November 30, 2015

10 tips to protect your files from ransomware

What makes ransomware a particularly vicious scam is that the encrypted files being held ransom are still being stored on the user’s computer. This unto itself is a very sad and frustrating reality as the files are not retrievable without the unique encryption key. It is becoming obvious that ransomware is a big issue that Internet users should pay more attention to in order to preventing infection. After all, it is much harder to deal with the consequences afterwards. ... If you discover a rogue or unknown process on your machine, cut off the Internet connection immediately. If the ransomware did not manage to erase the encryption key from your computer, there’s still a chance you can restore the files.


Evolving to the Next Generation of ERP Systems

ERP systems must be able to handle the specific needs of users, which can differ considerably from one industry to another and even between specific micro-verticals that might span multiple business units in a range of industries, locations and jurisdictions. If the software cannot be configured to meet the customer’s feature, functionality and process requirements, and if the customer cannot adapt its operations to these limitations, a cloud-based product isn’t a feasible solution. Many manufacturing and product-centric businesses have found it difficult because their requirements are often too specific and diverse. Unlike with on-premises software, there is no option to customize multitenant SaaS offerings to the needs of a single customer unless the vendor is willing to make the necessary changes to the core code base and the timing of those changes is acceptable to the customer.


State CIOs will focus on security and cloud in 2016

While security and the cloud headlined the CIOs' ranking of their priorities for 2016, it's a crowded field. Respondents to NASCIO's survey also indicated their plans to focus on consolidating and optimizing services and operations, business intelligence and analytics, modernizing legacy IT, and establishing an "enterprise vision and roadmap for IT." Other CIO priorities included efforts to cut or contain costs, recruit and retain top IT talent, improve the development and delivery of software, and advance their plans for disaster recovery and business continuity. In many of those areas, CIOs could benefit from stronger support from key personnel in the executive branch and the legislature, Robinson says, stressing the importance of tech leaders winning the buy-in of top brass in the budget and procurement processes.


Four CIO rules for building a mobile future

Before we go too far, let's think about how to take a somewhat balanced approach to mobile apps for business. And, by balanced, I mean an approach to mobile app development that considers factors besides hype and urgency. After all, I am old enough to remember the hype and urgency of the dotcom craziness. I don't want to offend any of my readers, but who really thought that creating a Web business called Pets.com made that much sense? Did that many people really need to go online to order and have shipped across the country a 10-pound bag of kitty litter? Now that we've agreed on the prudence of a balanced approach to developing mobile apps for business, let's talk tips.


DataOps and three tips for getting there

Like DevOps, the impetus for DataOps is to blend teams together to increase collaboration and agility. While DevOps combines the development and operations teams, DataOps is "the set of best practices that improve coordination between data science and operations," according to consultant Lenny Liebmann,founding partner at Morgan Armstrong in Teaneck, N.J., and contributing editor to technology publications. Andy Palmer, CEO and co-founder at Tamr Inc., based in Cambridge, Mass., provided more detail in a recent blog post: "DataOps is a data management method that emphasizes communication, collaboration, integration, automation and measurement of cooperation between data engineers, data scientists and other data professionals."


The Hidden Pitfalls of Going Freelance in IT

“In order for a project to be successful, the client has to buy into you and the vision for the project,” says Nick Brattoli, founder and lead consultant at Byrdttoli Enterprise Consulting. “This is exacerbated in the IT world, because more often than not, you are going to be working remotely,” says Brattoli, who’s been freelancing on and off for his entire IT career. “Technology is wonderful in that it makes it possible for us to work from anywhere with an Internet connection. But there is still value in being able to meet face-to-face, and many companies are hesitant to trust someone they haven’t met.” In addition, at many companies the tech-savvy people running a project will know what needs to be done to meet the desired outcomes.


Microsoft's new premium Office 365 subscription for businesses is here

Skype for Business is essentially a rebranding of the company's Lync communication software, which Microsoft launched earlier this year. Tuesday marks the general availability of features including a PSTN Conferencing service that lets users dial into a meeting being held using Microsoft's communication service. E5 subscribers also get a new Cloud PBX feature that lets IT administrators replace on-premise PBX systems with a cloud-based management portal provided by Microsoft. Microsoft has offered PBX services through its Lync and Skype for Business Server products for several years, but Cloud PBX is a fully managed system that doesn't require company administrators to provision and manage a server whether that's on-premises or in the cloud.


Driving The Automaker Into The Future

"You need people who can be deep architects, who can be deep cyber-security experts, who can be deep in application development and agile methodology," she explained. "You also need people who can be strategic, who can understand business concepts, who can help lead the business to innovative solutions." Klevorn described the struggle to recruit fresh young talent and is taking a new approach to hiring IT pros. Ford started using Facebook and Twitter to engage with students, for example, and changed its on-campus presence. Having an office in Palo Alto has strengthened its connection to Stanford University and a community of talented people who may not otherwise consider the Michigan-based company.


DevOps at Seamless: The Why, How, and What

The key thing about DevOps is understanding under which circumstances it should be introduced to your organization. Starting with “why” is crucial as there is probably no greater (and more expensive) failure than choosing the wrong tool for a problem on an organizational level. Nevertheless, let us assume that you know the “why”. The next question to ask is how to address the challenge. Let us assume that DevOps may be the answer. What remains is determining what to do to get there. Microservices architecture, continuous integration, continuous deployment, test automation, monitoring automation, infrastructure automation etc. are frequently associated with DevOps but to consider DevOps as only the tools risks having those practices withdrawn, replaced, or diminished whenever your company faces a crisis.


Email Data Breaches: The Threat That Keeps On Giving

CIOs should create a process for retrieving leak data when large leaks happen, because our analysis shows that the very appearance of someone's email address in a leak exposes them to more abuse after the leak occurs. Attackers use leaks to build their database of targets for all sorts of fraud - not just fraud related to the leak itself. ... Security is never given enough attention until there is a major problem - this has always been true and probably always will be. Enlightened organizations invest more in security because they know that the cost of doing nothing is to guarantee - at some unknown time in the future - an incident that is very costly.



Quote for the day:


"Every problem has a solution. You just have to be creative enough to find it" -- Travis Kalanick


November 29, 2015

How To Create an Effective Software Security Training Program For Agile Teams

Although not unique to agile projects, there’s also the issue that the focus of information security has traditionally been at the network layer and not on the software itself. This can (and does) lead to an over-reliance on perimeter security: firewalls, SEIMs, traffic fingerprint devices, etc. The problem is many recent software breaches have been affected at the application layer or data layer and have gone undetected, sometimes for months(!), by perimeter defenses. Software security is a distinct practice within the information security world. It is enough of an emerging concern that many in software development, testing and product owner roles are not aware of the need to build defenses into the code itself.


