Tre Smith - From Decision to Implementation: Who's On First?
•Download as PPTX, PDF•
0 likes•807 views
This presentation will explore tactics to improve organizational control implementations that meet the spirit of organizational risk decisions. An approach that may help to improve the time it takes to see organizational policy reflected in everyday workplace practice and technologies. Starting with clarifying “Who’s On First?”
Report
Share
Report
Share
Recommended
Deral Heiland - Fail Now So I Don't Fail Later
With network data breaches being reported weekly, it appears our implementation of prevention solutions is failing. With the average time to detect a breach being greater than 6 months our detection solutions also appear to be failing. Maybe these solutions and technologies are working correctly and we are just not training our teams how to manage, maintain, and leverage those solutions effectively. In this presentation I will be discussing security testing and validation methodologies that includes Internal/external pentesting, social engineering, and red team/blue team exercises. In addition I will be covering how using these methodologies we can better prepare and build a more robust security environment that will keep your organization off the front page.
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Corporate cybercrime is usually blamed on outsiders, but sometimes, your employees can represent the biggest threat to your organization’s IT security. In this presentation, Kaspersky Lab’s Mark Villinski, will provide practical advice for educating your employees about cybersecurity. Attend to learn:
• How to create efficient and effective security policies
• Overview and statistics of the current threat landscape
• The importance of keeping your employees updated about the latest threats and scams
• Security solutions that can help keep your systems updated and protected
Helen Patton - Cross-Industry Collaboration
This presentation will explore suggestions for ways Security people in Central Ohio can and do collaborate to improve Security practices within and external to organizations. This will explore ISACs, ISAOs, partnerships such as the Collaboratory, Internships, ISSA, etc.
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
-The evolution of online advertising tactics
-What cyber criminals find appealing about advertising and profiling
-How advertisers and cyber criminals have worked together in the past
-What psychological tactics are used by cyber criminals in real world attacks
-How to protect yourself from psychological attacks
Bob West - Educating the Board of Directors
Most boards of directors don't have someone that understands cyber security issues. As a consequence, they can't provide the proper oversight over the companies they are responsible for. This presentation will cover the issues boards of directors need to understand, what questions board members need to ask and how to communicate with them.
Keith Fricke - CISO for an Hour
This presentation is aimed at a technical security audience seeking to advance into a security leadership role. In this interactive presentation, attendees will learn how they need to apply their technical skills in a CISO or security director role. In addition, they will learn the fundamentals of leading people, managing budgets and projects, presenting to an executive audience, and dealing with other challenging issues security leaders face.
Bill Lisse - Communicating Security Across the C-Suite
CISO's are increasingly being included in Board and Executive discussions. Skills for developing CISOs need to include soft skills, including the ability to communicate across the executive table. This presentation is about the sell versus the tell.
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
In the spirit of Continuous Improvement, we must ask ourselves - Are we doing the best job we can? In this presentation Gary will present some ideas and concepts that can be used to improve the security posture within your organization. These ideas and concepts are not your typical solutions, rather they will force you to make a fundamental change in your approach to implementing security and underlying assumptions about good security practices. This presentation will challenge conventional thinking about how to build a successful security program. After all, what do you have to lose? Are we really winning the cybersecurity war?
Recommended
Deral Heiland - Fail Now So I Don't Fail Later
With network data breaches being reported weekly, it appears our implementation of prevention solutions is failing. With the average time to detect a breach being greater than 6 months our detection solutions also appear to be failing. Maybe these solutions and technologies are working correctly and we are just not training our teams how to manage, maintain, and leverage those solutions effectively. In this presentation I will be discussing security testing and validation methodologies that includes Internal/external pentesting, social engineering, and red team/blue team exercises. In addition I will be covering how using these methodologies we can better prepare and build a more robust security environment that will keep your organization off the front page.
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Corporate cybercrime is usually blamed on outsiders, but sometimes, your employees can represent the biggest threat to your organization’s IT security. In this presentation, Kaspersky Lab’s Mark Villinski, will provide practical advice for educating your employees about cybersecurity. Attend to learn:
• How to create efficient and effective security policies
• Overview and statistics of the current threat landscape
• The importance of keeping your employees updated about the latest threats and scams
• Security solutions that can help keep your systems updated and protected
Helen Patton - Cross-Industry Collaboration
This presentation will explore suggestions for ways Security people in Central Ohio can and do collaborate to improve Security practices within and external to organizations. This will explore ISACs, ISAOs, partnerships such as the Collaboratory, Internships, ISSA, etc.
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
-The evolution of online advertising tactics
-What cyber criminals find appealing about advertising and profiling
-How advertisers and cyber criminals have worked together in the past
-What psychological tactics are used by cyber criminals in real world attacks
-How to protect yourself from psychological attacks
Bob West - Educating the Board of Directors
Most boards of directors don't have someone that understands cyber security issues. As a consequence, they can't provide the proper oversight over the companies they are responsible for. This presentation will cover the issues boards of directors need to understand, what questions board members need to ask and how to communicate with them.
Keith Fricke - CISO for an Hour
This presentation is aimed at a technical security audience seeking to advance into a security leadership role. In this interactive presentation, attendees will learn how they need to apply their technical skills in a CISO or security director role. In addition, they will learn the fundamentals of leading people, managing budgets and projects, presenting to an executive audience, and dealing with other challenging issues security leaders face.
Bill Lisse - Communicating Security Across the C-Suite
CISO's are increasingly being included in Board and Executive discussions. Skills for developing CISOs need to include soft skills, including the ability to communicate across the executive table. This presentation is about the sell versus the tell.
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
In the spirit of Continuous Improvement, we must ask ourselves - Are we doing the best job we can? In this presentation Gary will present some ideas and concepts that can be used to improve the security posture within your organization. These ideas and concepts are not your typical solutions, rather they will force you to make a fundamental change in your approach to implementing security and underlying assumptions about good security practices. This presentation will challenge conventional thinking about how to build a successful security program. After all, what do you have to lose? Are we really winning the cybersecurity war?
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Have you ever felt that the security problems you're faced with would be so simple to solve if only your colleagues had your perspective on them? Are you frustrated that security does not have a more prominent seat at the table?
Often times identifying security problems and developing the appropriate controls is the easiest part of the security job. Getting our peers and superiors to buy-in to those solutions and understand the risk decisions they're making is an under-appreciated but arguably much more important part of our jobs in security.
Chris and Jack will share techniques that help to turn your employees into an army of human security sensors, to get security done regardless of where it sits on the org chart, and to earn major security victories even with a meager budget and a small team. Along the way you’ll learn about the “10 Critical Habits” which we have observed effective security leaders using to achieve their goals.
Have you ever felt that the security problems you're faced with would be so simple to solve if only your colleagues had your perspective on them? Are you frustrated that security does not have a more prominent seat at the table?
Often times identifying security problems and developing the appropriate controls is the easiest part of the security job. Getting our peers and superiors to buy-in to those solutions and understand the risk decisions they're making is an under-appreciated but arguably much more important part of our jobs in security.
