This is a presentation I gave for the UQ Business School (in conjunction with Stan Gallo of KPMG) at the Urbane Restaurant to a group of Queensland CEO/C-Suite people. These dinners are part of UQ's engagement with the business community - a relationship we value. This engagement ensures we don't get all locked up in our ivory tower.
This ppt contains information about definition of computer & information security, types of attacks, services, mechanisms, controls and model for network security
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their
activities and provide E-Services for their customers. In the process, whether they know it or not, those
organizations are also opening themselves up to the risk of information security breaches. Therefore
protecting an organization’s ICT infrastructure, IT systems, and Data is a vital issue that is often
underestimated. Research has shown that one of the most significant threats to information security comes
not from external attack but rather from the system's users, because they are familiar with the
infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only
technological solutions to protect an organization’s assets is not enough; there is a need to consider the
human factor by raising users’ security awareness. Our contribution to this problem is to propose an
Information Security Awareness Program that aims at raising and maintaining the level of users’ security
awareness. This paper puts forward a general model for an information security awareness program and
describes how it could be incorporated into an organization’s website through the process of development
life cycle.
This is a presentation I gave for the UQ Business School (in conjunction with Stan Gallo of KPMG) at the Urbane Restaurant to a group of Queensland CEO/C-Suite people. These dinners are part of UQ's engagement with the business community - a relationship we value. This engagement ensures we don't get all locked up in our ivory tower.
This ppt contains information about definition of computer & information security, types of attacks, services, mechanisms, controls and model for network security
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their
activities and provide E-Services for their customers. In the process, whether they know it or not, those
organizations are also opening themselves up to the risk of information security breaches. Therefore
protecting an organization’s ICT infrastructure, IT systems, and Data is a vital issue that is often
underestimated. Research has shown that one of the most significant threats to information security comes
not from external attack but rather from the system's users, because they are familiar with the
infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only
technological solutions to protect an organization’s assets is not enough; there is a need to consider the
human factor by raising users’ security awareness. Our contribution to this problem is to propose an
Information Security Awareness Program that aims at raising and maintaining the level of users’ security
awareness. This paper puts forward a general model for an information security awareness program and
describes how it could be incorporated into an organization’s website through the process of development
life cycle.
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...AI Publications
In the current digital landscape, cybercriminals continually evolve their techniques to execute successful attacks on businesses, thus posing a great challenge to information technology (IT) professionals. While traditional cybersecurity approaches like layered defense and reactive security have helped IT professionals cope with traditional threats, they are ineffective in dealing with evolving cyberattacks. This paper focuses on the need for a proactive cybersecurity culture among IT professionals to enable them combat evolving threats. The paper emphasis that building a proactive security approach and culture can help among IT professionals anticipate, identify, and mitigate latent threats prior to them exploiting existing vulnerabilities. This paper also points out that as IT professionals use reactive security when dealing with traditional attacks, they can use it collaboratively with proactive security to effectively protect their networks, data, and systems and avoid heavy costs of dealing with cyberattack’s aftermaths and business recovery.
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODSierraware
Simplifying BYOD deployments while satisfying HIPAA and other healthcare regulations. Virtual Mobile Infrastructure with strong biometric authentication and 4096-bit encryption. Android-based VDI for mobile security.
IOSR Journal of Electronics and Communication Engineering(IOSR-JECE) is an open access international journal that provides rapid publication (within a month) of articles in all areas of electronics and communication engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in electronics and communication engineering. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Information Technology Security ManagementMITSDEDistance
The PGDM in Information Technology at MITSDE follows the curriculum set by the IT Management Institute,
providing thorough instruction delivered by seasoned professionals.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...AI Publications
In the current digital landscape, cybercriminals continually evolve their techniques to execute successful attacks on businesses, thus posing a great challenge to information technology (IT) professionals. While traditional cybersecurity approaches like layered defense and reactive security have helped IT professionals cope with traditional threats, they are ineffective in dealing with evolving cyberattacks. This paper focuses on the need for a proactive cybersecurity culture among IT professionals to enable them combat evolving threats. The paper emphasis that building a proactive security approach and culture can help among IT professionals anticipate, identify, and mitigate latent threats prior to them exploiting existing vulnerabilities. This paper also points out that as IT professionals use reactive security when dealing with traditional attacks, they can use it collaboratively with proactive security to effectively protect their networks, data, and systems and avoid heavy costs of dealing with cyberattack’s aftermaths and business recovery.
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODSierraware
Simplifying BYOD deployments while satisfying HIPAA and other healthcare regulations. Virtual Mobile Infrastructure with strong biometric authentication and 4096-bit encryption. Android-based VDI for mobile security.
