“Wearables” are all around us. From fitness trackers to smart watches, many people are using these devices to monitor their health. Of course, we’ve had other types of portable health devices for quite a while including automated insulin pumps and pacemakers. These devices use various communication methods… but do we know what personal data is being communicated and how it’s shared? We will look at the current state of health and fitness wearables and portables and discuss where things are going.
Discuss the current state of health and fitness wearables.
Review privacy and security considerations for wearables and fitness apps.
Consider the implications and futures for health and fitness devices.
An introduction so various technologies for parents. Included are: Home Computers, Viruses, Safe Web Surfing, Social Networks, Cell Phones and Texting, and Reputation Management.
Tech-Smart Parents and Preschoolers
There's plenty of focus on safety for teens and pre-teens online. But what about the youngest techies? Did you know that over 6% of kids in the US have social network profile... at birth! How do online technologies effect preschoolers? We’ll talk about: your home computer, tablets and smartphones, web surfing, games and social networks. This talk is for digital natives, digital immigrants, parents, or anyone who would like to learn more about these technologies!
CISOs are from Mars, CIOs are from VenusBarry Caplin
Most organizations have a CIO; many have a CISO. These key leadership positions often approach solutions differently and have different motivations. The CIO must deliver IT, automation, innovation and efficiency. The CISO is tasked with assuring adherence to security frameworks and regulatory standards, and protecting against, and responding to, vulnerabilities and incidents. These mandates can conflict. And often the CISO reports to the CIO. We will take a light-hearted look at questions including: What are the issues?; Are CISOs and CIOs from different planets?; Can we align to meet critical business needs, deliver value and protect the organization?
"What Could Go Wrong?" - We're Glad You Asked!Shawn Tuma
Dallas cybersecurity and data privacy attorney Shawn Tuma delivered this presentation on social media law to Social Media Breakfast on February 22, 2018.
Embracing the IT Consumerization Imperative NG SecurityBarry Caplin
Consumerization and mobility in the enterprise – and our daily lives – is not only here to stay, but its footprint and influence is expanding. What does the broader consumerization and mobile environment look like? How do you assess the drivers for adoption and the cost/benefit of a mobile-enabled organization?
Join us for this session to get an understanding of how a large state government agency took a proactive approach to enablement that ultimately set them ahead of the security challenges, rather than behind.
An introduction so various technologies for parents. Included are: Home Computers, Viruses, Safe Web Surfing, Social Networks, Cell Phones and Texting, and Reputation Management.
Tech-Smart Parents and Preschoolers
There's plenty of focus on safety for teens and pre-teens online. But what about the youngest techies? Did you know that over 6% of kids in the US have social network profile... at birth! How do online technologies effect preschoolers? We’ll talk about: your home computer, tablets and smartphones, web surfing, games and social networks. This talk is for digital natives, digital immigrants, parents, or anyone who would like to learn more about these technologies!
CISOs are from Mars, CIOs are from VenusBarry Caplin
Most organizations have a CIO; many have a CISO. These key leadership positions often approach solutions differently and have different motivations. The CIO must deliver IT, automation, innovation and efficiency. The CISO is tasked with assuring adherence to security frameworks and regulatory standards, and protecting against, and responding to, vulnerabilities and incidents. These mandates can conflict. And often the CISO reports to the CIO. We will take a light-hearted look at questions including: What are the issues?; Are CISOs and CIOs from different planets?; Can we align to meet critical business needs, deliver value and protect the organization?
"What Could Go Wrong?" - We're Glad You Asked!Shawn Tuma
Dallas cybersecurity and data privacy attorney Shawn Tuma delivered this presentation on social media law to Social Media Breakfast on February 22, 2018.
Embracing the IT Consumerization Imperative NG SecurityBarry Caplin
Consumerization and mobility in the enterprise – and our daily lives – is not only here to stay, but its footprint and influence is expanding. What does the broader consumerization and mobile environment look like? How do you assess the drivers for adoption and the cost/benefit of a mobile-enabled organization?
Join us for this session to get an understanding of how a large state government agency took a proactive approach to enablement that ultimately set them ahead of the security challenges, rather than behind.
Data and Ethics: Why Data Science Needs OneTim Rich
This was a talk I gave at SXSW 2016. It outlines the current state of applied ethics in data science as a profession. Describes key reasons a code should be constructed and also proposes a framework to begin discussion.