Chris and Jack will share techniques that help to turn your employees into an army of human security sensors, to get security done regardless of where it sits on the org chart, and to earn major security victories even with a meager budget and a small team. Along the way you’ll learn about the “10 Critical Habits” which we have observed effective security leaders using to achieve their goals.
Ruben Melendez - Economically Justifying IT Security Initiatives
This presentation discusses frameworks for justifying IT security initiatives and demonstrating their business value. It introduces the Enterprise Value Creation (EVC) framework, which includes principles, stages, and enabling tools for dynamic, collaborative value management. The EVC framework advocates using a Business Value Plan approach rather than just a business case to proactively plan and track value realization over the initiative lifecycle. It provides examples of how tools like the EVC matrix and urgency analysis can be used to assess needs, risks, and pace of initiatives.
Building Human Intelligence – Pun Intended
Presented by: Rohyt Belani, Phishme
Abstract: In the physical world, the human brain has evolved to avoid danger. The threat of physical pain triggers fear – and we have learned to avoid behavior that causes pain. In the electronic world of email, however, this concept doesn’t translate. Clicking on a malicious link or opening an attachment laced with malware doesn’t cause pain, and often a user won’t even notice anything is wrong after doing it. How then, can we teach fear perception in the electronic world? Is it even possible? In this presentation I’ll discuss how immersive training can key on psychological triggers to teach people to become skeptical email users who not only avoid undesired security behavior but can aid intrusion detection by reporting suspicious emails, helping to mitigate one of the most serious problems in security: slow incident detection times. According to reports from Mandiant and Verizon, average detection time for an incident is in the hundreds of days. A properly trained workforce is not only resilient to phishing attacks, but can improve detection times as well.
William Diederich - Security Certifications: Are They Worth the Investment? A...
The IT world seems to be exploding with certifications, with new ones being offered practically every month. How does one chose from all of the options available, and are they worth it?
This session discusses the plethora of Governance, Risk, Compliance, Security and Technology related certifications being offered today. What are the benefits, and which are the most highly valued? Most importantly, which ones are right for you? Can one get too many certifications, and what’s the balance?
Practical tips and recommendations are offered to help the person who decides on attaining certifications. Including, how to select the best certifications, how to plan a roadmap for achieving them, and successfully completing the plan they set out.
Lastly, the benefits of certifications are discussed, and how to maximize their value.
CISO's first 100 days
- The document outlines a roadmap for a CISO's first 100 days in a new role. It discusses assessing the organization's security posture, planning security strategy and goals, and taking initial actions like redefining teams. Key steps include preparing for day one, assessing people and processes, planning strategy and a 2-3 year roadmap, acting on projects and technology selection, and measuring program impact and providing executive reports. The roadmap is meant to help a new CISO gain insight, define a security vision, and show early progress and wins.
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
A method to define minimum controls, policies, and procedures to apply to devices not controlled by the organization.
Achieving Compliance Through Security
This document discusses the challenges of audit compliance and proposes a continuous monitoring approach. It describes how organizations often scramble to prepare for audits in an unplanned, reactive way that disrupts work and does not maintain long-term compliance. The document proposes establishing security controls integrated with daily operations to make compliance a natural byproduct. It provides steps for continuous monitoring, including categorizing assets, determining risk thresholds, setting monitoring frequencies, and generating detailed reports to assess risk and guide security improvements. The benefits are presented as leveraging automation to reduce audit effort while providing objective data to address gaps and priorities.
Assessing Your security
Anyone handling sensitive information in this day and age needs to to have a solid security setup and a plan for when something goes wrong. This webinar aims to get you looking at your security with fresh eyes and give you an outline of an action plan.
Aaron Higbee - The Humanity of Phishing Attack & Defense
In 2015, phishing related breaches dominated security news headlines, and will likely remain the leading initial point-of-entry method for 2016. Not surprisingly an upswing in security awareness spending has paralleled the rise in phishing. In this presentation we dive deep into the largest data pool of human phishing susceptibility and also new research about phishing awareness. We will also look at phishing from the attacker’s point of view and look for opportunities to be better defenders.
Let’s examine the evidence and decide if awareness is the problem. Why do users who are aware of phishing continue to fall for it? What are some of the most successful phishing themes? What are some common response rates? And finally, what can conditioned informants (your co-workers) reporting suspicious emails bring to the table?
NESCO Town Hall Workforce Development Presentation
Moderated and Presented by Andy Bochman
Discussion Topic: Workforce Development in the ICS WorkPlace
Discussion Abstract: Ask anyone working in the field at an electric utility about cybersecurity and the conversation will inevitably turn to the shortage of a qualified security staff with knowledge of our industry. The need to comply with NERC CIP standards, secure the rapidly proliferating smart grid technologies, and defend against the threat of cyber attacks targeting control systems, makes the short supply of cybersecurity talent is a critical issue.
Cybersecurity for Energy: Moving Beyond Compliance
Presented by: Gib Sorebo, SAIC
Abstract: For the last few years, energy companies, particularly electric utilities, have been scrambling to meet the onslaught of cybersecurity regulations. However, hackers don’t follow regulations, so the need to rapidly address evolving threats is imperative to meet expectations of senior leadership, board members, and shareholders. This session will discuss how a mature governance structure and a cybersecurity strategy based on a comprehensive understanding of business risk can be used to address threats, comply with regulations, and obtain support from company stakeholders.
RSA 2017 - CISO's 5 steps to Success
Discussion that was held at RSA on the five steps CISO's can use to assess their enterprise security program and architect one that meets the organizations objectives and reduces its exposure to risk.
Security initiatives here and down under
This is a presentation introducing the SANS Institute's 20 Security Controls and the Australian Government's Top 35 Mitigation Strategies that I gave to The Small Business Technology Consulting Group in St Paul MN on November 13, 2012
Data Security: What Every Leader Needs to Know
This document summarizes a presentation on data security for organizational leaders. It covers the key components of an effective security program, including support from management, understanding your data and where it is stored, implementing proper IT controls and monitoring, establishing security policies and procedures, and gaining staff involvement through training. It also discusses how to identify if a breach has occurred based on network traffic and user activity anomalies, and the steps to take in response, such as identifying and quarantining the damage before disinfecting and resecuring the network. The presentation aims to educate leaders on security basics and preparing an incident response plan.
What your scanner isn't telling you
The more your organization knows about potential threats, the safer your critical assets will be, but are traditional solutions, such as monthly scans and haphazard patching enough? What your scanner isn’t telling you are the critical vulnerabilities that should be fixed first.
Everything is not awesome: The rising threat of Cyber-attack and what to do a...
The document discusses the rising threat of cyber attacks and what organizations can do about it. It notes that data breaches and attacks are becoming more common and severe due to factors such as the high value of data, the low barriers to entry for attackers, and the increasing complexity of technology. It recommends that organizations plan for security compromises, focus on security early in product development rather than after attacks, and recognize that well-trained employees can be their best defense. Organizations should prioritize assets, identify risks, conduct security assessments focused on business needs, and create response plans to improve their security posture.