5 Things Enterprises with Mature Security Programs Should be Thankful

In addition to having a thorough understanding of the systems in place, you’re grateful for having taken the time to understand the nature, motivations, and capabilities of the adversaries that could target your enterprise. You know what data apps and systems hold information that would be of financial gain to cybercriminals, as well as what data would be of interest to your primary competitors. You also know which data you hold that could likely be targeted to be used as part of a two-stage attack aimed at partners or other third parties. Thankfully, when it comes to threat modeling new apps and systems, you are able to swiftly review new apps for how those systems work and what risks may be involved, what data they touch, how access is granted and other security-related attributes.



MailSystem.NET


MailSystem is a suite of .NET components that provide users with an extensive set of email tools. MailSystem provides full support for SMTP, POP3, IMAP4, NNTP, MIME, S/MIME, OpenPGP, DNS, vCard, vCalendar, Anti-Spam (Bayesian , RBL, DomainKeys), Queueing, Mail Merge and WhoIs This project licensed under LGPL, you are free to use the compiled binaries in your personal or commercial project for free. If, for some reasons, you want to keep your changes for yourself, you must acquire a commercial license.


The core principle behind the SAFECode framework is that a software assurance assessment should primarily focus on the secure software development process and its application to the product being assessed, while taking into consideration the context of a product’s intended operating environment. There is no single practice, tool, or checklist that acts as a silver bullet and guarantees better software assurance. Rather, the efficacy and efficiency of software security practices and tools varies based on how they are applied and whether they are implemented as part of a holistic software development process within each unique organization. With that principle understood, we recognize that the maturity of secure development practices varies among technology suppliers.


Robust Security Planning Requires Change in Mindset

Ensuring device security often does not stop with meeting just the set of regulatory requirements. Firms generally search for ways to enhance security further, as they are very concerned about the cost of potential security breaches and the ever-changing landscape of sophisticated attacks. The cost of a security breach and violation of your trust relationship with your customers can be high. It can also have a large impact on your firm’s reputation as well as sales, which can alter how the market views your other products. Legislation now requires firms to disclose breaches with possible financial penalties. The number of sophisticated attackers is also increasing as more robust attack tools become available, in turn increasing the overall risk of a security breach.


Moving towards an Intelligent, Networked and Boundary less World

IoT will herald an evolutionary change in appliances, systems, devices and utilities that people use on a daily basis. From refrigerators, washing machines, microwaves, ACs, TVs, cars to the electrical grids, transport systems, surveillance systems, this change will touch everything. To support such an eco-system the infrastructure vendors are already in hyper-drive to develop and market products that are IoT enablers e.g. SDN, NFV, multiprotocol aggregators, wearable devices, iPV6 based architecture, etc. ... The premise of Smart Cities emanates from a planned city that manages and monitors civil utilities, power grids, communication, transport and traffic systems, citizen services and security and requires a synchronized operation of a complex and automated systems.


3 Reasons Why the Most Common OWASP Risks Are STILL On the List After 10 Years

In the past, security professionals have warned against M&M security—security that is hard and crunchy on the outside but soft and gooey on the inside. Back when network security was the primary concern, enterprises focused most of their effort on protecting the perimeter. Firewalls, intrusion detection systems, and proxies became necessary tools to keep the bad guys out. However, in order for software to be useful, there has to be an entry point for our users (i.e. the front-end web applications running on port 80 or 443). In order to extend the concept of perimeter security to the application layer, many firms rely on web application firewalls or WAFs to protect their sensitive, internal assets.


So, what steps can the CIO take to ensure that its cloud provider staff members are doing their jobs properly? Data analytic tools are emerging that help businesses identify system aberrations, and better identify and potentially thwart insider threats. However, cloud customers need to be proactive in their use of such tools. Often, the vendor is unwilling to let the customer access the data analytics system or talk directly with its employees. But such steps can be written into the customer's service level agreement. "In the SLA, the customer should have the ability to audit the service on occasion, examine system logs, and hire an outside firm to investigate any potential internal breaches," explained Security Architects' Blum.


A Data Model Describes a Business

In many ways the mind of a good businessperson is similar to that of a good data modeler—continually asking questions and looking for areas of improvement. A recent example at a client of mine brought this to light. In building a conceptual data model for a manufacturing company, I was working with a senior engineer to understand the underlying data model for several functional business areas. As he had some previous experience with data modeling, in addition to the logic of engineering, I found this session particularly productive. The data modeling process asks a series of questions that are almost childlike in their simplicity, but when done in a methodical way, can highlight important business rules that might not have come to light.


Considering the number of major security breaches we’ve suffered, and the creative ways that cyber criminals are finding into supposedly secure systems, the good guys could use a break. Could that advantage come from machine learning? It very well could, says Patrick Townsend, CEO and founder of security software vendor Townsend Security, says. “Now that we’re starting to get systems that can really effectively handle examining large amount of very unstructured data and detecting patterns, I’m hoping that the next wave of security products will be based on cognitive computing,” he says. “Look at Watson. If it can win Jeopardy, why can’t it parse all these security events worldwide and make sense of them? I think we’re on the very early cusp of the use of cognitive-based computing to help ramp up security.”



Quote for the day:


"An overburdened executive is the best executive, because he or she doesn't have the time to meddle." -- Jack Welch


November 28, 2015

How to stop IT woes hurting your M&A plans

If you allow what I like to call ‘the right of infinite appeal’, where the decisions keep getting questioned and nothing gets implemented, that can kill an integration project. It’s the nature of the beast that you typically have two great CIOs, their hand-picked lieutenants, great employees and they can’t all keep the same jobs that they had in the standalone company. In some cases, the team of the company doing the buying will tend to end up in the roles, but there are also cases where part of the allure of the acquisition is an extremely strong team that can fill holes in the parent organisation, essentially where they are also buying a management team. When the best person is selected for each position regardless of where they came from, it can send a very positive message to the rest of the employees and help to retain the best and brightest.


In-Memory Graph Database API for .NET

Data is represented as a directed acyclic graph of “datums” connected by “is” links. Because DatumTron API represents data at such a fundamental level, we are able to manipulate data in generic ways. We discuss how inheritance, time, and code are represented in the graph. We explain how to import an SQL database (Northwind) into memory as a DatumTron graph database. Then we show how to query, and mine the database in a fast in-memory graph using a simple set of operators. In DatumTron, finding all rows that have the same column value is achieved in constant time. For example, a query to get the customers who live in Paris is written in the following C# statement. Where CustomerCity is the datum representing the customer city column in the graph.


Online tracking by news organizations is excessive, say researchers

"The surprising extent to which news organizations subject readers to third-party tracking deserves closer attention," write Pickard and Libert in this The Conversation commentary. "As a society, we often hold news organizations to higher ethical standards. They're not just businesses; they are supposed to provide a vital public service, and they depend on public trust." With a nod towards Apple's recent decision, the two authors mention, "While the ethics of readers unknowingly 'paying' for content with their privacy are certainly questionable, the practice is also indicative of the precarious situation in which the news industry finds


How IT Plays a Critical Role in Health Care

By investing in IT, we are now able to offer patients a level of engagement and involvement in their own care that just wasn’t possible before. Whether it’s orders and results flowing seamlessly between our clinics and hospital, or their entire patient health summary being viewable to them in near real-time on our new patient portal, one of our biggest goals has been to make it easy and intuitive for our patients to be involved in, and informed about, their own care. We don’t just make it easy for the patients to get their own information, though, we also make it easy for that information to get to other outside providers who need it for that patient’s care as well. When you’re dealing with the kinds of geographic distances between facilities that we have to, the ability to get potentially life-saving information to another provider at the click of a button is a real game changer.