The Reputation Economy: Protecting your most valuable asset in the age of GoogleKR_Barker
In its early days the Internet was often referred to as “the wild West” due to the lack of standards governing it. Though the Internet is somewhat more settled these days, one thing that still harkens back to the days of cattle ranchers and train robbers is reputation. In the age of Google, reputations can be ruined by those with genuine grievances and those with grudges alike. Would you know how to defend your reputation or that of your institution should it come under fire? Join Kimberley Barker for a closer look at the good, the bad, and the ugly of life in the reputation economy, and learn about practical steps that you can take to safeguard your good name.
In its early days the Internet was often referred to as “the wild West” due to the lack of standards governing it. Though the Internet is somewhat more settled these days, one thing that still harkens back to the days of cattle ranchers and train robbers is reputation. In the age of Google, reputations can be ruined by those with genuine grievances and those with grudges alike. Would you know how to defend your reputation or that of your institution should it come under fire? Join Kimberley Barker for a closer look at the good, the bad, and the ugly of life in the reputation economy, and learn about practical steps that you can take to safeguard your good name
Coverage of the following topics: Tech growth, social media, Internet of things, how business are using social media in HR, how people expose their information online, privacy, the ramifications of your online life, how criminals, terrorist, governments and organizations use your online information, cyberbullying, data breaches, and Hacktivisim.
The presentation entitled “Social Networking, Privacy Policies, and Security Risks: How to Protect Your Personal Information Online” was specifically created for teens between 7th and 12th grades. The materials discuss ways that teenagers can negotiate social networking sites while protecting their personal information, instruction on privacy policies (how to read them, and what they mean), and how to deal with a variety of security risks like spyware and phishing.
Created by IAPP and Intel. Licensed under Creative Commons Attribution 3.0 Unported
Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017FourthAsAService
Part of the Fourth Amendment as a Service Workshops - @4thasaservice and www.fourthamendmentasaservice.org
This workshop will discuss matters of online privacy, your rights to privacy, protecting yourself from stalking, and more. We will incorporate live walkthroughs of how to install and configure popular privacy tools and demonstrate common ways to communicate in a safe, secure, and legal manner if you feel you are being targeted unfairly or illegally by people looking to do you harm.
Speakers
Ean Meyer – Course Director, Cloud Technologies
Jack Norman – Course Director, Cloud Technologies
Moderator: Jay Bunner – Program Director, Cloud Technologies
Introduction to Digital Life (March 2017)KR_Barker
Many people are surprised to learn that, even though they don’t participate on social media and only use their computers for work, they have a digital life. This is partly because publicly-available information about you is collected from the internet, and this information is used by companies to create records about you. Join Kimberley Barker for an overview of topics such as digital privacy, online reputation management, personal branding, and online identity.
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesThe Lorenzi Group
HR Executives are faced with greater risks than ever before when it comes to data security and employee behaviors. This is an overview of processes and emerging risks. Presentation Highlights:
KEEP passwords and data private
Greatest risk is from the inside
Spoliation risks in legal matters
Security Analytics and Employee Monitoring
When we speak of the digital self, we are referring to the self as it exists in digital realms. This varies depending on the individual, since some of us prefer to live online under a pseudonymous or anonymous persona, apart from our physical selves, and others consider the digital to be a more holistic identity that goes beyond the physical.
El ciclo de conferencias sobre planificación de medios, permitió que estudiantes de Publicidad conocieran sobre esta materia tan relevante en el desarrollo de la industria.
Konzept für eine mobile Kampagne für tagesschau.de und die Tagesschau in 100 Sekunden
Semesterarbeit für den Kurs Introduction to Mobile Media Technologies
Data and Ethics: Why Data Science Needs OneTim Rich
This was a talk I gave at SXSW 2016. It outlines the current state of applied ethics in data science as a profession. Describes key reasons a code should be constructed and also proposes a framework to begin discussion.
The Reputation Economy: Protecting your most valuable asset in the age of GoogleKR_Barker
In its early days the Internet was often referred to as “the wild West” due to the lack of standards governing it. Though the Internet is somewhat more settled these days, one thing that still harkens back to the days of cattle ranchers and train robbers is reputation. In the age of Google, reputations can be ruined by those with genuine grievances and those with grudges alike. Would you know how to defend your reputation or that of your institution should it come under fire? Join Kimberley Barker for a closer look at the good, the bad, and the ugly of life in the reputation economy, and learn about practical steps that you can take to safeguard your good name.
In its early days the Internet was often referred to as “the wild West” due to the lack of standards governing it. Though the Internet is somewhat more settled these days, one thing that still harkens back to the days of cattle ranchers and train robbers is reputation. In the age of Google, reputations can be ruined by those with genuine grievances and those with grudges alike. Would you know how to defend your reputation or that of your institution should it come under fire? Join Kimberley Barker for a closer look at the good, the bad, and the ugly of life in the reputation economy, and learn about practical steps that you can take to safeguard your good name
Coverage of the following topics: Tech growth, social media, Internet of things, how business are using social media in HR, how people expose their information online, privacy, the ramifications of your online life, how criminals, terrorist, governments and organizations use your online information, cyberbullying, data breaches, and Hacktivisim.