Mind the gap
Security threats are growing in volume, scale, and complexity. Not a day passes that we don’t hear about another data breach; and the average organization that’s hacked goes bankrupt within a year. From small and medium-size organizations to Fortune 500 companies, across every industry, no one is immune. It’s no longer enough to keep the bad stuff out (threat protection) or just keep the good stuff in (information protection). This session is a practical discussion on the ever evolving threat landscape, how you can keep up and protect yourself, your organization, and its reputation. It will help you build awareness about the types of resources and sensitive data that your nonprofit has, with tips on practical, accessible steps that you can take to ensure that information is safeguarded.
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSouth Tyrol Free Software Conference
What can go wrong?!
Thirty years of commercial information security have taught us to orchestrate perimeter controls, to correctly configure AAA systems, to evaluate risks and manage them.
But when we talk about the supply chain, the context dramatically changes and we risk realising we did not understand it all or we naively transferred our risk to an unaware third party.Improving Security Metrics
Doug Copley discusses effective security metric creation and how to improve upon some example metrics to make them more useful and relevant.
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
Learn the 3 changes Lamar CISD implemented to radically change technical support that enabled teachers to be more productive with technology than ever before! See how Lamar ISD used Dell KACE to improve insight, processes and management to cut total issues by 50% and reduce resolution time by 78%!
Using infoset query %2c sap query and quick viewer
This document provides steps for creating SAP queries, infosets, and quick views using ABAP for BI. It discusses creating a user group, then an infoset which describes the fields that can be used in queries. Steps are provided for creating a basic SAP query with selection screens and output. Finally, it briefly covers creating a quick view which allows viewing query results.
More Related Content
What's hot
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Have you ever felt that the security problems you're faced with would be so simple to solve if only your colleagues had your perspective on them? Are you frustrated that security does not have a more prominent seat at the table?
Often times identifying security problems and developing the appropriate controls is the easiest part of the security job. Getting our peers and superiors to buy-in to those solutions and understand the risk decisions they're making is an under-appreciated but arguably much more important part of our jobs in security.
Chris and Jack will share techniques that help to turn your employees into an army of human security sensors, to get security done regardless of where it sits on the org chart, and to earn major security victories even with a meager budget and a small team. Along the way you’ll learn about the “10 Critical Habits” which we have observed effective security leaders using to achieve their goals.
Have you ever felt that the security problems you're faced with would be so simple to solve if only your colleagues had your perspective on them? Are you frustrated that security does not have a more prominent seat at the table?
Often times identifying security problems and developing the appropriate controls is the easiest part of the security job. Getting our peers and superiors to buy-in to those solutions and understand the risk decisions they're making is an under-appreciated but arguably much more important part of our jobs in security.
Chris and Jack will share techniques that help to turn your employees into an army of human security sensors, to get security done regardless of where it sits on the org chart, and to earn major security victories even with a meager budget and a small team. Along the way you’ll learn about the “10 Critical Habits” which we have observed effective security leaders using to achieve their goals.
Ruben Melendez - Economically Justifying IT Security Initiatives
This presentation discusses frameworks for justifying IT security initiatives and demonstrating their business value. It introduces the Enterprise Value Creation (EVC) framework, which includes principles, stages, and enabling tools for dynamic, collaborative value management. The EVC framework advocates using a Business Value Plan approach rather than just a business case to proactively plan and track value realization over the initiative lifecycle. It provides examples of how tools like the EVC matrix and urgency analysis can be used to assess needs, risks, and pace of initiatives.
Building Human Intelligence – Pun Intended
Presented by: Rohyt Belani, Phishme
Abstract: In the physical world, the human brain has evolved to avoid danger. The threat of physical pain triggers fear – and we have learned to avoid behavior that causes pain. In the electronic world of email, however, this concept doesn’t translate. Clicking on a malicious link or opening an attachment laced with malware doesn’t cause pain, and often a user won’t even notice anything is wrong after doing it. How then, can we teach fear perception in the electronic world? Is it even possible? In this presentation I’ll discuss how immersive training can key on psychological triggers to teach people to become skeptical email users who not only avoid undesired security behavior but can aid intrusion detection by reporting suspicious emails, helping to mitigate one of the most serious problems in security: slow incident detection times. According to reports from Mandiant and Verizon, average detection time for an incident is in the hundreds of days. A properly trained workforce is not only resilient to phishing attacks, but can improve detection times as well.
William Diederich - Security Certifications: Are They Worth the Investment? A...
The IT world seems to be exploding with certifications, with new ones being offered practically every month. How does one chose from all of the options available, and are they worth it?
This session discusses the plethora of Governance, Risk, Compliance, Security and Technology related certifications being offered today. What are the benefits, and which are the most highly valued? Most importantly, which ones are right for you? Can one get too many certifications, and what’s the balance?
Practical tips and recommendations are offered to help the person who decides on attaining certifications. Including, how to select the best certifications, how to plan a roadmap for achieving them, and successfully completing the plan they set out.
Lastly, the benefits of certifications are discussed, and how to maximize their value.
CISO's first 100 days
- The document outlines a roadmap for a CISO's first 100 days in a new role. It discusses assessing the organization's security posture, planning security strategy and goals, and taking initial actions like redefining teams. Key steps include preparing for day one, assessing people and processes, planning strategy and a 2-3 year roadmap, acting on projects and technology selection, and measuring program impact and providing executive reports. The roadmap is meant to help a new CISO gain insight, define a security vision, and show early progress and wins.
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
A method to define minimum controls, policies, and procedures to apply to devices not controlled by the organization.
Achieving Compliance Through Security
This document discusses the challenges of audit compliance and proposes a continuous monitoring approach. It describes how organizations often scramble to prepare for audits in an unplanned, reactive way that disrupts work and does not maintain long-term compliance. The document proposes establishing security controls integrated with daily operations to make compliance a natural byproduct. It provides steps for continuous monitoring, including categorizing assets, determining risk thresholds, setting monitoring frequencies, and generating detailed reports to assess risk and guide security improvements. The benefits are presented as leveraging automation to reduce audit effort while providing objective data to address gaps and priorities.
Assessing Your security
Anyone handling sensitive information in this day and age needs to to have a solid security setup and a plan for when something goes wrong. This webinar aims to get you looking at your security with fresh eyes and give you an outline of an action plan.
Aaron Higbee - The Humanity of Phishing Attack & Defense
In 2015, phishing related breaches dominated security news headlines, and will likely remain the leading initial point-of-entry method for 2016. Not surprisingly an upswing in security awareness spending has paralleled the rise in phishing. In this presentation we dive deep into the largest data pool of human phishing susceptibility and also new research about phishing awareness. We will also look at phishing from the attacker’s point of view and look for opportunities to be better defenders.
Let’s examine the evidence and decide if awareness is the problem. Why do users who are aware of phishing continue to fall for it? What are some of the most successful phishing themes? What are some common response rates? And finally, what can conditioned informants (your co-workers) reporting suspicious emails bring to the table?