Eight tips for working more efficiently in the Visual Basic Editor

Office uses Visual Basic for Applications (VBA), an application development language, to extend functionality beyond its standard features. You might write a simple printing macro or use more complex procedures to perform custom tasks or even apply business rules. To add VBA code to a project, you use the Visual Basic Editor (VBE), a built-in interface. It's adequate, but some tasks seem harder than necessary. Here are some tips that can help you fine-tune your coding sessions. You'll spend less time with routine tasks and more time actually coding. The VBE, shown in Figure A, is essentially the same across all of the Office products, and there's been little to no change for several versions.


Fighting Frauds using Big Data Visibility and Intelligence

Organizations are struggling hard to find significant and effective methods to combat frauds happening internally in these enterprises. To give you a better idea, we are talking about a small fraud in an organization that has an enormously huge amount of information- a little fraud-search can be compared to searching for a needle in a haystack. It can turn out to be time and effort consuming. Traversing through such huge information is cumbersome. This type information is usually a sum of complex correlations and aggregations and as such, ‘little’ mistakes can be very crucial. With this blog, we will stress how big data analytics can help in overcoming the frauds happening within various type of organizations.


Cyber Monday Is Dead. Long Live Cyber Friday

"Cyber Monday is dead," said Steven Skinner, senior vice president of Cognizant Technology Solutions in Teaneck, New Jersey. "People are no longer waiting until they get back to work to shop. I have a better connection on my phone right now than I do at my desk at work."More than three-in-four consumers have smartphones and 41 percent will use them to make online purchases this year, according to a holiday survey by Deloitte University Press that predicts the Friday after Thanksgiving will surpass Cyber Monday as the most popular online shopping day this year. The shift shows that holiday spending is alive and well even as some consumers and retail employees grumble about consumerism overshadowing family time.


When your ‘Agile’ Team Moves at Snail Pace: 5 Key Roadblocks and How to Overcome Them

The best way to avoid this situation is to have a trained and experienced Scrum Master at helm, who is able to visualize and predict future requirements, prioritize effectively, and create an optimized plan for product engineering.  ... Only when all the parts of development – design, JPGs, HTML, code, middle layers and DB – are joined together, can the product owner get a clear view of an actual useable product. Teams can deliver a functional, interactive product each sprint. The product is built layer by layer, giving a clearer picture to the product owner with every iteration. This helps deliver the MVP on time, reducing major changes in later stages of development.


The Role of KPIs in Managing Big Data

KPIs – Key Performance Indicators – are vital to help businesses, and especially CFOs, optimise performance. They provide insight into the here and now, and how it is directing what is to come – unlike a report on how you did in the past. As the example shows, these KPIs have a dynamic relationship – information from one set of performance indicators can suddenly draw attention to the key role of another indicator – so we need to access them in real time, not in a historical report. According to investopedia.com: a KPI is: “A set of quantifiable measures that a company or industry uses to gauge or compare performance in terms of meeting their strategic and operational goals”.


FileUtilities - a library for reading flat files into POCOs

Whilst many modern applications exchange data in well defined standard ways (such as XML or JSON) the reality is that a great deal of data is still packaged in flat files (by which I mean comma separated values, or fixed width text files).  This library is concerned with turning these files into arrays of type-safe objects and using semantic meaning in those objects to validate the files concerned. The use of attributes to tag properties of your classes is quite common in both Entity Framework and also in System.Runtime.Serialization. This library very much follows that model but if you are not familiar with it then I recommend reading this article to start with.



Quote for the day:


"If something is important enough, even if the odds are against you, you should still do it." --@elonmusk


November 27, 2015

How Robots Can Quickly Teach Each Other to Grasp New Objects

Tellex says robotics researchers are increasingly looking for more efficient ways of training robots to perform tasks such as manipulation. “We have powerful algorithms now—such as deep learning—that can learn from large data sets, but these algorithms require data,” she says. “Robot practice is a way to acquire the data that a robot needs for learning to robustly manipulate objects.” Tellex also notes that there are around 300 Baxter robots in various research labs around the world today. If each of those robots were to use both arms to examine new objects, she says, it would be possible for them to learn to grasp a million objects in 11 days.


Mobile Cyber Security: Minimizing Loss and Maximizing Profit

Another very realistic threat that’s emerging recently is mobile botnet. Pierre-Marc Bureau, Security Intelligence Program Manager from ESET explains what we’re dealing with here: The word botnet is made up of two words: bot and net. Bot is short for robot, a name we sometimes give to a device that is infected by malicious software. Net comes from network, a group of systems that are linked together. A botnet is a network of infected devices, where the network is used by the malware to spread. One potential advance in security currently being developed as a response to the number of cyber attacks rising 100% between 2013 and 2014, is the creation of artificial intelligence (AI) platforms.


Big Data Analytics: Unlock Breakthrough Results - Step 2

A set of tools and platforms which are ideal for Centralized Provisioning are usually terrible and completely unsuited for use within a Decentralized Analytics operating model. Critical capability essential to Embedded Analytics is very different from Governed Data Discovery. Yes there are some capabilities that cross operating models (e.g. metadata), and some that are far important than others. In general this is a truly sound way to determine where your investment in capability should be occurring – and where it is not. Along the way you will surely stumble across very clever professionals who have solved for their own operating model limitations in ways that will surprise you. And some just downright silliness; remember culture plays a real and present role in this exercise.


Many embedded devices ship without adequate security tests, analysis shows

Costin presented the team's findings at the DefCamp security conference in Bucharest on Thursday. It was actually the second test performed on firmware images on a larger scale. Last year, some of the same researchers developed methods to automatically find backdoors and encryption issues in a large number of firmware packages. Some of the firmware versions in their latest dataset were not the latest ones, so not all of the discovered issues were zero-day vulnerabilities -- flaws that were previously unknown and are unpatched. However, their impact is still potentially large, because most users rarely update the firmware on their embedded devices. At DefCamp, attendees were also invited to try to hack four Internet-of-Things devices as part of the on-site IoT Village.


The Definitive Q&A for Aspiring Data Scientists

Know what you are good at and what you care about, and pursue that. So, you might be good at math, or programming, or data manipulation, or problem solving, or communications (data journalism), or whatever. You can do that flavor of data science within the context of any domain: scientific research, government, media communications, marketing, business, healthcare, finance, cybersecurity, law enforcement, manufacturing, transportation, or whatever. As a successful data scientist, your day can begin and end with you counting your blessings that you are living your dream by solving real-world problems with data. I saw a quote recently that summarizes this: "If you think your scarce data science skills could be better used elsewhere, be bold and make the move."