The presentation entitled “Social Networking, Privacy Policies, and Security Risks: How to Protect Your Personal Information Online” was specifically created for teens between 7th and 12th grades. The materials discuss ways that teenagers can negotiate social networking sites while protecting their personal information, instruction on privacy policies (how to read them, and what they mean), and how to deal with a variety of security risks like spyware and phishing.
Created by IAPP and Intel. Licensed under Creative Commons Attribution 3.0 Unported
Online Privacy - What everyone should know - Full Sail Hall of Fame Week - 2017FourthAsAService
Part of the Fourth Amendment as a Service Workshops - @4thasaservice and www.fourthamendmentasaservice.org
This workshop will discuss matters of online privacy, your rights to privacy, protecting yourself from stalking, and more. We will incorporate live walkthroughs of how to install and configure popular privacy tools and demonstrate common ways to communicate in a safe, secure, and legal manner if you feel you are being targeted unfairly or illegally by people looking to do you harm.
Speakers
Ean Meyer – Course Director, Cloud Technologies
Jack Norman – Course Director, Cloud Technologies
Moderator: Jay Bunner – Program Director, Cloud Technologies
Introduction to Digital Life (March 2017)KR_Barker
Many people are surprised to learn that, even though they don’t participate on social media and only use their computers for work, they have a digital life. This is partly because publicly-available information about you is collected from the internet, and this information is used by companies to create records about you. Join Kimberley Barker for an overview of topics such as digital privacy, online reputation management, personal branding, and online identity.
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesThe Lorenzi Group
HR Executives are faced with greater risks than ever before when it comes to data security and employee behaviors. This is an overview of processes and emerging risks. Presentation Highlights:
KEEP passwords and data private
Greatest risk is from the inside
Spoliation risks in legal matters
Security Analytics and Employee Monitoring
When we speak of the digital self, we are referring to the self as it exists in digital realms. This varies depending on the individual, since some of us prefer to live online under a pseudonymous or anonymous persona, apart from our physical selves, and others consider the digital to be a more holistic identity that goes beyond the physical.
El ciclo de conferencias sobre planificación de medios, permitió que estudiantes de Publicidad conocieran sobre esta materia tan relevante en el desarrollo de la industria.
Konzept für eine mobile Kampagne für tagesschau.de und die Tagesschau in 100 Sekunden
Semesterarbeit für den Kurs Introduction to Mobile Media Technologies
A sermon from the Narrative Lectionary 1 Kings 12. The story of Rehoboam illustrates how greed and arrogance can destroy a nation. The antidote to this is to become a servant leader.
These slides were created to accompany our Bible Study series Beyond Belief: Exploring the Character of God, Session 3, God is Always Just" by Freddy Cardoza.
CDC invited a few companies to come together in a design thinking session in DC to explore how a better suit could prevent the spread of Ebola for medical professionals. Armed with our sketch pads and sewing neddles, we participated in this two day event.
Britain 2012 and the implications for government communicationIpsos UK
Ben Marshall and Matthew Taylor presented at the Government Communication Network's free event "Britain 2012: Who Do We Think We Are?" in central London. They used our Britain 2012 research to discuss the range of fit-for-purpose communication and research tools to make sense of, and change, society.
The goal of this session is to understand the fundamentals of augmented reality (AR) and experiment with the latest AR apps on the market for inspiration. We also did quick brainstorming exercises using AR technology to solve different challenges.
Breaking the Impasse:Balancing the Interests of Public Health & Housing in Af...Urban Habitat
The interests of public health and affordable housing are often aligned since affordable housing is an important determinant of health. In the case of infill development projects, however, there are health tradeoffs: most available sites for affordable housing are close to heavily trafficked roadways and mitigations for environmental health issues raise the cost of housing. This panel will discuss the real trade-offs inherent in decisions around affordable infill housing and try to come to an understanding of what all sides can ask for to meet housing needs and protect health and well-being.
Panelists:
Rajiv Bhatia, Physician and Preventative Medicine Practitioner
Catalina Garzon, Program Director, Pacific Institute
Lisa Motoyama, Director of Housing Development, Resources for Community Development
Moderator:
Tracy Zhu, Associate, Ditching Dirty Diesel & Current BCLI Fellow
Co-Sponsor:
Lili Farhang & Jonathan Heller, Human Impact Partners
SEO Research Survey: Common SEO Assumptions and Real User FeedbackEli Schwartz
SurveyMonkey Audience launched a research project to discover what regular users think about SEO(search engine optimization) basics.