NESCO Town Hall Workforce Development Presentation
Moderated and Presented by Andy Bochman
Discussion Topic: Workforce Development in the ICS WorkPlace
Discussion Abstract: Ask anyone working in the field at an electric utility about cybersecurity and the conversation will inevitably turn to the shortage of a qualified security staff with knowledge of our industry. The need to comply with NERC CIP standards, secure the rapidly proliferating smart grid technologies, and defend against the threat of cyber attacks targeting control systems, makes the short supply of cybersecurity talent is a critical issue.
Cybersecurity for Energy: Moving Beyond Compliance
Presented by: Gib Sorebo, SAIC
Abstract: For the last few years, energy companies, particularly electric utilities, have been scrambling to meet the onslaught of cybersecurity regulations. However, hackers don’t follow regulations, so the need to rapidly address evolving threats is imperative to meet expectations of senior leadership, board members, and shareholders. This session will discuss how a mature governance structure and a cybersecurity strategy based on a comprehensive understanding of business risk can be used to address threats, comply with regulations, and obtain support from company stakeholders.
RSA 2017 - CISO's 5 steps to Success
Discussion that was held at RSA on the five steps CISO's can use to assess their enterprise security program and architect one that meets the organizations objectives and reduces its exposure to risk.
Security initiatives here and down under
This is a presentation introducing the SANS Institute's 20 Security Controls and the Australian Government's Top 35 Mitigation Strategies that I gave to The Small Business Technology Consulting Group in St Paul MN on November 13, 2012
Data Security: What Every Leader Needs to Know
This document summarizes a presentation on data security for organizational leaders. It covers the key components of an effective security program, including support from management, understanding your data and where it is stored, implementing proper IT controls and monitoring, establishing security policies and procedures, and gaining staff involvement through training. It also discusses how to identify if a breach has occurred based on network traffic and user activity anomalies, and the steps to take in response, such as identifying and quarantining the damage before disinfecting and resecuring the network. The presentation aims to educate leaders on security basics and preparing an incident response plan.
What your scanner isn't telling you
The more your organization knows about potential threats, the safer your critical assets will be, but are traditional solutions, such as monthly scans and haphazard patching enough? What your scanner isn’t telling you are the critical vulnerabilities that should be fixed first.
Everything is not awesome: The rising threat of Cyber-attack and what to do a...
The document discusses the rising threat of cyber attacks and what organizations can do about it. It notes that data breaches and attacks are becoming more common and severe due to factors such as the high value of data, the low barriers to entry for attackers, and the increasing complexity of technology. It recommends that organizations plan for security compromises, focus on security early in product development rather than after attacks, and recognize that well-trained employees can be their best defense. Organizations should prioritize assets, identify risks, conduct security assessments focused on business needs, and create response plans to improve their security posture.
Mind the gap
Security threats are growing in volume, scale, and complexity. Not a day passes that we don’t hear about another data breach; and the average organization that’s hacked goes bankrupt within a year. From small and medium-size organizations to Fortune 500 companies, across every industry, no one is immune. It’s no longer enough to keep the bad stuff out (threat protection) or just keep the good stuff in (information protection). This session is a practical discussion on the ever evolving threat landscape, how you can keep up and protect yourself, your organization, and its reputation. It will help you build awareness about the types of resources and sensitive data that your nonprofit has, with tips on practical, accessible steps that you can take to ensure that information is safeguarded.
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSouth Tyrol Free Software Conference
What can go wrong?!
Thirty years of commercial information security have taught us to orchestrate perimeter controls, to correctly configure AAA systems, to evaluate risks and manage them.
But when we talk about the supply chain, the context dramatically changes and we risk realising we did not understand it all or we naively transferred our risk to an unaware third party.Improving Security Metrics
Doug Copley discusses effective security metric creation and how to improve upon some example metrics to make them more useful and relevant.
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
Learn the 3 changes Lamar CISD implemented to radically change technical support that enabled teachers to be more productive with technology than ever before! See how Lamar ISD used Dell KACE to improve insight, processes and management to cut total issues by 50% and reduce resolution time by 78%!
What's hot (20)
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
Viewers also liked
Using infoset query %2c sap query and quick viewer
This document provides steps for creating SAP queries, infosets, and quick views using ABAP for BI. It discusses creating a user group, then an infoset which describes the fields that can be used in queries. Steps are provided for creating a basic SAP query with selection screens and output. Finally, it briefly covers creating a quick view which allows viewing query results.
preguntas y conceptos
El documento resume conceptos básicos de física como masa, átomo, diferencia entre peso y masa, las fases de la materia, propiedades de la materia como elasticidad y deformación, y propiedades de los líquidos como viscosidad y tensión superficial. Explica cada concepto de manera concisa con definiciones sencillas.
Csjpu d banco_preguntas_19032012
El documento presenta una prueba de conocimientos para asistentes judiciales en la Corte Superior de Justicia de Puno. Consiste en 10 preguntas sobre temas de derecho constitucional, procesal y penal peruano. Las preguntas abarcan aspectos como la competencia del Tribunal Constitucional, el estado de emergencia, los derechos fundamentales, el hábeas corpus, la entrada en vigencia de las leyes, la competencia de los jueces en procesos de alimentos y exoneraciones del pago de tasas judiciales.
Latvia
The document outlines several education programs and courses related to intercultural communication and education being developed or added at the University of Latvia, including a study course on intercultural communication being added to an existing secondary school teaching program, a course on integrating intercultural education into English language teaching being developed for an English philology master's program, and plans to design a new master's program in global education covering topics like global citizenship, intercultural education, and school concepts in Europe.
Эрхэт - Онлайн санхүүгийн програмын сургалтын гарын авлага
Орон зай, цаг хугацааны хязгаарлалтгүйгээр нягтлан бодох бүртгэлээ хөтлөх, тайлан шинжилгээ хийх чадамжтай үргэлж шинэчлэгдэн хөгжих, дэвшилтэт технологид суурилсан Эрхэт онлайн санхүүгийн програм.
Цахим
https://erkhet.biz/
https://facebook.com/ErkhetHQ/
https://twitter.com/ErkhetHQ/
https://youtube.com/ErkhetHQ/
Эрхэт - Онлайн санхүүгийн програмын гарын авлага
Орон зай, цаг хугацааны хязгаарлалтгүйгээр нягтлан бодох бүртгэлээ хөтлөх, тайлан шинжилгээ хийх чадамжтай үргэлж шинэчлэгдэн хөгжих, дэвшилтэт технологид суурилсан Эрхэт онлайн санхүүгийн програм.
Цахим
https://erkhet.biz/
https://facebook.com/ErkhetHQ/
https://twitter.com/ErkhetHQ/
https://youtube.com/ErkhetHQ/
Boletin 2 densidad 3º eso
Este documento contiene un boletín de ejercicios de física y química para el tercer curso de la educación secundaria obligatoria. Incluye 10 ejercicios sobre conceptos como temperatura, densidad, volumen, presión y cambios de estado. Los estudiantes deben responder preguntas sobre estas propiedades y leyes como la ley de los gases ideales y la ley de Charles-Gay-Lussac.
Chemistry of proteins
Proteins are the most abundant and functionally diverse molecules in living systems. They perform essential functions like structure, movement, transport, defense, and regulation of processes. Proteins are classified based on their chemical properties, functions, and nutritional importance. Some major classifications include structural, enzymatic, transport, and storage proteins. Proteins can be precipitated through various means like heat denaturation, dehydration using alcohol, increasing salt concentrations, and reactions with heavy metals or alkaloids. Precipitation tests are used to separate and identify proteins.