The Target breach, two years later

Two years later, Target has largely recovered from the breach in terms of both consumer trust and financial impact. But no matter how grand its remediation efforts were, Target will be forever associated with the data breach and its lasting repercussions. "Target remains the most significant breach in history because it was the fist time the CEO of a major corporation got fired because of a data breach," said John Kindervag, vice president and principal analyst on risk for research firm Forrester. "You can't underestimate that in terms of getting people's attention. People started taking credit card security seriously -- before that, it was just a pain-in-the-neck compliance issue."


An Engineer’s Guide to GEMM

I’ve spent most of the last couple of years worrying about the GEMM function because it’s the heart of deep learning calculations. The trouble is, I’m not very good at matrix math! I struggled through the courses I took in high school and college, barely getting a passing grade, confident that I’d never need anything so esoteric ever again. Right out of college I started working on 3D graphics engines where matrices were everywhere, and they’ve been an essential tool in my work ever since. I managed to develop decent intuitions for 3D transformations and their 4×4 matrix representations, but not having a solid grounding in the theory left me very prone to mistakes when I moved on to more general calculations.


Ambient Intelligence: What's Next for The Internet of Things?

It could manage mass transit for optimal efficiency based on real-time conditions. It could monitor environmental conditions and mitigate potential hotspots proactively, predict the need for government services and make sure those services are delivered efficiently, spot opportunities to streamline the supply chain and put them into effect automatically. Nanotechnology in your clothing could send environmental data to your smart phone, or charge it from electricity generated as you walk. But why carry a phone when any glass surface, from your bathroom mirror to your kitchen window, could become an interactive interface for checking your calendar, answering email, watching videos, and anything else we do today on our phones and tablets?


Investing in Impact - Portfolio Management for Agile Deliveries

Rightly or wrongly, the role of Project Manager remained in place in some companies, the role was re-introduced by some others, particularly larger companies working with bigger bodies of work - programmes involving many ‘agile’ feature teams for example. Companies forgot to update the Project Management toolkit though and in lots of cases we’ve seen companies also forgot to update the people, by which I mean train, educate, inform them about the key principles of agility, how to support it and how to take advantage of it. This resulted in many Project Managers applying traditional thinking and tools into agile projects. This included things like tightly managing scope and trying to fix it down early on; managing project progress and success based only on scope and time; requesting very precise estimates; measuring just velocity or worse, effort.


Rant: Cloud applications are s-l-o-w. Too s-l-o-w.

Chances are the offline office suite will have been faster than the online one. In some of my tests, working offline is three to five times faster. That's mainly due to the overhead of running code in a browser. Then there's the issue of internet connections, which are rarely perfect. They should be, I know. This is 2015, after all. But we don't even have perfect video-conferencing yet, as highlighted by this humorous article (NSFW). A lost connection can be infuriating when you're halfway through updating a document using a cloud-based application. If you're outside a 20-mile radius from Silicon Valley, this will be a factor. Microsoft has the right idea here. Its office suite lets you work online if necessary, but the offline software remains the primary productivity tool. So you can work in a fast, internet-independent office suite for most of the time, only using the online version when you need to.



Quote for the day:



"Don't look for ideas to confirm your thinking, rather look for trends that will disrupt your thinking." -- Rich Simmonds


November 26, 2015

Google Kubernetes Is an Open-Source Software Hit

Kubernetes is technically a cluster manager that’s able to take containers and automatically add or delete resources. A container encloses a program (or a piece of one) in a layer of software that connects seamlessly to the operating system and other computing resources. One advantage is that it can be moved easily from one computer or server to another. If traffic to a certain application spikes, Kubernetes is able to automatically replicate containers and expand capacity without manual intervention. The software can schedule containers, allocate them and make sure the computing environment has enough memory, disk space and storage, David Linthicum, senior vice president of Cloud Technology Partners told CIO Journal.


Building a big data technology framework? Focus on business differentiation

"When you're telling a decision maker -- in this case, a farmer -- that they should apply this much fertilizer to this piece of land on this day, it is very helpful to answer the question, 'why,' when it's asked," he said. The key to explanatory analytics may be models. He pointed to two techniques that can help with this: Structural modeling, which he said is "used to illustrate statistical connections between the environment and crop outcomes," and mechanistic modeling, which he said is "used to capture physical phenomenon when the underlying physics are well understood or can be captured directly." ... "We need multiple techniques because there is no 'free lunch' and, typically, one technique will not work for every problem," he said after the event via email.


What are the best qualifications for a career in cyber security?

Most senior careers (with higher salaries) involve becoming a manager or advising others about management. The role may be managing a technical team of specialists or managing all of the people, processes and technology associated with ensuring effective information security. The latter requires a thorough knowledge of asset and risk management and the controls required to mitigate the risks to an organisation. This is where the knowledge and skills associated with ISO 27001 qualifications such as ISO27001 Foundation and ISO27001 Lead Implementer have the greatest influence. For the first cyber security management qualification I always recommend people in the UK to consider obtaining the Certificate in Information Security Management Principles (CISMP).


Cyberwar Part 2: Government Hacks Threaten Private Sector

"Contrary to a popular belief, fingerprints are not unique, and out of 5.6 million fingerprints compromised, there can be quite a few people who have fingerprints similar enough to be accepted by the biometric authentication system," said Igor Baikalov, chief scientist for security-intelligence company Securonix. "Now, if there is someone with access to top-secret information, and his fingerprint data can be matched to someone else with a known gambling problem -- known from the background checks also leaked by OPM -- the attacker has a way to potentially circumvent biometric authentication. Far-fetched? Probably. But not impossible," he added. As a result, IT and InfoSec professionals are going to have to come up with additional user authentications to mitigate these risks, and perhaps create a few new ones.


Neo4j 2.3 Graph Database Features and openCypher Initiative

As of now, Neo has an official Docker repository that we officially support for our customers. As far as best practices: perhaps the most important tuning parameter is memory. The underlying hardware must provide sufficient memory for the containers running on it; the Neo4j image allows memory usage to be configured as appropriate. And the Enterprise Edition of Neo4j, which in contrast to the Community Edition is primarily commercial, has quite a few operational features that aren’t in the Community Edition, including clustering. Docker containers are essentially ephemeral, but Neo4j needs durable storage for its data. The underlying hardware must include a disk which is mounted into the container for this purpose. Docker containers are isolated from one another by default.


Analytics team structure can work without data scientists

There's no shortage of promise when it comes to streaming analytics and unstructured data analysis, but the issue Cunningham raises is how that ties into the business. "In reality, there has been little effective integration of good data modeling against complicated data at the business level," he said. As a result, Cunningham is more focused on structuring his analytics team to derive tangible value from specific data analysis projects. Currently, he said, the team is working to build better analytical models to predict which medical benefits claims should be paid by insurers and which shouldn't. The goal is to shorten the time it takes to get an answer on coverage when a healthcare provider submits a claim on behalf of a patient.