The survey asked common questions like Google vs Bing but also asked deeper questions meant to understand the value of guest posts from a user standpoint. Some of the topics addressed by the SEO research are: social media (specifically Facebook, Twitter and Google Plus, ccTLD, links with or without anchor text, and the reasons user might bounce from a page.
All the raw survey data is freely available and linked in presentation, so feel free to come up with your own insights!
More info here: http://bit.ly/12kS2DfSlide
Gartner Supply Chain Executive Conference 2013
Sponsored by Gartner Learn details about Gartner's upcoming Supply Chain Executive Conference in September and how it offers the objective guidance and expertise today's supply chain proficiency demands.
ref >> www.techtarget.com
Speakers: Sheila Colclasure, Global Privacy and Public Policy Executive, Acxiom
The Digital Health Summit, produced by Living in Digital Times, convenes one of the broadest spectrum of health care and technology audiences in the world. The Summit features innovations and advancements in genomics, diagnostics, wearables, telehealth and more in the mobile health market which is expected to reach $26 billion by 2017. This is a must see event each year that takes place at the International Consumer Electronics Show (CES) in Las Vegas.
Website: Http://www.digitalhealthsummit.com
Twitter: http://www.twitter.com/dhsummit
Hashtags: #digitalhealthces #ces2016
Photos: https://www.flickr.com/digitalhealthsummit
How do you make an inanimate object “smart”? You put a chip in it! And then you connect it to the global internet! These chips run what is typically called an embedded operating system – a Windows, unix or Linux variant, or something custom made. Because these chips are embedded in power grid equipment, medical equipment, appliances or even people, updates and patches are problematic. The Internet of Things (IoT) is growing at a rate 10-times that of standard computers. A typical hospital/clinic system may have 4-5 times as many smart connected medical devices as computers. The Dreaded Embedded refers to the proliferation of vulnerabilities associated with these devices. What are the security and privacy concerns of these devices? What about FDA and other regulatory compliance? And how do we deal with these devices as part of an information security program?
While insider threat is a reality, more problems are caused by mistakes. Workers are stressed and need to get the job done. These “accidental insiders” may be dealing with unclear process, security controls that aren’t well planned, or are just trying to get something done for the customer.
In this session we will discuss: How internal process, policy and technical environment can lead to mistakes; Appropriate levels of access control, and; What we can do proactively to prevent these kinds of problems.
Secure360 5-11-11
Capella University webcast 3-18-13
The mobile health IT security challenge: way bigger than HIPAA?Stephen Cobb
The potential benefits of mobile medical technology and telemedicine are enormous, from better quality of life to saving lives, not to mention controlling healthcare costs. Yet keeping data safe when it is beyond the confines of hospitals and clinics is a serious challenge, one that cannot be met merely through regulatory compliance. In these slides I show why HIPAA compliant is not the same as being secure, and why protecting health data on mobile devices is a such a big security challenge.
Big Data and Big Law at Walmart - StampedeCon 2013StampedeCon
At the StampedeCon 2013 Big Data conference in St. Louis, Anthony Martin, Chief Privacy and Information Security Counsel at Walmart, presented Big Data and Big Law at Walmart. This is the story of one global, multichannel company’s walk through the increasingly complicated Legal, Compliance, Security maze while trying to recognize the implicit value of Big Data programs.
Sdal air health and social development (jan. 27, 2014) finalkimlyman
The American Institutes for Research (AIR) and Virginia Tech are collaborating to explore and develop new approaches to combining, manipulating and understanding big data. The two are also looking at how big data analytics can help answer questions critical to solving issues in education, workforce, health, and human and social development. They held two workshops on January 7 and 27, 2014- the first on Education and Workforce Analytics and the second on Health and Social Development Analytics.
Privacy Secrets Your Systems May Be TellingRebecca Leitch
Privacy has overtaken security as a top concern for many organizations. New laws such as GDPR come with steep fines and stringent rules, and more are certainly to come. Attend this webcast to learn how everyday business operations put customer privacy data at risk. More importantly understand best practices on protecting this data and dealing with disclosure requirements. Topics include:
* Types of privacy and threats to them
* How is privacy different than security?
* Business systems putting you most at risk
Privacy has overtaken security as a top concern for many organizations. New laws such as GDPR come with steep fines and stringent rules, and more are certainly to come. Attend this webcast to learn how everyday business operations put customer privacy data at risk. More importantly understand best practices on protecting this data and dealing with disclosure requirements. Topics include:
* Types of privacy and threats to them
* How is privacy different than security?
