for effectively stopping directed attacks. Some organizations have been doing this effectively, others have struggled. This presentation will give case studies of organizations that have implemented these controls, what they have learned from their implementations about what works and what does not work practically. Not only will the discussion focus around what organizations are doing to implement the controls, but also what vendors are doing to help automate the controls and the status of resources and projects in the industry. Students will walk away with even more tools to be effective with their implementations.
Engaging with a vendor especially one who provides some sort of Information and/or technology based services is necessary for many global organizations. Managing risks related to vendors presents its own challenges particularly if they are high technology companies such as Cloud Service Providers (CSP). Cloud based services add to the complexities of managing traditional security & compliance risks. Identifying and addressing risks associated with moving your data, applications and services are not
the only thing that an organization has to consider. An organization also needs to think about and plan for vendor related risks, legal, regulatory and contractual risks. This spectrum of risks continues to expand particularly when dealing with customers and vendors who are operating in different geographies governed by different regulations, data protection laws, culture and operating models.
For more information, visit - http://www.happiestminds.com/technology-focus/cloud-computing/
Our mission is to be a trusted provider of information technology services and solutions with core competencies in cybersecurity, information assurance, security engineering, risk management and security program and project management. Our proven methodologies and scalable solutions help our clients achieve maximum return on their investment.
We help small and medium size organization to solve business challenges of Risk, Compliance and Cyber Security areas at right price tag.
We are NOT large consulting firm; but we are large in niche area i.e. Risk, Compliance and Cyber Security.
Contact - Richard Marti - richard@grcalert.com
ciso-platform-annual-summit-2013-Mitigating the security risks of cloud servi...Priyanka Aash
Presented by Wayne Tufek at CISO Platform Annual Summit, 2013. Wayne Tufek is currently the IT Security and Risk Manager at the University of Melbourne. His career spans over 17 years as an active hands on practitioner of information security and technology risk management. He has worked in the public sector, Big 4, financial services, consumer products and education sectors.
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...Montrium
Want to deploy a new technology solution but not sure where to begin? These slides cover key considerations for choosing a vendor with cloud compliance and validation in mind. With the Office 365 subscription-based service gaining considerable momentum in the life sciences, it's important to stay ahead of the technological and regulatory curve and consider how an EDMS system will bring improvements to managing your GxP content.
Here we cover the following topics:
-Vendor assessment of Microsoft
-Subscription basics of Office 365
-Review of ISO/SOC audit reports
-Ensuring that no critical observations are made
-Security and quality controls in place
You can follow along with this presentation via webinar format:
https://info.montrium.com/strategies-for-conducting-gxp-vendor-assessment-of-cloud-service-providers
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
Supporting your CMMC initiatives with Sumo Logic
1.
2. What are we going to talk about?
• Overview of the Cybsersecurity Maturity Model Certification (CMMC)
o Its history
o Its direction
o Who it impacts
o The gap that it fills
• Demonstrate how CloudHesive uses Sumo Logic to:
o Address customer's needs in preparing for their CMMC audit from the perspective of
a gap analysis
o Generating evidence during the initial audit
o Demonstration of ongoing compliance
3. (A brief) United States Government Refresher
• United States Government
o Executive Branch
• Department of Defense
o Office of the Under Secretary of Defense for Acquisition and Sustainment
• Carnegie Mellon University/Johns Hopkins University
• Developed the Program
• Defense Industrial Base/Defense Supply Chain
o Contractors – 100,000 of them, generating 768 Billion USD (3.2% of GDP) Annually