How to Safely Manage Personal Health Information

Partners and business associates of healthcare that sign HIPAA or PHI related agreements will need to ensure the protection of PHI data, as they are legally bound to handle the patient data as per the rules and regulations. The rules were [originally] limited to paper records but with the advent of technological advancement this rule is extended to the various forms of electronic media, [and] any information that the companies would want to solicit will require approvals from the patients. Organisations will also be subject to audits to ensure processes have been followed with regards the PHI. Despite the regulations and stringent processes, there have been data breaches that have been plaguing the healthcare industry, and “potential cost of breaches for the healthcare industry could be as much as $5.6 billion annually,” one study noted.


Feeding Forward: Using tech to help feed the hungry

Advancements in technology will make it better for everybody involved. Ahmad gave me the example of a time when she was still a student at Berkeley. The dining hall manager called her about 500 sandwiches left over from an event. Dealing with perishable food was extra challenging in Feeding Forward's early days before the cloud, mobile apps, and real-time technologies. "I called the entire list of recipients for all the non-profits in Berkeley and Oakland and even as far as Richmond, California," Ahmad said. "A third of them don't answer the phone, a third of them are like 'No, we are good for today' and the last third are like 'No, we can take up to about 15 sandwiches, or 10 sandwiches. I think, 'Awesome, now I have 485 sandwiches, I have five hours of reading and I'm on the side of the road.'"


Dell security flaws reignite debate on pre-installed software

"The news that some Dell laptops are shipping with at least one, and now likely two, rogue root certificates represents a potential security breakdown in the process of laying down the factory operating system image on new laptops for consumer use,” said Tod Beardsley, security engineering manager at security firm Rapid7. He urged users to contact their support representatives for instructions on how to remove these rogue certificates. “Users rely on factory images of operating systems to be reasonably secure by default; the act of re-installing an operating system from original sources is often beyond the technical capabilities of the average end user,” said Beardsley.


Disruption and Emergence: What does it mean for Enterprise Architecture?

The domain of the enterprise architect is changing, as more and more “enterprise” architecture components are sourced externally. Social and environmental architectures are as important to an enterprise architecture as the components that remain within the enterprise boundary and under the direct control of the EA team. Emerging technologies and digital disruption will transform the enterprise, but they will also transform the ways in which we architect. What will this mean for enterprise architecture in general, or for the role of the enterprise architect? How will EA help enterprises to collaborate with one another? What will these changes mean for the nature of the enterprise and its architecture?



Quote for the day


"Great leaders know they can never communicate enough. Greedy leaders use information as a tool to gain more power." -- @JamesSaliba


November 25, 2015

Russian financial cybercrime: how it works

With online financial transactions becoming more common, the organizations supporting such operations are becoming more attractive to cybercriminals. Over the last few years, cybercriminals have been increasingly attacking not just the customers of banks and online stores, but the enabling banks and payments systems directly. The story of the Carbanak cybergroup which specializes in attacking banks and was exposed earlier this year by Kaspersky Lab is a clear confirmation of this trend. ... Information on the number of attacks may indicate the extent of the problem but does not reveal anything about who creates them and how. We hope that our review will help to shed light on this aspect of financial cybercrime


The State of Millennials Worldwide

As the survey’s authors noted, aspiring to the freedom brought by self-employment while still living with or being supported by family is an age-old contradiction. They found that in Asia or Latin America, these align with cultural norms, but the spread to North American cities where this historically hasn’t been the case are a strong indicator for municipal leaders to find ways to support this growing segment of their constituents. "Young people may respond positively to policies or programs that foster a mind-set of measured risk for personal or global growth, while laying the groundwork for long-term stability," the authors found.


In Machine Learning, What is Better: More Data or better Algorithms

“In machine learning, is more data always better than better algorithms?” No. There are times when more data helps, there are times when it doesn’t. Probably one of the most famous quotes defending the power of data is that of Google’s Research Director Peter Norvig claiming that “We don’t have better algorithms. We just have more data.”. This quote is usually linked to the article on “The Unreasonable Effectiveness of Data”, co-authored by Norvig himself (you should probably be able to find the pdf on the web although the original is behind the IEEE paywall). The last nail on the coffin of better models is when Norvig is misquoted as saying that “All models are wrong, and you don’t need them anyway”


Artificial Intelligence: 10 Things To Know

"We are trying to make a system which at first sight looks like it might be behaving in some manner that we might ascribe to intelligence," said Moore. "Everything, however, with 'artificial' in the label is actually just a really, really, really fancy calculator, all the way from chess programs to software in cars, to credit-scoring systems, to systems that are monitoring pharmaceutical sales for signs of an outbreak." ... "And people are making bad decisions, which are costing huge numbers of lives every year, by not going to physicians under some circumstances or not letting a doctor know about something important or mismanaging their medications.


Composable Infrastructure: Cutting Through the Noise

By separating the physical components of the server, those resources can then be pooled and programmatically composed into a logical server and then, subsequently decomposed, returning the elements back to the pools allowing for reuse. This breaking down of the server means that not only can the most efficient and optimal use of resources be made, but also the lifecycle management of those resources is also decoupled. So, in the case of M-Series, the next CPU generation that would drive a complete replacement of the server with a traditional rack-mounted server would only require the replacement of the CPU and possibly DIMMs to achieve an upgrade. Subsystems like the local storage, RAID controller, network adapter, power supplies, fans, and cabling are preserved until upgrades of those respective elements would yield benefit to the business.


eBook: Foundations of Data Science, by Microsoft Research

The field of algorithms has traditionally assumed that the input data to a problem is presented in random access memory, which the algorithm can repeatedly access. This is not feasible for modern problems. The streaming model and other models have been formulated to better reflect this. In this setting, sampling plays a crucial role and, indeed, we have to sample on the fly. in Chapter ?? we study how to draw good samples efficiently and how to estimate statistical, as well as linear algebra quantities, with such samples. One of the most important tools in the modern toolkit is clustering, dividing data into groups of similar objects. After describing some of the basic methods for clustering, such as the k-means algorithm, we focus on modern developments in understanding these, as well as newer algorithms.


Jai Ranganathan on architecting big data applications in the cloud

There are some fundamental design principles behind the original HDFS implementation, which don’t actually work in the cloud. For example, this notion that data locality is fundamental to this system design; it starts changing in the cloud when you’re looking at these large cloud providers — they are doing all these software-defined networking tricks and they can do bisectional bandwidth, like 40 gigs per second, across their data center … suddenly, you’re talking about moving hundreds of terabytes of data back and forth from a storage to a compute layer without any huge performance penalties. Suddenly, their performance is disadvantageous to this, but it’s not as bad as you think.