* Business systems putting you most at risk
Modern Privacy
Call for action for stakeholders to ensure privacy in healthcare solutions
Presented during the Modern Privacy Symposium at Bentley University in Boston on June 10th, 2019
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
This is the security awareness presentation which I will be giving to Quartz Health Solutions, on October 24, 2018. If focuses in on three areas: information security best practices for work, at home, and also contains some tips for kids. Topics include: PHI, ePHI, HIPAA, Identity Theft, Social Engineering, phishing, password management, malware, insider threats, social networks, and mobile devices.
The objective of this module is to gain an overview of the ethics surrounding big data and the legislation that governs it.
Upon completion of this module you will:
- Gain knowledge on how to recognize the necessity of regulating big data
- Obtain an understanding of the difference between privacy and data protection
- Understand the need to implement data protection actions into your own business
The number of at-risk youth in children and family services care is staggering. Programs and facilities within juvenile justice, foster care, psychiatric care, and residential care have a tremendous responsibility for these youth, yet lack cutting-edge tools to simplify data collection, standardize reporting and monitor outcomes to gain actionable insights.
To help improve youth care organizations facing these challenges, Qualtrics---provider of the world’s leading research and insights platform---has partnered with Multi-Dimensional Education Inc. (MDed) to offer the Multi-Dimensional Youth Assessment 360 (MDYA 360).
Today’s webinar dives deeper into the issues these facilities face and, more importantly, how the MDYA 360 can address them. Key topics include:
Challenges within the At-Risk Youth Sector
Overview of the MDYA 360 Methodology and Solution
Preview of the MDYA 360 and Reporting
Q&A
What’s the value of a stolen healthcare record? The healthcare sector has traditionally lagged behind other industry sectors in cybersecurity. HIPAA, the primary regulatory standard for healthcare, focuses on confidentiality of personal health information (PHI). Is that the right focus? In this session we’ll cut through the hype to understand what’s happening in healthcare security. However, this is not just a story about healthcare…we can apply the same lessons to any industry sector.
Key learning points:
What are the issues that cause the healthcare sector to lag other industry sectors in healthcare?
What's wrong with HIPAA and what needs to be done?
How can we use the NIST Cybersecurity Framework to build a comprehensive security program for healthcare?
With new and renewed attacks against our organizations, Incident Response and Management needs to be a core part of your Information Security program.
Doing only what’s worked in the past and focusing on “preventing” breaches in not a viable tactic. We need to focus broadly on proactive, detective and responsive measures. We need to provide leadership when things go wrong.
Incident Response and Management could be one of the most important parts of a security program because "when" it happens, how we respond to minimize the impact can make a huge different both for the patients/customers and the organization.
With new and renewed attacks against our organizations, Incident Response and Management needs to be a core part of your Information Security program.
Doing only what’s worked in the past and focusing on “preventing” breaches in not a viable tactic. We need to focus broadly on proactive, detective and responsive measures. We need to provide leadership when things go wrong.
Incident Response and Management could be one of the most important parts of a security program because "when" it happens, how we respond to minimize the impact can make a huge different both for the patients/customers and the organization.
Passwords are the main authentication method used for internet sites and applications. But passwords get stolen and have many weaknesses Here are tips you can use at home and at work to protect your information.
The CISO Guide – How Do You Spell CISO?Barry Caplin
I recently became a new CISO. Well, the CISO position is new to the org, as am I, but I am not new to the CISO role. I came in with a plan and am executing on that plan. This talk is targeted at: new CISOs, organizations considering a CISO position, any security professional looking to get to the “next level”, or anyone considering remaking their security program.
Bullying and Cyber Bullying – from the classroom to the chatroom
Bullying is a difficult problem that far too many kids, and their parents, face. This has been with us for a long time. Nearly every child knows someone, or knows of someone, who has been bullied. With advances in communications, technology, smartphones and digital cameras, the problem has grown to be 24x7, and follows kids home. With events like Facebook’s anti-bullying campaign and well-publicized teen suicides resulting from bullying on Ask.fm, this issue has been prominent in the mainstream media. Join us for this unique discussion as we look at the psychological and technological issues surrounding modern bullying.
Passwords weakness has been in the news again lately. But we have known for some time that passwords alone are not a good authentication or access control mechanism. Strong and practical authentication is very challenging. There are “strong” schemes, but they often don’t work well for users. Security practitioners are familiar with the 3 factors of authentication: something you know; something you have, and; something you are. Each of these have fundamental flaws. I like to think of them as: something you forgot; something you lost, and; something you were!
We will take a look at the current state of authentication, examine weaknesses in authentication factors, introduce the fourth factor of authentication and consider some solutions.