Viewers also liked (12)
Using infoset query %2c sap query and quick viewer
Using infoset query %2c sap query and quick viewer
Эрхэт - Онлайн санхүүгийн програмын сургалтын гарын авлага
Эрхэт - Онлайн санхүүгийн програмын сургалтын гарын авлага
Similar to Tre Smith - From Decision to Implementation: Who's On First?
From Vision Statement to Product Backlog
An effective way to quickly develop software project and product requirements in business environments.
Xero
This document discusses key areas for small business success and adapting to changes in technology. It highlights the importance of having systems in place for sales and marketing, operations, finance, and team productivity. Small businesses that implement digital solutions and are responsive to changes will survive ("adapt or perish"), while those stuck in the past will struggle. The opportunity lies in embracing innovation and adapting systems like implementing accounting software that integrates with other business processes.
ASAE Tech Conference: Don't Blame The Sofware: 5 Vital Considerations Before ...
The document discusses 5 vital considerations for organizations before changing their association management system (AMS): 1) understanding existing processes, 2) evaluating current information systems, 3) preparing staff for change, 4) conducting a thorough return on investment analysis, and 5) thorough planning and homework. It emphasizes involving staff, documenting processes, integrating all databases, calculating both financial and personnel impacts, and thorough vendor evaluation and planning.
Data Driven Product Management - ProductTank Boston Feb '14
The document discusses data-driven product management and provides practical ideas and tools for PMs to use to make decisions. It emphasizes that PMs should optimize decisions for enterprise value and focus on gathering knowable facts from customer data and usage metrics, rather than opinions. PMs are encouraged to measure key metrics from the start, investigate problems, create dashboards, delay decisions until necessary while learning from experiments, and use tools like SQL, text editors, Excel, and Tableau to integrate different data sources and identify patterns to inform prioritization. The overall message is that PMs should make decisions based on analyzing multiple quantitative and qualitative data sources, rather than relying solely on opinions or anecdotes.
The Seven Most Important (Non Technical) SharePoint Success Factors
The document discusses seven non-technical factors for successful SharePoint implementations: understanding requirements and limitations, estimating effort accurately, achieving buy-in, determining return on investment, implementing governance, adopting an iterative approach, and improving user adoption. It provides details on each factor, emphasizing the importance of clear expectations, effective communication, governance, and an iterative rollout process to achieve SharePoint success.
What is an IANS CISO Workshop? Factor 1
CISOs face continuous changes in threats, security technologies, and business conditions that complicate their mission to protect critical assets. While technical skills are essential, the top performing CISOs engage with the business and practice proactive organizational engagement. This document outlines the 7 Factors of CISO Impact framework, which provides a structured approach for CISOs to measure and improve their performance in areas like gaining command of facts, engaging stakeholders, and driving insight to enable action. It also describes workshops where CISOs can assess their skills, learn from peers, and develop concrete plans to strengthen areas for improvement.
Interview with pam morris
Pam Morris is interviewed about her background in software measurement and process improvement. She discusses some of the root causes of high software project failure rates, including poor requirements specifications and inadequate scoping. She emphasizes that software process improvement is about rigor and measurement, not just "checking boxes". Measurement programs are most effective when they start small and focus on key metrics that support management's goals and decision-making. The role of management is also important to drive measurement from the top down.
What We Learned from Three Years of Sciencing the Crap Out of DevOps
This document summarizes research from three years of studying DevOps practices. Some key findings include:
- Continuous delivery practices like reducing lead time and increasing release frequency are correlated with higher IT performance. However, tools like configuration management tools are not correlated.
- Ineffective testing practices include developers not creating tests or environments being difficult to reproduce. But having QA primarily create tests is not ineffective.
- While managing work-in-progress is thought to be important, the correlation between WIP and IT performance is actually negligible.
- DevOps culture and practices around information sharing and collaboration are valid constructs that are predictive of both IT and organizational performance. But data testing is needed to validate assumptions.
Wipro
Wipro helps customers do business better by leveraging our industry-wide experience, deep technology expertise, comprehensive portfolio of services and vertically aligned business model.
Wipro also gives high importance to Human Resource Management. The company is India’s 6th top employer. But the company is not even in the top 20 best employers of the country while their competitors like TCS, Infosys etc. are always in the top ten . Therefore it can be judged that the HR functions in the company need to be thoroughly reviewed.Wipro also gives high importance to Human Resource Management. The company is India’s 6th top employer. But the company is not even in the top 20 best employers of the country while their competitors like TCS, Infosys etc. are always in the top ten . Therefore it can be judged that the HR functions in the company need to be thoroughly reviewed.
Whitepaper interview with pam morris
Pam Morris is a software development expert who has worked in software measurement and function point analysis for decades. She discusses some of the root causes of high software project failure rates, including poor requirements specifications, inadequate scoping, and lack of progress measurement. She emphasizes that software process improvement is important but must be done properly, with a focus on measurement to identify weaknesses and demonstrate improvement. Her firm helps clients implement measurement programs to analyze their current performance and identify areas for process improvement. She notes that cultural and technical challenges in data gathering can be overcome by starting small and incrementally expanding measurement efforts.
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan Archer
Topic: Panic Attacks
Specific Purpose: To inform my audience about the nature, extent, and symptoms of panic attacks
I can’t breathe, my arms are tingling, I’m really dizzy, and it feels as if my heart is about to fly out of my chest. When this happened to me three years ago at an outdoor concert, I was really frightened. At the time, I had no idea what was going on. My doctor told me later that I had experienced a panic attack. I have learned a lot about my condition during the past three years, and I did additional research for this speech. Today I would like to inform you about the nature of panic attacks, the people affected most often by them, and the options for treatment.
Connective: Let’s start with the nature of panic attacks.
I. Panic attacks are a severe medical condition with a number of physical and mental symptoms.
a. As defined by the National Institute of Mental Health, panic attacks involve “unexpected and repeated episodes on intense fear accompanied by physical symptoms.”
1. The attacks usually come out of nowhere and strike when least expected.
2. Their length can vary from a few minutes to several hours.
b. There are a number of symptoms common to most panic attacks
1. Physical symptoms include a pounding heart, shortness of breath, lightheadedness, and numbness of tingling sensations in the arms and legs.
2. Mental symptoms include acute fear, a sense of disaster or helplessness, and a feeling of being detached from one’s own body.
Connective: Now that you know something about the nature of panic attacks, let’s look at how widespread they are.
II. Panic attacks affect millions of people
A. According to the American Psychiatric Association, six million Americans suffer from panic attacks.
B. Some groups have a higher incidence of panic attacks than do other groups
1. The National Institute of Mental health reports that panic attacks strike women twice as often as men.
2. Half the people who suffer from panic attacks develop symptoms before the age of 24.
Connective: Given the severity of panic attacks, I’m sure you are wondering how they can be treated.