• Their Subcontractors
o Eventually phased into the Program
• CMMC AB -> Cyber AB
o Oversees the Program
4. What data may be (sub)contractors obligated to protect?
• (F)ederal (C)ontract (I)nformation
o Federal contract information means information, not intended for public release,
that is provided by or generated for the Government under a contract to develop or
deliver a product or service to the Government, but not including information
provided by the Government to the public (such as on public websites) or simple
transactional information, such as necessary to process payments
• (C)ontrolled (U)nclassified (I)nformation
o Information the Government creates or possesses, or that an entity creates or
possesses for or on behalf of the Government, that a law, regulation, or
Government-wide policy requires or permits an agency to handle using
safeguarding or dissemination controls
5. CMMC Timeline
• In 2016 DFARS 7012 clause goes into in effect requiring all contract holders to self assess to meeting the security
requirements of NIST-SP-800-171
• In 2019 the Department of Defense announced the creation of the Cybersecurity Maturity Model Certification (CMMC)
to transition from a mechanism of self-attestation of an organization's basic cyber hygiene which was used to govern
the Defense Industrial Base
• In 2019 interim rule authorizing the inclusion of CMMC in procurement contracts, Defense Federal Acquisition
Regulation Supplement (DFARS) 2019-D041, was published on September 29, 2020, with an effective date of
November 30, 2020
• On December 8, 2020, the CMMC Accreditation Board and the Department of Defense released an updated timeline
that has the model fully implemented by September 2021
• On November 4, 2021, the Department of Defense announced the release of CMMC 2.0
• In March 2023, Final Rule Making will be complete
• On 60 days after March 2023, CMMC requirements will be included in new contracts
7. CMMC 1.0 vs. CMMC 2.0
• Streamlined Model
o Focused on the most critical requirements: Streamlines the model from 5 to 3 compliance levels
o Aligned with widely accepted standards: Uses National Institute of Standards and Technology (NIST)
cybersecurity standards
• Reliable Assessments
o Reduced assessment costs: Allows all companies at Level 1 (Foundational), and a subset of
companies at Level 2 (Advanced) to demonstrate compliance through self-assessments
o Higher accountability: Increases oversight of professional and ethical standards of third-party
assessors
• Flexible Implementation
o Spirit of collaboration: Allows companies, under certain limited circumstances, to make Plans of
Action & Milestones (POA&Ms) to achieve certification
o Added flexibility and speed: Allows waivers to CMMC requirements under certain limited
circumstances
8. CMMC 2.0 Level 2 Summary
• Access Control (AC)
• Awareness & Training (AT)
• Audit & Accountability (AU)
• Configuration Management (CM)
• Identification & Authentication (IA)
• Incident Response (IR)
• Maintenance (MA)
• Media Protection (MP)
• Personnel Security (PS)
• Physical Protection (PE)
• Risk Assessment (RA)
• Security Assessment (CA)
• System and Communications Protection (SC)
• System and Information Integrity (SI)
9. Preparing for Audit
• Organizational Readiness
o History
o Current state
o Sustainability of the current state
10. Sample Artifacts
• (S)ystem (S)ecurity (P)lan
• (P)lan (O)f (A)ctions & (M)ilestones
• Self Assessment with SIPR Score
• (S)ystem (D)esign (D)ocument
• General
o Policies
o Procedures
o Diagrams
o Configuration Settings
o Mechanisms
o Operational Logs
o Audit Logs
o Monitoring
o Locations
o Strategies
11. Sample Policies
• Access control policy
• Audit and accountability policy
• Configuration management policy
• Identification and Authentication policy
• Incident response policy
• Personnel security policy
• Risk management policy
• Security awareness and training policy
• Security planning policy
• System and communications protection policy
• System and information integrity policy
• System maintenance policy
• Third party hosting policy
• Vendor management policy
13. Organizations in the DIB have a challenge
• What do many of these organizations own from a tech perspective?
o Not much
• Computers, Files, E-Mail…
o Simple needs (somewhere to work, store, retrieve, process, transmit) to deliver product
• What infrastructure do they have to support these requirements?
o Not much
• Physical sites, People, Computers…
o Operationally Capable (e.g., delivering a product), but may not be Cyber Capable
• Where can they get help?
o CMMC Ecosystem
o People Considerations
o (C)loud (S)ervice (P)roviders
17. Organizations in the DIB Become Responsible For
• Data generation, processing, storage, retrieval
o Understand the flow
• Scope Reduction
o Use an enclave
• If the data can’t leave, it’s secure
o Descope where possible – organization, people, domains, access
• If the data can’t be accessed, it’s secure
• People Considerations
o Employees
o Contractors
o Vendors
• Software Considerations
o Vary based on COTS versus Custom
19. Continuous Monitoring with Sumo Logic
• We have all these sources of data we are responsible for – Events and States
o Data derived from the third-party solutions
• We need to be able to tell current state and review historically
o To support the sample processes
• We need to be able to react to the high priority items
o Push versus Pull
• We need to demonstrate we are doing this
o It’s part of the process
24. Conclusion
• In conclusion, leveraging a Cloud Service Provider, and Managed Services Provider
can help to reduce your organizational burden in preparing for and maintaining
CMMC defined controls.
• A significant component to maintaining these controls is monitoring and response,
in which Sumo Logic can be used to funnel these various sources of data and state,
correlate, query and reduce for human consumption at a planned and unplanned
levels of priority.