IOSR Journal of Electronics and Communication Engineering(IOSR-JECE) is an open access international journal that provides rapid publication (within a month) of articles in all areas of electronics and communication engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in electronics and communication engineering. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Information Technology Security ManagementMITSDEDistance
The PGDM in Information Technology at MITSDE follows the curriculum set by the IT Management Institute,
providing thorough instruction delivered by seasoned professionals.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
2. Information Security Confidential
MSU Information Security Vision and Mission Statement
Vision
Diminish IT security risks to an acceptable level and
become the most effective IT function; enable the
University to make informed decisions based on risk.
Mission
Design, implement and maintain an information security
program that protects the University’s resources against
unauthorized use, modification and loss. Establish a
practical information security program that enables MSU to
be the best public research University in the world.
2
3. Information Security Confidential
Two-Factor Goals
• Safe guard MSU employee data
• Safe guard MSU HR/Payroll and Finance data
• Provide additional security on EBS applications to
prevent susceptibility to phishing attacks
3
4. Information Security Confidential
Information Security Risks for MSU
4
Who’s perpetrating
breaches?
How do breaches occur? What commonalities
exist?
*Verizon Data Breach Investigations Report – 2013
(+) Is an increase of 10% or greater from last year
(-) Is a decrease of 10% or greater from last year
5. Information Security Confidential
Payroll Incident Summary
5
• Millions of attempts to hack into MSU computer systems every day (>20 million
prevented during month of May 2014)
• Millions of SPAM and phishing scams every day, some faculty, staff, and students take the
bait
• Current safeguards in place:
– Email SPAM filtering – Over 5 million SPAM and phishing emails blocked per day
– Anti-virus installed on workstations
– Security awareness training
• Two Payroll Incident Examples
– October 2013 and March 2014
– Phishing emails are suspected of compromising the users’ EBS login credentials (user name and password)
– No breach of MSU systems/network appears to have occurred
– Risk currently mitigated by disabling online direct deposit changes
• People and process changes recommended to further improve prevention, detection,
and response
Context:
6. Information Security Confidential
Addressing Security Risks at MSU
6
Two-Factor
Authentication
Security Policy
Dedicated
Incident
Response
Security
Awareness
Security Incident
and Event
Management
Vulnerability
Management
Defense in Depth Approach
– Multiple layers of controls to reduce overall risk
Business enablement combined with risk reduction
7. Information Security Confidential
Two-Factor Authentication Overview
7
Two-factor authentication requires the use of two of the
three authentication factors:
Something only the user:
1. Knows (e.g. password, PIN, secret answer)
2. Has (e.g. ATM card, mobile phone, hard token)
3. Is (e.g. biometric – iris, fingerprint, etc.)
9. Information Security Confidential
How Two-Factor Authentication Helps
Credentials are commonly stolen through:
– Phishing attacks targeted at MSU
– Third-party sites compromised and same username/password
used for MSU applications
• Adobe, Yahoo, LinkedIn, Forbes, Zappos, and eHarmony were breached
in past year, 32 million usernames and passwords stolen
– 15,000+ users registered with MSU email addresses, unknown how many
used MSU password to register with these sites
Two-factor authentication prevents attackers from
accessing your account even if they obtain your username
and password.
9
10. Information Security Confidential
Two-Factor Strategy at MSU
• Second Factor will be a“soft” Token
• Identify an Industry Leader for the Two-Factor
Components
• Enhance MSU’s single sign-on solution (Sentinel) to
integrate with Industry Leaders Solution to provide Two-
Factor
• Enable Two-Factor for EBS applications (portal, HR,
Payroll, Finance, BI) for all current employees.
10
11. Information Security Confidential
Multiple deployment options available for MSU users:
1. Mobile application
2. SMS text message
3. Voice call made to desk, mobile, or home phone
Two-Factor Authentication Deployment Options
11
12. Information Security Confidential
Appendix A – Scope diagram
12
Sentinel
Portal
Case 1, Step 2
Cognos
Case 2, Step 2
KFS
Case 2, Step 2
ECC
STUINFO
Case 1, Step 1
SAP Internal Login
Out of Scope
XI/PI
MSUEDW
SAP Internal Login
In Scope
Case 1: User logs into EBS Portal
1. Authenticate in Sentinel
2. Routed to EBS Portal
3. Navigate to other EBS applications
Basis Team & HR/
Payroll Power Users –
Central Payroll and
BAS Team
Case 1, Step 3
Case 1, Step 3
Case 1, Step 3
Case 2: User logs directly into EBS
application
1. Authenticate in Sentinel
2. Routed to EBS application
Vision – What we would like to achieve
Acceptable Level –
We aren’t building Fort Knox (pic)
Not implement myself out of a job.
Implement enough security controls to reach an acceptable level, doesn't have to be 0 risk
Most Effective – bold goal, be service oriented
Security is an IT function
Not there to police, but to partner and collaborate
Enable - Support Bolder by Design Initiative
Not a roadblock
People seek me out for advice/guidance – not afraid to have me involved in fear of slowing projects down
Business within a business – everyone is our customer