Security is the common theme in 2016 top IT projects

The heightened interest doesn't come as a surprise to experts. "Everyone's concerned with security issues due to the nature of what's been happening recently," said Turner who works for a non-profit organization in western New York that's striving to better connect Medicaid patients with health care providers. After another turbulent year of high-profile breaches, including Ashley Madison, CVS and the Office of Personnel Management, security threats are top-of-mind for board members and CEOs, alike, putting a spotlight on CIOs and senior IT leaders. For Vlasich, security and cloud computing, which ranked as a top IT project for the second year in a row, are intertwined thanks, in part, to rogue IT.


Java: The Missing Features

Java’s import syntax is quite limited. The only two options available to the developer are either the import of a single class or of an entire package. This leads to cumbersome multi line imports if we want just some but not all of a package, and necessitates IDE features such as import folding for most large Java source files. ... Java’s arrays aren’t collections, and the "bridge methods" provided in the helper class Arrays also have some major drawbacks. For example, the Arrays.asList() helper method returns an ArrayList, which seems entirely reasonable, until closer inspection reveals that it is not the usual ArrayList but rather Arrays.ArrayList.


Key Methods for Ensuring FRCP Data Preservation Compliance

The new FRCP amendments introduce the notion of “reasonable” preservation effort to preserve data across all forms of enterprise communication. In court, organizations must prove they made reasonable efforts to prevent communications data, in any form, from being destroyed. Failure to do so will lead the court to the assumption that the information not preserved is harmful to your defense. By some estimates, eDiscovery costs U.S. organizations around $41 billion annually. Not only is this expensive, but it can also be a time-intensive exercise. So, how can organizations demonstrate “reasonable” preservation efforts? 



Quote for the day:


"Speaking about it and doing it are not the same thing." -- Gordon Tredgold


November 23, 2015

Ten great gifts for the hacker in your life

"The 21 Bitcoin Computer is ideal for buying and selling digital goods and services. You can use it to create bitcoin-payable APIs, set up your own personal digital goods store, pay people to share your content online, or host online games of skill." It's not cheap ($395) and comes with controversy, but it's a cool toy with a lot of potential, and 21 Inc. is going to be releasing an open source package for the device soon. ... In this reviewer's opinion, every hacker should have a USB Armory in their stocking this year.The Inverse Path USB Armory ($130) is a little USB stick with an entire computer onboard (800MHz ARM processor, 512MB RAM), designed to be a portable platform for personal security applications -- and lives up to its reputation as "the Swiss Army Knife of security devices."


IBM SoftLayer Performance Less Impressive Than Claimed

If nothing else, the claim reflects the nervousness of database vendors as Amazon launches competing database services on its own cloud. Amazon's Kinesis in-memory system could be construed as a competitor with VoltDB, a point that Kepes noted at the time. This year, the tests were done again, this time by Callaghan (a third party) rather than VoltDB tester Alex Rogers, who conducted the 2014 tests. Contacted by InformationWeek, a VoltDB spokesman said IBM played no role in financing the tests. Callaghan explained in a disclaimer note on his Acme site: "Someone from VoltDB contacted me in June asking if I'd be interested in performing a cloud vs. cloud benchmark, offering to compensate me for my time and to cover any cloud vendor bills." Callaghan agreed to do the benchmark.


Google unveils Android Studio 2.0 with Instant Run

The Google search team has also added some functionality to Android Studio: Developers can generate and test deep links directly right from the IDE. Just last week, Google unveiled its search index has 100 billion deep links into apps and that over 40 percent of Google searches on Android now surface app content. Android Studio is based on IntelliJ, an open source Java IDE. Android Studio 2.0 is based on IntelliJ 15, which launched just a few weeks ago, and thus has the following features: Instant preview for Find in Path, Run configurations with a state indicator, enhanced debugging for the Java programming language with Force Return (gives greater control over flow of execution), improved UI for testing, one-click run of application or tests, and adjustments for color deficiency.


6 Best Practices for Working From Home

Anyone who works from home will tell you that it has its benefits, yet also challenges. When I started my business in 1998, social media did not exist, I had no clients and most of my friends worked in a traditional office setting. After working for a large hotel for nearly six years, I had grown accustomed to being surrounded by people each day. Working from home provided peace and solitude, yet I was lonely. I had no one to interact with except my yellow Labrador. No humans were around for sharing ideas. I worked long hours, many in my pajamas. No one was there to hold me accountable for my work and I had to force myself to rise at a reasonable hour each morning and develop self-discipline.


VMware CIO: 'I've worked for a lot of evil people in my career'

"We've grown at an exponential rate and are now at a stage where we need to set up for new business models to support the next generation of growth," he said. A case in point: "We sell licenses, but a lot of our customers are now asking for subscriptions," he explained. "We're getting to the guts of our processes and making sure they're improving." There are other significant shifts taking place in VMware's market as well. The rise of container technologies such as Docker, for example, is viewed by many as a threat to virtualization, which is VMware's bread and butter. Iyer, however, isn't worried. "I have been through so many hype cycles," he said. Iyer has asked IT staff to try out container technology internally, and they've liked it, he said.


2016: The Year of The Data Center

Many IT decision makers are relying on strategically located data centers rather than relying solely on a hub. For example, instead of storing massive amounts of data in a few select data centers, application providers are moving their applications to “the edge,” (in locations where they can serve customers locally, and reach more businesses and consumers in more markets) in order to be able to serve their consumers more closely and reduce discontinuations. Another item to consider when thinking about location is costs associated to that particular area. Are there tax incentives for businesses in that region? What are the utility costs for that area? These are all location elements that IT executives need to consider when selecting a location.


Jide Remix Mini: Does the 'world's first true Android PC' deliver?

Remix also provides both a custom file manager and control panel. The control panel offers a view of system settings that looks similar to a Mac OS X control panel, with a few horizontal rows of icons. The file manager provides one-click access to documents, pictures, music, and movies, in addition to the file system. Remix adds windowing, too. Many apps run not only in full-screen mode, but also in re-sizable windows. Gmail, Google Docs, Chrome, and the Microsoft Office apps all support windowing. However, some apps, such as Google Hangouts, only work full-screen. Jide continues to update Remix OS to fix bugs and improve functionality. Multi-tasking works surprisingly well, too.


The Surprising Truth About DevOps in Banks

Banking IT is generally heavily siloed in terms of organizational structure and reporting lines, and also often suffers from the geographic distribution of teams or off-shoring. Culturally however, I believe that there are not the same barriers and lack of cross department collaboration as I see elsewhere in other industries. On the whole, banking technology organizations seem less siloed than in other industries. On my development teams, we generally had a positive relationship with testers, working together early in the development cycle in a highly collaborative way. Although offshore, our testers were highly skilled and had a high degree of understanding about the system we worked on together. We understood their world and they understood ours, and incentives, goals and KPIs were aligned across both groups - to deliver high quality software, early and often.