It’s an online world. Most adults, and even teens, need to have online accounts for banking, shopping, communications, entertainment and social networks. Even many children have online lives. With all this online activity, how we keep ourselves and our families safe? How can we protect our private information? In this session we will discuss the advantages and dangers of our online lives. We will review practical tips for avoiding common mistakes. We will look at passwords, website safety, email and phishing, social networks and mobile devices. You can decrease the risks in our online world!
Many CISOs come from more of a technical, rather than a business, background. However, we need to be able to communicate with Senior Management, business-area leaders and users who are usually not technologists. In this talk we will look at some of the common topics CISOs need to cover and discuss how to rephrase the messages to better reach a business-oriented audience. We will discuss: How to think about security risks in a way business personnel do; How to translate technical security topics into more business-friendly language, and; How to reach a broader audience with the information security message.
IT Consumerization – iPad’ing the Enterprise or BYO Malware?Barry Caplin
Companies are increasingly encouraging employees to purchase their own devices such as smartphones, tablets and laptops to use at work according to a recent survey by CIO magazine. The acronyms BYOC and BYOD (like Bring Your Own Beer - Bring Your Own Computer/Device) have become mainstream technology terms. But what does BYOD mean for the enterprise? Can we mix personally owned devices and enterprise workstations/cellphones in our environment? How do we control configuration and data on personal devices? What about malware and other security concerns? What about improper disclosure of private data and intellectual property? And how will staff get work done when they are busy playing Angry Birds?
Is BYOD the flavor of the week or is the future of end-user hardware? Regardless of how security leaders may feel about the concept, we need to be prepared. We must understand what is driving BYOD, how it may, or may not, fit our environments, and have policy and tools ready.
In this interactive session we will discuss: What is IT Consumerization/BYOD? What are the benefits and concerns? Is there a cost savings? What are the Security concerns - BYOMalware? How do we protect data? And how can I start BYOD in my organization?
And yes, you can Bring Your Own Devices to this session!
Secure360 05-13-2013.
2011 may be the "year of the handheld". That is unless 2010 was! iPad sales exceeded all expectations in 2010. For the holiday season, many manufacturers came out with (and are coming out with) tablets. iPhones and Android devices can be seen everywhere... including the office. That means that people want to use these personal devices for work for a variety of reasons: they are more convenient; might be more powerful than company-issued gear; easy interfaces; they can carry less equipment, but, perhaps most importantly; these devices are finally like "real" computers. But use of these personally owned devices bring all kinds of security concerns including data leakage and vulnerabilities in these newer operating systems and apps.
We'll take a look at the convergence of mobile and desktop computing devices, security concerns and discuss some potential solutions.
Session Learning Objectives: 1. Define the convergence of mobile and desktop computing devices. 2. Discuss the tablet phenomenon. 3. Review security concerns with the use of these devices, particularly employee-owned. 4. Discuss possible solutions.
Cell phones, smart phones, tablets… FaceBook, Twitter, texting… the Internet and social networks are hardly new to our kids. New sites and features are being created all the time. New phones make these sites and services available to our kids anywhere, anytime. In this interactive talk we will discuss the basics of internet social networks, how our kids interact online, how they use mobile technology, and what we need to know to keep up.
Laws of the Game For Valley United Soccer Club travel soccer refsBarry Caplin
training on the FIFA/USSF youth soccer Laws of the Game as modified for the MN Youth Soccer Assn (MYSA) for travel soccer refs. Valley United Soccer Club is the travel soccer club in Apple Valley, MN. See http://www.vusc.org/ for more info.
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refsBarry Caplin
training on the FIFA/USSF youth soccer Laws of the Game as modified for Valley Athletic Assn (VAA) Community soccer refs. Valley Athletic Association is the community and travel sports governance body in Apple Valley, MN. see http://www.valleyathletic.org/
Internet Safety for Families and ChildrenBarry Caplin
The Internet is a useful and important part of our daily lives. Many can't
remember how we handled even the most mundane tasks without online
assistance. How did we even survive when we were kids? :-) However, along
with the good, there is bad. Children and teens (but not their parents!) are
very well versed in using the Internet, including web pages, blogs,
uploading and downloading information, music and photos, etc. They are also
trusting. This presentation will give an overview of the Internet and the
inherent dangers. Learn the realities and dangers of ``virtual communities''
websites your kids frequent like Xanga.com, MySpace.com and FaceBook.com.
Learn about the persistence of information on the net and Google hacking.
Learn the differences between a wiki, blog, Instant Messaging, text
messaging, and chat. Learn the Internet slang, key warning signs, and tips
for Parents and Kids. This talk is for anyone who has a child, who knows a
child, or who ever was a child!