III. There are two major options for treating panic attacks.
a. One option is medication
1. Antidepressants are the most frequently prescribed medication for panic attacks
2. The rearrange the brain’s chemical levels so as to get rid of unwanted fear responses.
b. Another option is cognitive-behavioral therapy
1. This therapy involves techniques that help people with panic attacks gain control of their symptoms and feelings.
a. Some techniques involve breathing exercises
b. Other techniques target through patterns that can trigger panic attacks
2. According to David Barlow, author of the Clinical Handbook of Psychological Disorders, cognitive behavioral therapy can be highly effective.
As we have seen, panic attacks affect millions of people. Fortunately, there are treatment options to help prevent panic attacks and to deal with them when they o.
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan Archer
Topic: Panic Attacks
Specific Purpose: To inform my audience about the nature, extent, and symptoms of panic attacks
I can’t breathe, my arms are tingling, I’m really dizzy, and it feels as if my heart is about to fly out of my chest. When this happened to me three years ago at an outdoor concert, I was really frightened. At the time, I had no idea what was going on. My doctor told me later that I had experienced a panic attack. I have learned a lot about my condition during the past three years, and I did additional research for this speech. Today I would like to inform you about the nature of panic attacks, the people affected most often by them, and the options for treatment.
Connective: Let’s start with the nature of panic attacks.
I. Panic attacks are a severe medical condition with a number of physical and mental symptoms.
a. As defined by the National Institute of Mental Health, panic attacks involve “unexpected and repeated episodes on intense fear accompanied by physical symptoms.”
1. The attacks usually come out of nowhere and strike when least expected.
2. Their length can vary from a few minutes to several hours.
b. There are a number of symptoms common to most panic attacks
1. Physical symptoms include a pounding heart, shortness of breath, lightheadedness, and numbness of tingling sensations in the arms and legs.
2. Mental symptoms include acute fear, a sense of disaster or helplessness, and a feeling of being detached from one’s own body.
Connective: Now that you know something about the nature of panic attacks, let’s look at how widespread they are.
II. Panic attacks affect millions of people
A. According to the American Psychiatric Association, six million Americans suffer from panic attacks.
B. Some groups have a higher incidence of panic attacks than do other groups
1. The National Institute of Mental health reports that panic attacks strike women twice as often as men.
2. Half the people who suffer from panic attacks develop symptoms before the age of 24.
Connective: Given the severity of panic attacks, I’m sure you are wondering how they can be treated.
III. There are two major options for treating panic attacks.
a. One option is medication
1. Antidepressants are the most frequently prescribed medication for panic attacks
2. The rearrange the brain’s chemical levels so as to get rid of unwanted fear responses.
b. Another option is cognitive-behavioral therapy
1. This therapy involves techniques that help people with panic attacks gain control of their symptoms and feelings.
a. Some techniques involve breathing exercises
b. Other techniques target through patterns that can trigger panic attacks
2. According to David Barlow, author of the Clinical Handbook of Psychological Disorders, cognitive behavioral therapy can be highly effective.
As we have seen, panic attacks affect millions of people. Fortunately, there are treatment options to help prevent panic attacks and to deal with them when they .
Digital Governance in Complex Organisations philly13
The document discusses digital governance in complex organizations. It provides an agenda for a conference on the topic, including sessions on what governance is and how much is needed, the difference between management and leadership, and how culture can impact strategy. Tips are given for getting buy-in for governance from stakeholders, such as focusing on visible projects and communicating successes. Challenges of governance mentioned include having too much unrelated content, a lack of accountability, and organizational politics. The facilitator advocates having a plan and acknowledging that centralized digital strategists need authority beyond just platform administration.
It's not the Size of the Data - It's How You Use It: Smarter Marketing with A...
provides the key color slides for each chapter in the book, helping with course preparation from text book
Fundamentals of Recruitment Analytics Outline
This document provides an outline for a training on fundamentals of recruitment analytics. It covers topics such as defining recruitment analytics, assessing an organization's current use of analytics, key recruitment metrics to track, finding the right data, applicant tracking systems, using big data and business intelligence in recruiting, and making data-driven decisions. The training agenda includes an overview of trends in the Philippine recruitment industry and a self-assessment of an organization's analytics culture. It emphasizes using data to understand factors like employee retention and satisfaction.
CIO: Standard Requirements
CIO Standard Requirements
Source: https://store.theartofservice.com/cio-standard-requirements/
Sample Requirements:
The full extent of a given risk and its priority compared to other risks are not understood. Failure to address the most important risks first leads to dangerous exposures. Nearly all managers believe that their risks are the most important in the enterprise (or at least they say so) but whose risks really matter most?
Does your organization constantly monitor in real time your networks, systems and applications for unauthorized access or anomalous behavior such as viruses, malicious code insertion, or break-in attempts?
We have determined whether the goals, norms and rules of our organization are properly transmitting the value of the organizational culture to staff members and if there are areas for improvement
When deciding to outsource we know if the candidate services require extensive interactions between the service providers and the business's competitive and strategic resources and capabilities
Has the CIO ensured security training and awareness of all agency employees, including contractors and those employees with significant IT security responsibilities?
If services come in direct contact with the customers of customers, we have additional policies and guidelines required to handle user interactions and user information?
What impact has emerging technology (e.g., cloud computing, virtualization and mobile computing) had on your companys ITRM program over the past 12 months?
Do you have a good understanding of emerging technologies and business trends that are vital for the management of IT risks in a fast-changing environment?
Is the CIO or someone similar, responsible for strategic planning, implementation, and management of integrated systems identified by the IT infrastructure plan?
Our strategic approach to Service Design results in services that can be offered at a competitive market price, substantially reduced risk, or offers superior value?
Technology Roundtable Photo Essay Nov 2012 Impact Productions Group
Financial advisors face challenges adapting to rapid technological changes and information overload. During a roundtable discussion, experts discussed how advisors can overcome these challenges through effective technology use. They recommended turnkey solutions that require little training, integrated systems to improve efficiency and scalability, and focusing technology investments on directly enhancing client value and experience. Advisors were also advised to ask the right questions to identify their specific needs and partner with consultants to successfully implement solutions.
EO Accelerator San Francisco Presentation 13 Jun 2016
Stephen Lynch is the Head of Strategy & Consulting at RESULTS.com. He presented best practices for business execution based on observations of thousands of client firms. Some key practices included focusing both short and long-term strategic planning, setting clear strategic projects and metrics, conducting regular meetings to drive accountability, and using coaching questions to support employees in achieving goals.
What is an IANS CISO Workshop? Factor 6
The document discusses the challenges faced by CISOs and information security teams in engaging with organizations and stakeholders. It introduces the CISO Impact framework, which identifies seven factors that are important for CISOs to focus on in order to improve proactive organizational engagement. These factors are assessed through an online diagnostic tool that measures an information security team's strengths and weaknesses in engaging stakeholders. The document describes workshops that provide guidance to CISOs on improving specific factors, including communicating the value of information security and building support from a range of internal stakeholders.