Enterprise networks need to address mobility trends

Data security is a complex area of enterprise mobility trends, and one that technology can only address to a point. A state-of-the-art network won't be enough to safeguard business data if employees don't follow basic security protection procedures. Furthermore, in this capacity, IT can only do so much since a lot of mobile activity occurs off the network. And since most mobile devices are used jointly for business and personal needs, the business data stored on them will be vulnerable even in the most casual sessions, such as connecting over the public Internet during personal time. Considering these mobility trends, IT will likely need to deploy mobile device management (MDM) to protect both the devices and the local area network (LAN). This plan will entail some level of encryption for all flows of mobile communication, including voice, email and browser access.


Getting started with a career in cybersecurity

So cybersecurity workers are in high demand, the jobs pay well, and they're important and critical to safeguarding our society. That sounds to many like an ideal opportunity. But what does it take to get hired and thrive in such a gig? Here are a few things to consider. Cybersecurity (and IT in general) are not the same as computer science. Traditional computer science can be helpful, but it's not the full story. If you're going to design unbreakable encryption (or crack unbreakable encryption), you're going to need deep education in computer science and math, because you're dealing with everything from stats to finite automata. But there's also all the knowledge needed about how current systems work, which computer science doesn't necessarily prepare you for. That's best handled by all the certification classes, particularly the Microsoft-sponsored ones.



Quote for the day:


"Business is all about solving people's problems -- at a profit." -- Paul Marsden


November 22, 2015

2015 State of Analytics - 20 Key Business Findings

High-performing companies are 2X more likely than underperformers to at least half of their employee base uses analytics tools. In my experience, training and empowerment of all employees is key to scale, as long as right tools and business processes are in place to be inclusive of all employees. Often organizations will limit the visibility into analytics and access to tools to only management and business analysts, and by doing so, limit the insight and full potential of the entire organizations. The importance of systems integration, data quality, data consolidation and customization and mobility are key to democratization of insights. Here's why an analytics platform is key to success.


FBI info security chief discusses taking risks with cloud, big data

"Accepting a risk doesn't mean it's going to happen," Hart said. "It means if the thing happens, you accepted the risk and will take the steps to mitigate that risk." As CSIO for the FBI, Hart said she is responsible for managing everything from governance to operational security in protecting the FBI's cloud infrastructure against internal and external threats. "I'm not packing heat," Hart quipped, clarifying she is not an FBI agent in the field. Hart offered a few insights into the FBI's cloud infrastructure, noting everything done by federal agencies must be compliant with the FedRamp cloud framework. "The cloud is all about big data and being able to aggregate data, which are amazing things," Hart said. "But when the sword cuts, it cuts both ways."


Qylur System Uses Big Data to Improve Levi's Stadium Security

Lisa Dolev, CEO of Qylur Intelligent Systems, explained that her company's technologies fit into the industrial Internet of things (IIoT) space, with machines that are able to learn from each other and evolve in their decision-making capabilities to help stay ahead of threats. "For the Qylatron Entry Experience Solution, what we're doing is combining the aspects of greeting a person based on the entry ticket and doing security scanning," Dolev told eWEEK. The Qylatron is a self-service machine comprising multiple pods that can be used for screening bags and other items (pictured). It has a number of different sensors that use machine learning to come to automated decisions, according to Dolev. The automated decisions are intended to stop things defined by the system's administrators as being dangerous or even just items that are prohibited by the venue.


Making Good on the Promise of Big Data in Health Care

Bates does not blame interoperability issues for the healthcare industry's slow adoption of predictive analytics. "You can do a great deal with just your own data," he says. Rather, the problem has to do with personnel. "Healthcare organizations don't have groups with the right training to understand how to use data to reduce costs and improve care," he says. "If they do, the groups are relatively small and completely consumed with meeting external requirements, such as reporting quality data. They just don't have the bandwidth." Another problem is that up-to-date analytics software and tool kits—especially those that take a more "self-serve" approach to data—have not been available until recently.


Advantages of network virtualization impress, but hurdles remain

From a logical perspective, virtual switches provide much of the same functionality as the traditional top-of-rack switches. Today, for example, it's not uncommon to see a virtual switch with several virtual LANs. A handful of VMs communicating with each other via a virtual switch is a basic example of network virtualization. Inter-VLAN traffic, meanwhile, is provided via a trunk between a virtual switch and the physical network. The traffic traverses the physical port of the host server. Essentially, the physical server port serves as an uplink port of the virtual switch. If two VMs residing on the same physical host --but on separate VLANs - needed to communicate, the traffic is routed to the physical network. At that point, a firewall could be used to filter traffic between the two hosts.


Strategies for a next-generation security architecture

Increasingly you're going to be liable for committing any vulnerability and as we've seen, if you're a senior executive, you may have to take the fall for the hack. And that puts a lot of pressure on companies to really rethink how they're doing security. So, really to sum up the answer, it's the [problems] of the perimeter-less architecture; the emergence of a professional threat economy; and the impact of getting hacked both from a personal career limiting perspective, as well as from a regulatory compliance perspective. One of the other big things that you're seeing evolve in addition to the professional threat economy is now you've got people who built all the pieces, and there's almost an inverse correlation between the mental effort that's required and the criminality of certain things.


Discovering Alpha Through Automation

Consistently discovering alpha is the holy grail of investment management, and is an arena populated by two primary schools of thought. The first consists of active managers who proactively try to uncover investment opportunities that can generate higher returns, and the other consists of passive managers who believe markets are efficient and invest in a diversified portfolio of securities mirroring the market. While there is growing acceptance even amongst die-hard efficient market finance theorists that financial markets are not efficient to the level originally hypothesized, active managers have not consistently outperformed their passive counterparts in many asset classes in recent times. However, can investment managers systematically uncover pockets of market inefficiencies using Big Data analytics?


The open-data revolution has not lived up to expectations

The thorniest problem for open data now is privacy. Governments rushing to release individual-level data such as tax, medical or education records are “walking into a massive minefield”, warns Martin Tisne of the Omidyar Network, a philanthropic outfit. Such data are among the most valuable: they can boost, for example, precision medicine, which tailors each patient’s treatment. But a privacy scandal can cause a backlash against all open data. A public outcry recently forced Britain’s National Health Service to rethink plans for making anonymised patient-level data available for reuse. Open-data activists have joined forces with bureaucrats and entrepreneurs to sort out all these problems. Their solutions are starting to work, and growing amounts of data are being put to good use.


Key Lessons Learned from Transition to NoSQL at an Online Gaming Website

Erlang concurrency is designed around the actor model and encourages an elegant style of programming where problems are modelled by many isolated processes (actors) that communicate through immutable message passing.  Each process has its own heap and by default is very lightweight (512 bytes) making it practical to spin up many hundreds of thousands of processes on commodity type servers. These individual processes are scheduled by a virtual machine over all available processor cores in a soft real time manner making sure that each process gets a fair share of processing time.  The fact that each Erlang process has its own heap means that it can crash independently without corrupting shared memory.