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Wearing Your Heart On Your Sleeve - Literally!
1. Celebrating a decade
of guiding security
professionals.
@Secure360 or #Sec360 www.Secure360.org
Wearing My Heart on My Sleeve…
Literally!
Barry Caplin
Tues. May 12, 2015, 11A
2. Wearing My Heart On
My Sleeve…
Literally!
Secure360
Tues. May 12, 2015
bcaplin1@fairview.org
bc@bjb.org @bcaplin
http://about.me/barrycaplin
http://securityandcoffee.blogspot.com
Barry Caplin
VP, Chief Information Security Officer
Fairview Health Services
20. Example TOS/Privacy – Fitness device
• 13 or older
• Account with valid email
• Rules about posting content
• You own your content
• Use at your own risk
• Consult doctor before exercising
• “Use Common Sense”/Wear & Care – skin
• 3rd
party disclaimer
• Indemnity
• Limitation of Liability/Dispute Resolution
21. Example TOS/Privacy – Fitness device
• Only collect data useful to improving products, services,
experience
• Transparency
• Never sell PII (can opt-in)
• Take security seriously
• Info:
• Email address, pw, nickname, dob
• Oauth: name, profile pic, friend list, phone contact list (friend id – not saved)
• Web logs incl. IP
• Cookies – don’t honor DNT – AppNexus, DataXu, DblClick, Google AdWords,
AdRoll, Twitter, LiveRamp, Advertising.com, Bidswitch, Facebook, Genome,
SearchForce
• Analytics – Mixpanel, Google Analytics, New Relic, KissInsights, Optimizely
• Friends’ contact info
• Location – GPS, WiFi APs, cell tower IDs
22. Example TOS/Privacy – Fitness device
• De-Identified data -> health community, marketing,
for sale
• PII shared with:
• Order fulfillment, email mgmt., CC processing firms
• Legal or Gov’t request
• Merger, sale or reorg
• Anyone user specifies (third party apps)
23.
24. Who’s Watching?
2014 FTC report on Data Brokers
•Combine online & offline – often without consent
- Purchases
- Social Media
- Warranty info
- Subscriptions
- Affiliations
•They share
•Analysis creates Inference
•Regulation proposed
25. Data Brokers collect
• Basic ID data – name, address
• ++ – ssn, license #
• Demographics – A/S/L, race, employment, religion
• Court records – bankruptcy, criminal, domestic
• Home/Neighborhood – rent/loan info
• Interests
• Financial – credit, income, net
• Vehicle – brand, new/used
• Travel – preferences
• Purchase behaviors
• Health – tobacco, allergies, glasses, supplements
26. De-Identi-what?
• 2000 study – 87% census ID’d using: zip, d.o.b., gender
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006
• 2013 – 40% of genome participants ID’d
• 2008 – 80% ID’d using when/how for 3 Netflix ratings
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=4531148
• Feb deal between Facebook, Acxiom and other data
brokers
−Acxiom data linked to 90% of US social profiles
• MIT – 4 phone position samples to link to specific person
http://www.technologyreview.com/news/513016/how-wireless-carriers-are-monetizing-your-
movements/
https://epic.org/privacy/reidentification/ + MIT + UCLA
28. Data Exfil
• Data explicitly given
• Implicitly but known (phone, Google Now)
• Implicitly but unknown
• Transitive Consent
29. Is Privacy Dead?
• Just the definition!
• Privacy is about control
• You must have the ability to decide:
− What
− When
− How, and
− With whom
You share your personal data
• What’s in it for you
30. “Magic Quadrant” of Data Leak Pain
No/Yes Huh?
Unknown
Choice
Known
How
Much
31. Future Shock
• Msoft/U of Rochester (NY)
• GPS + vehicle data
• Where you will be 80 weeks from now – 80%
confidence
http://www.cs.rochester.edu/~sadilek/publications/Sadilek-Krumm_Far-Out_AAAI-12.pdf
32. Security Challenges
Exposure of data
Leakage of data – sold, donated, tossed,
repaired drives
Poor Design/Protocols
Malware
Integrity
Availability
But don’t we have all this now???
35. At Work
• Wearable = portable = stealable
• What data
• How stored – device, phone, computer, component,
cloud
• How backed up (cloud)
• Encryption available?
• Location
• Medical, health info on staff
• Additional info exposure – opportunities for social
engineering
36. For Work?
• BYOW?
• Employer-provided?
− Badge
− Smartphone
− Glass?
− RTLS?
− Health/fitness monitoring?