Richard Harbridge: 7 SharePoint Success Factors
The document discusses seven non-technical factors for SharePoint success: understanding requirements and limitations, accurate estimation, achieving buy-in, determining return on investment, implementing governance, supporting users iteratively, and planning for new work. It emphasizes understanding business needs, sharing expectations, using metrics, collaborative teamwork, communication, and managing capabilities.
Similar to Tre Smith - From Decision to Implementation: Who's On First? (20)
ASAE Tech Conference: Don't Blame The Sofware: 5 Vital Considerations Before ...
ASAE Tech Conference: Don't Blame The Sofware: 5 Vital Considerations Before ...
Data Driven Product Management - ProductTank Boston Feb '14
Data Driven Product Management - ProductTank Boston Feb '14
The Seven Most Important (Non Technical) SharePoint Success Factors
The Seven Most Important (Non Technical) SharePoint Success Factors
What We Learned from Three Years of Sciencing the Crap Out of DevOps
What We Learned from Three Years of Sciencing the Crap Out of DevOps
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Digital Governance in Complex Organisations philly13
Digital Governance in Complex Organisations philly13
It's not the Size of the Data - It's How You Use It: Smarter Marketing with A...
It's not the Size of the Data - It's How You Use It: Smarter Marketing with A...
Technology Roundtable Photo Essay Nov 2012 Impact Productions Group
Technology Roundtable Photo Essay Nov 2012 Impact Productions Group
EO Accelerator San Francisco Presentation 13 Jun 2016
EO Accelerator San Francisco Presentation 13 Jun 2016
More from centralohioissa
Mike Spaulding - Building an Application Security Program
Application Security in many organizations is a simply a 'wish list' item, but with some staff and some training, AppSec can be a reality, even for a small organization. This talk will discuss the best practices, strategies and tactics, and resource planning to build an internal AppSec function - enterprise to 'mom & pop' operations will all benefit from this talk.
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
In January, the FDA has draft recommendations for medical device security after the sale. Among other things, the recommendations tell manufacturers how to evaluate security risks, how to build a program for coordinated vulnerability disclosure program, and how to intake vulnerability reports from researchers. While the security of medical devices is especially important given the potential consequences, we can learn from the FDA recommendations regardless of our industry. Any recommendations adopted by the FDA for medical devices are likely to be implemented across other verticals for their IoT devices as well. Whether you manufacture, purchase, integrate, implement, or generally try to run away from IoT devices, there’s plenty to take away from this session while learning about the future of IoT device security.
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
This document discusses the insecurity of physical access control systems (PACS). It begins by describing the typical components of a PACS, including access cards, readers, access control panels, and servers. It then explains that while physical and cyber security are converging, the physical security industry lacks the security maturity and culture of IT. Many PACS deployments are insecure due to vendor features lacking testing, heavy reliance on IT without understanding, and being deployed and forgotten. The document outlines various attack surfaces and exploits against access cards, readers, control panels and servers. It concludes by providing an example of how these attacks could be combined to take over an entire PACS.
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Key legal data security concerns for 2016; Privacy and security preparation; Vendor management; When and how to engage outside counsel & advisors; EU Privacy update; Sample enforcement actions.
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
In this session information will be presented on Third Party Risk Governance. The presenter will provide a better understand of the what’s, why’s and how’s of a Third Party Risk Governance program and provide some suggestions on sources for a program as well as some of the typical “gotchas”. This presentation will also provide common objections from the recipients of assessments and how to overcome those objections as well as discuss contract language that can be added to your products and services contracts.
Sean Whalen - How to Hack a Hospital
By 2014, medical facilities nationwide implemented Electronic Health Records (EHR) as mandated by congress. Today, most of these systems are still using shared kiosk Windows accounts. This talk explores the risks of shared accounts, and alternatives that can provide much greater security and accountability, while maintaining ease of access.
Robert Hurlbut - Threat Modeling for Secure Software Design
The document discusses threat modeling as a process for secure software design. It begins with an introduction of the speaker, Robert Hurlbut, and his background. The presentation then discusses how threat modeling helps bridge gaps between different security roles and fits within the software development lifecycle. Key aspects of threat modeling covered include understanding the system, identifying potential threats, determining mitigations and risks. The document provides examples and questions to guide the threat modeling process.
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Disaster recovery, emergency response and business continuity plans are usually developed when no disaster exists. We think we’ve covered all contingencies. We think we’ve trained all the appropriate players. We’ve tested. We’ve re-tested. We think we’re ready to face whatever event there is looming out their with our name on it! The real world has a nasty habit of triggering disasters at the least opportune time, often featuring a twist that throws plans into disarray.
This presentation focuses on three real-world plans, each of which with a fatal flaw. We will discuss elements that should be in a plan beyond the normal guidance from the Disaster Recovery Institute (DRI) and a set of actions that should be included in planning and preparation.
Rafeeq Rehman - Breaking the Phishing Attack Chain
Many security research reports show that phishing is significant contributing factor to data breaches. Verizon data breach investigations report (DBIR) shows that attackers used phishing as their entry point in two third of the security incidents, especially in cyber espionage category. Although the phenomenon of phishing is nothing new, the attackers are enhancing their techniques and using phishing more effectively.
The good news is that understanding the phishing attack chain helps in stopping these attacks, break the phishing chain, and avert a data breach. This session is to understand different phases of phishing attacks and developing a comprehensive strategy to manage risk associated with these attacks.
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
For the past several years, software-defined networking (SDN) has been a popular buzz word in the networking industry. In many ways, networking has always been defined by software. Software is pervasive within all of the technology that impacts our lives and networking is no different. However, networks have been constrained by the way software has been configured, delivered and managed—literally within a box, updated monolithically, managed through command lines that are reminiscent to the days of minicomputers and DOS in the 1980’s. Well, almost.
Jack Nichelson - Information Security Metrics - Practical Security Metrics
So exactly how do you integrate information security metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program.
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
This document discusses security awareness training conducted by Michael Woolard. It provides links to security talks and presentations he has given. It then describes the organization he works for and security awareness events he held including Derbycon, Louisville InfoSec, and Bsides Las Vegas presentations. It outlines a Hack.Jam event for his company that included OWASP training, games, and a capture the flag competition. Feedback from the event was very positive with participants wanting to participate again next year. It concludes by mentioning the use of Kahoot for future security awareness training.
Ed McCabe - Putting the Intelligence back in Threat Intelligence
What is Threat Intelligence? It's more than raw source feeds and technical information.
If you ask most vendors, they talk about their lists of "bad" IP addresses and domain names, which don't enable the business to make informed decisions on assessing risk and taking action; it lacks -- well, intelligence.
We'll cover what Threat Intelligence is, why analysis is an important factor and methods available to analyze raw data.
Ofer Maor - Security Automation in the SDLC - Real World Cases
How can we really automate secure coding? Agile, DevOps, Continuous Integration, Orchestration, Static, Dynamic - There's an endless feed of Buzzwords, but how can we turn this into a practice that really works? In this session we will review real world examples of building a successful automation process for delivery of secure software in fast paced development environments. The talk will focus on three different organizations at different maturity levels and how security automation processes were applied and adapted to fit their development lifecycle.