Containers Will Penetrate Large Cloud Platforms

Amazon, Microsoft, Google and other leading cloud providers are already adopting container technologies. We are also seeing the same approach among OS, hardware and application developers. For example, Intel too is supporting containerization with its Cloud Integrity Technology 3.0. It is therefore quite obvious that support for containers will continue to grow in the coming years and we are likely to see more deployment in this ecosystem. An increasing number of micro-service applications will be built on containers. In fact, experts predict that most cloud platforms will either switch to a new container stack or at least start supporting containers by 2017.



Quote for the day:


"Technology is just a tool. In terms of getting the kids working together and motivating them, the teacher is most important." -- Bill Gates


November 21, 2015

How to tackle change management in an era of automation

“Automation will advance us away from managing, monitoring and building to brokering,” Oehrlich says. However, CIOs must help manage the transition customers, employees, vendors, and partners to new automation technologies. This requires experts who know how to apply automation and technology to achieve business outcomes. “That is the biggest challenge with the workforce the CIO has today, as many folks in their jobs don't have these skills.” Such work is challenging as technology becomes increasingly integral to the business strategy. A CIO working for a major retailer has traditionally worried about aligning point-of-sale and transactional systems, and improving store operations, but not about “serving the customer when they come in the front door,” Chui says.


You Can’t Engage Employees by Copying How Other Companies Do It

High commitment companies work hard to sustain their culture—they realize that protecting it is as much of a challenge as building it in the first place. Several types of practices help to keep a company and its many leaders on the journey. Employee engagement surveys can help assess alignment of leaders’ multiple business or geographic units with company purpose and values. As CEO of Campbell Soup between 2000 and 2010, Doug Conant employed quarterly engagement surveys to assess and develop high commitment in the company’s multiple business and operating units. Hewlett Packard’s senior management employed skip-level meetings to hear the truth from lower levels.


How Hybrid Cloud Strategy Can Prevent Cloud Chaos

In most cases, organizations and employees fail to realize what they are getting into. In fact, many overlook the fact that as SaaS providers offer more applications and integrations, it increases the likelihood they are merging the organization's internal data with data from one or more of those applications. Most issues develop at this stage but usually come into light too late, after the application has been deployed. We have heard many horror stories caused by data merging, violating the organizations’ security and governance policies, and making them vulnerable to hacking and security threats. It is therefore essential to have a proper strategy to manage your hybrid or multi-cloud environment.


The Machine-Vision Algorithm for Analyzing Children’s Drawings

The results show both the power and the limitations of this kind of science. The most impressive result is a clear demonstration that the complexity of a drawing changes as children get older. “We observe that children tend to draw more complex scenes as they grow older,” say Konyushkova and co. “However, after some age (approximately 13 years old), they start drawing simple and abstract scenes again.” This is consistent with the consensus among child psychologists. But the analysis of the role of religion is more problematic. One idea among researchers is that children tend to draw pictures of gods above the midline of piece of paper. They say this is because children think gods are somehow unworldly.


Businesses struggling to transition to digital era

“Startups and established corporations can leverage individual strengths and explore acceleration opportunities through collaboration. In the past, IT has been an enabler of business, but in the future IT will be part of business” said Kilger. Ernst & Young predicts that all businesses will soon need chief digital officers to explain what it means to become a truly digital enterprise. “IT will have to manage the whole technology stack, including software, connectivity layer, cloud, apps in the cloud and technologies enabling the internet of things [IoT],” said Kilger. This, in turn, will create the need for companies to have access to data scientists to enable them to understand and benefit from all the data they are generating and collecting.


A Framework in C# for Fingerprint Verification

We implemented the fingerprint verification algorithms proposed by Tico and Kuosmanen, Jiang and Yau, Medina-Pérez et al. , and Qi et al. It is important to highlight that, despite the algorithm of Qi et al. is a combination of a minutiae matching algorithm with an orientation based algorithm, we implemented only the minutiae matching algorithm. We also implemented the feature extraction algorithms proposed by Ratha et al. and the orientation image extractor proposed by Sherlock et al. This framework allows you to include new fingerprint matching algorithms as well as new feature extraction algorithms with minimum effort and without recompiling the framework. One of the goals that we kept in mind while developing this framework was to achieve class interfaces as simple as possible. This way, adding new algorithms is pretty straightforward.


Startup Humanyze's 'people analytics' wants to transform your workplace

"It's like a Fitbit for your career," he explained. "When you set up your dashboard, you tell us what you want to achieve." Someone who wants to be the company's best salesperson, for example, can use the technology to benchmark their own performance against that of the current top performers without ever knowing who those people are. Alternatively, someone who wants to become a manager can set up a dashboard that uncovers what he or she needs to do in terms of behaviors to achieve that goal. No matter which department is using Humanyze's Sociometric Badge at any given time, IT plays a central role, Waber said. "As companies become able to culturally assimilate this kind of approach, IT can go beyond just supporting it and help to supercharge it," Waber said.


vArmour Unveils Industry-Wide Pathway to a New Security Architecture

The pathway to Multi-Cloud Security Architecture will help IT and security leaders develop their short and long-term strategy to secure their entire cloud infrastructure. Organizations have invested heavily in traditional perimeter security, but this is only the start — now, organizations will need to move controls closer to assets, creating an intelligent system over time that is dynamic, efficient and autonomic. “There is a pressing need for this type of multi-cloud security architecture, as security and IT teams are in the process of learning what to do or how to do it,” said Jon Oltsik, principal analyst at ESG. “vArmour has a vision and growing experience that can help organizations think differently about security architecture in this new heterogeneous cloud world, and a provide a pathway to get there.”


Cloud security requires shared responsibility model

To create a successful shared responsibility model, enterprises need visibility into their cloud provider's security controls, Patel said. And IT organizations can gain that visibility in a number of ways. For example, they can review independent assessments of their cloud provider's security model, such as attestations from the CSA's Security, Trust and Assurance Registry (STAR). They may also want to check that their provider holds certain cloud security certifications, such as ISO 27001. But because they only reflect the state of a provider's security environment during a given period of time, certifications shouldn't be the only way an enterprise assesses a potential provider, according to Patel.


A day in the life of a cloud architect

There is always an inertia to change in enterprises. One of the pitfalls in enterprises is that trying to treat OpenStack as traditional Mode 1 virtualization platform. It is always good to have a discovery of requirements and use cases and identify the use cases for OpenStack. More often than not, I have seen that enterprises want to adopt OpenStack because it's the shiny new thing in the industry. Every platform has its place and you cannot do away with legacy. In this day and age of bi-modal IT, it is important to understand the requirements for Mode 2 IT. OpenStack is a great platform for innovative Mode 2 environments, where the ask for enterprises is to rapidly deliver products and solutions adopting the principles of DevOps, which require infrastructure to be treated as code.



Quote for the day:


"Being powerful is like being a lady. If you have to tell people you are, you aren't." -- Margaret Thatcher