− Time – Desk, Meetings, Bathroom, Break, Lunch or
Coffee time?
44. CISOs are from Mars
CIOs are from Venus
Secure360
Tues. May 12, 2015 1:30P
bcaplin1@fairview.org
bc@bjb.org @bcaplin
http://about.me/barrycaplin
http://securityandcoffee.blogspot.com
Barry Caplin
VP, Chief Information Security Officer
Fairview Health Services
Editor's Notes
Talk based on 7 parts of 5 part blog series (blog link, twitter link)
Check out my about.me, with links to twitter feed and Security and Coffee blog.
AppleWatch 2015; iPad 2010; iPhone 2007; Android/Youtube 2005
In 2004, the ACLU produced a satiric video called “Ordering Pizza in 2015” that has become the single most-downloaded piece of content we’ve ever produced (at least we believe in the absence of complete stats). I won’t describe it—you can watch it here if you haven’t seen it—but like many successful viral products, it combined humor with a biting commentary on an all-too-real set of trends.
https://www.aclu.org/blog/aclus-pizza-video-10-years-later
http://thedatamap.org/
http://thedatamap.org/
https://www.fitbit.com/terms
https://www.fitbit.com/privacy
https://www.fitbit.com/privacy
2.8 zettabytes in 2012; predicted >5.6zb in 2015
http://www.technologyreview.com/news/514351/has-big-data-made-anonymity-impossible/
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006
Latanya Sweeney, Uniqueness of Simple Demographics in the U.S. Population (Laboratory for
Int’l Data Privacy, Working Paper LIDAP-WP4, 2000). For more on this study, see infra Part I.B.1.b. More recently, Philippe Golle revisited Dr. Sweeney’s study, and recalculated the statistics based on year 2000 census data. Dr. Golle could not replicate the earlier 87 percent statistic, but he did calculate that 61 percent of the population in 1990 and 63 percent in 2000 were uniquely identified by ZIP, birth date, and sex. Philippe Golle, Revisiting the Uniqueness of Simple Demographics in the US Population, 5 ACM W ORKSHOP ON P RIVACY IN THE E LEC . S OC ’ Y 77, 78 (2006)
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=4531148
We apply our de-anonymization methodology to the Netflix Prize dataset, which contains anonymous movie ratings of 500,000 subscribers of Netflix, the world's largest online movie rental service. We demonstrate that an adversary who knows only a little bit about an individual subscriber can easily identify this subscriber's record in the dataset.
Arvind Narayanan & Vitaly Shmatikov, Robust De-Anonymization of Large Sparse Datasets, in PROC. OF THE 2008 IEEE SYMP. ON SECURITY AND PRIVACY 111, 121 [hereinafter Netflix Prize Study]. For more on this study, see infra Part I.B.1.c.
MIT researchers Yves-Alexandre de Montjoye and César A. Hidalgo
http://www.technologyreview.com/news/514351/has-big-data-made-anonymity-impossible/
http://aboutmyinfo.org/index.html
Analyzed 32K days worth of GPS data
http://www.cs.rochester.edu/~sadilek/publications/Sadilek-Krumm_Far-Out_AAAI-12.pdf
Real-Time Location Service
http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html
http://www.secure-medicine.org/public/publications/icd-study.pdf
http://www.forbes.com/sites/singularity/2012/12/06/yes-you-can-hack-a-pacemaker-and-other-medical-devices-too/
Before 2006, all pacemaker programming and interrogation was performed using inductive telemetry. Programming using inductive telemetry requires very close skin contact. The programming wand is held up to the chest, a magnetic reed switch is opened on the implant, and the device is then open for programming and/or interrogation. Communication is near field (sub 1MHZ), and data rates are less than 50KHZ.The obvious drawback to inductive telemetry is the extremely close range required. To remedy this, manufacturers began implementing radiofrequency (RF) communication on their devices and utilized the MICS (Medical Implant Communication Service) frequency band. MICS operates in the 402-405MHZ band and offers interrogation and programming from greater distances, with faster transfer speeds. In 2006, the FDA began approving fully wireless-5based pacemakers and ICDs.Recent remote monitors/bedside transmitters and pacemaker/ICD programmers support both inductive telemetry as well as RF communication. When communicating with RF implantable devices, the devices typically pair with the programmer or transmitter by using the serial number, or the serial number and model number. It's important to note that currently the bedside transmitters do not allow a physician to dial into the devices and reprogram the devices. The transmitter can only dial out.
http://arstechnica.com/security/2012/08/medical-device-hack-attacks/
http://www.telegraph.co.uk/news/science/science-news/11212777/Terrorists-could-hack-pacemakers-like-in-Homeland-say-security-experts.html