Jim Libersky: Cyber Security - Super Bowl 50
The document discusses the technical infrastructure and cybersecurity measures in place for hosting large sporting events like the Super Bowl. It notes the large amounts of data (over 10 terabytes) transmitted over WiFi networks by tens of thousands of fans, and the complex monitoring required to detect cyber threats across hundreds of network interfaces and devices. While most traffic was normal, sophisticated attacks were still detected by dedicated security systems, highlighting the ongoing risks at mass gatherings and the importance of multilayered protection strategies.
Jim Wojno: Incident Response - No Pain, No Gain!
This document discusses strategies for incident response and gaining intelligence about adversaries. It emphasizes collecting diverse types of data from hash values to tactics, techniques, and procedures used. Combining different layers of information through data stacking and analytics can provide better accuracy and flexibility to understand attacks at varying levels of difficulty, from easy-to-change details to harder-to-modify tactics. The goal is to operationalize threat intelligence by hunting for known indicators but also finding unknown threats through anomaly detection and scalable analytics across all hosts.
Jason Samide - State of Security & 2016 Predictions
Provide an overview of the threat landscape. Including what Threat Intelligence means and 2016 Predictions.
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Securing an enterprise is never easy, especially if the organizations culture and orthodoxy does not accept change easily. Covering lessons learned from the perspective of an information security practitioner who has spent her career building security programs, we will look at the lessons learned on challenges and opportunities associated with implementing an information security program, addressing technical, security and business risks.
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
This presentation is to provide IT departments who have not leveraged their own data analytics skills for increasing the efficiency and effectiveness of compliance efforts to implement very low-cost solutions while achieving high returns on investment. Focusing on understanding how audit performs testing should assist IT organizations in designing their own compliance testing. Multiple examples will be provided to demonstrate how unlocking the potential of small and/or unstructured data and focusing on data relationships will improve overall data integrity and provide quantifiable measures of operational effectiveness.
Sam Herath - Six Critical Criteria for Cloud Workload Security
Modern elastic cloud infrastructure is fundamentally breaking traditional security approaches. Public cloud has no natural perimeter and network segmentation leaving individual cloud servers exposed. In private cloud, malicious East-West traffic inside the network is a serious threat. As new workloads are added and retired dynamically, change control is difficult, and updating granular firewall rules and security policies becomes a risky, manual process. Join us and learn the 6 Critical Criteria to secure your public, private or hybrid cloud – on-demand, anywhere, at any scale.
More from centralohioissa (20)
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chain
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictions
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
Recently uploaded
20240607 QFM018 Elixir Reading List May 2024
Everything I found interesting about the Elixir programming ecosystem in May 2024
Presentation of the OECD Artificial Intelligence Review of Germany
Consult the full report at https://www.oecd.org/digital/oecd-artificial-intelligence-review-of-germany-609808d6-en.htm
Things to Consider When Choosing a Website Developer for your Website | FODUU
Choosing the right website developer is crucial for your business. This article covers essential factors to consider, including experience, portfolio, technical skills, communication, pricing, reputation & reviews, cost and budget considerations and post-launch support. Make an informed decision to ensure your website meets your business goals.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays, June 2024 with Maria Copot 20
HCL Notes and Domino License Cost Reduction in the World of DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
June Patch Tuesday
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Infrastructure Challenges in Scaling RAG with Custom AI models
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
In this blog post, we'll delve into the intersection of AI and app development in Saudi Arabia, focusing on the food delivery sector. We'll explore how AI is revolutionizing the way Saudi consumers order food, how restaurants manage their operations, and how delivery partners navigate the bustling streets of cities like Riyadh, Jeddah, and Dammam. Through real-world case studies, we'll showcase how leading Saudi food delivery apps are leveraging AI to redefine convenience, personalization, and efficiency.
Generating privacy-protected synthetic data using Secludy and Milvus
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Taking AI to the Next Level in Manufacturing.pdf
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Artificial Intelligence for XMLDevelopment
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Building Production Ready Search Pipelines with Spark and Milvus
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Recently uploaded (20)
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Tre Smith - From Decision to Implementation: Who's On First?
- 1. From Decision to Implementation… who’s on first?
- 2. Agenda The Challenge Governance Structures (NIST) Obstacles Know Your Audience Desired Outcomes
- 3. What to do with unmanaged risk? 3 s Physical Technology Administrative
- 4. Governance Structure 4 A common flow of information and decisions at the following levels within an organization: • Executive • Business/Process • Implementation/Operations
- 5. Risk Management to Implementation 5
- 6. Negative Influences Unrealistic Expectations Decentralized IT Resource Availability Architecture Limitations Priorities 6
- 8. Priorities cont… 8 Transform: Acquisitions, New Service Lines, Research and Development Grow: Do more with less, more revenue, Staff Development Run: Deploy new systems, upgrade applications, fix desktops, timesheets and status reports
- 9. What can you do? 9 Know your audience: • Executive • Business • Operations What’s your desired outcome at each level? Use words they understand…
- 10. Is it really top down? 10 Decisions Controls Each process is more linear with various stops and starts…
- 11. Who’s on first? 11 …You have to decide: Who do you need to talk to? What do you want to happen? How do you need to say it? Decisions Controls
- 12. Translation May WILL Be Required… 12 We need Advanced Malware Protection and Next Generation Firewalls!!! Your Boss Said…Deploy a Sandbox Tool!!! The Board Said…Stop the Bad Guys!!!
- 13. Try a different approach… 13 …You have to decide: Who do you need to talk to? What do you want to happen? How do you need to say it? REMEMBER: They all have different priorities!!!
- 14. Buy in…From Executive Level to Transform 14 Who do you need to talk to? Executive Level What do you want to happen? Documented support to invest in Next Generation Tools to combat current threats How do you need to say it? The bad guys are using more sophisticated attacks, I need IT Leaders to allocate resources to identify tools that will reduce our threat surface!!!
- 15. Resources…From the Business Level (Growth?) 15 Who do you need to talk to? Business Level What do you want to happen? Staff assigned to identify tools that will reduce our threat surface How do you need to say it? The Board expects IT Resources will be assigned to investigate tools that address the latest types of malicious attacks. I need to report back next month!!! Who can I work with?
- 16. Results…Operations…this is the NEW RUN!!! 16 Who do you need to talk to? Operations Level What do you want to happen? A tool is identified that will integrate well in our environment and address current threats. How do you need to say it? Your boss said get a list of tools that can be used to prevent/detect ransomware…I need the list in 2 weeks…
- 17. Governance Structure – New Outlook 17
- 18. Recap 18 1) Take the Time to Know your audience 2) Define your desired outcome before starting the conversation 3) Ask for what you want in terms that they understand 4) ACTIVATE YOUR SUPER POWER!!!
- 19. QUESTIONS? 19
Editor's Notes
- What your Sr. Leaders are told and expect doesn’t always equal what engineers and operators are able or willing to do???
- Much more of linear process that requires different information be shared at different times.
- At this point on your journey who’s actually in control? Just going in with the board said…blah blah blah, won’t get you very far.
- You’re able to be creative and leverage every the various levels of the governance to get the outcomes that you want…