Cultural diversity, if not handled well, can be a source of inefficiency, confusion, frustration, anxiety, and stress at work. When we don’t appreciate the cultural differences in how others convey and interpret information, we are more likely to misunderstand them. What happens when people from other countries and cultures don’t behave according to our cultural norms? We fall for the fundamental attribution error and attribute their behavior to their personality, assuming their behavior is representative of who they are. We also find it convenient to go with cultural stereotypes without making an attempt to understand how culture plays a role in their style of communication. Techniques that made us successful with a group of people from one country may not work with another group from a different country. To be collaborative, we need to embrace cultural diversity and open ourselves to learning different communication approaches and making adjustments along the way. We need to learn, unlearn, and relearn new strategies to communicate effectively with different groups of people.
“Ransomware attackers require little risk or effort to launch attacks, so a prohibition on ransom payments would not necessarily lead them to move into other areas,” according to the report. “Rather, they would likely continue to mount attacks and test the resolve of both victim organizations and their regulatory authorities. To apply additional pressure, they would target organizations considered more essential to society, such as healthcare providers, local governments and other custodians of critical infrastructure.” So instead, “Updating breach disclosure laws to include a ransom-payment disclosure requirement would help increase the understanding of the scope and scale of the crime, allow for better estimates of the societal impact of these payments, and enable better targeting of disruption activities.” The Framework would require ransomware victims to report details about the incident prior to paying the ransom. ... As a corollary to this, the Framework would also have cyber-insurance companies establish a common pool of money “to evaluate and pursue strategies aimed at restitution, recovery or civil asset seizures, on behalf of victims and in conjunction with law-enforcement efforts.”
DBaaS hasn’t historically been considered serverless, but that has been changing. An increasing number of public cloud services are either offering serverless alternatives, or moving to this architecture altogether. As one might expect, stateless services like compute are a bit more straightforward to make serverless, relative to stateful ones. It’s only recently that databases and data services have begun to move in this direction. As you might expect, a serverless DBaaS scales to meet the immediate needs of the application it is servicing. When more demand is high, it scales up the number of nodes to meet the need, and when demand drops, it scales back down. This is particularly useful in microservice, FaaS and other distributed architectures. Right-sizing your database in concert with the microservice fleet in those scenarios is tedious, often resulting in paging already busy ops people. You are basically only paying by the operation instead of being charged for idle instances of “always on” virtual hardware. Read and write, storage and network out - done. This simplicity can result in tremendous idle time savings and a dramatically more cost-effective profile for everything from dev/test to production.
One of the things you’re going to need, especially in a tech company, you’re going to need a program that is unique to the company and takes into consideration the customers, the attack space they live in, the tech stack they’re using and the unique challenges they have. There is of course a standard menu that we each bring in our back pocket of things you want to make sure you’re checking off the list. When we dig into the application security space you think about the people you want to hire, at what level do they need to be, do they need a coding background, are they comfortable with developers, counseling and teaching developers how to code securely, etc. So, you have this people component and a teaching component. There is also an operational rigor that the public and customers expect. It’s great that you do this internally but what does a third party say about your program and how effective your program is. And while you’re building up these processes and you build out your application security department you have these engineers working with engineers all over the company, DevOps, infrastructure, product engineers
Datasets for machine learning are the main commodity in the world right now. Everybody is talking about AI and AI applications but a few are focusing on how accurate the data is and if the data is actually correct. Data collection needs to be deliberate—the success of its intended application depends on it. As those in data science know, datasets are necessary to build a machine learning project. The dataset is used to train the machine learning model and is an integral part of creating an efficient and accurate system. If your dataset is noise-free (noisy data is meaningless or corrupt) and standard, your system will be more reliable. But the most critical part is identifying datasets that are relevant to your project. So your company has decided to make the jump into data science and needs to collect data. But if you don't have any, where do you start? The answer is twofold. One option is to rely on open source datasets. Companies like Google, Amazon, and Twitter have a ton of data they’re willing to give away. And many online sites dedicated to AI and AI applications have compiled free categorized lists which make finding a good dataset even easier.
AI professionals tend to be concentrated geographically in tech hubs and populous areas. While this may change as remote work becomes more prevalent post-pandemic, organizations located in large cities will likely have an easier time finding talent. AI talent is currently most prevalent in certain industries, including high tech, banking and financial services, manufacturing, healthcare, and retail, so organizations in these sectors will likely see more applicants for open roles. When evaluating candidates for AI roles, be wary of padded resumes. As AI is still an emerging field, there are many so-called “experts” who overstate their skills, experience, credentials, education and more. It’s also important to look beyond a candidate’s technical expertise and assess their soft skills, such as business acumen, communication skills and leadership abilities. Keep in mind that elite AI talent is getting recruited all the time, and it can be a challenge to build sustainable AI initiatives when key team members leave. Ensure candidates’ previous job tenure is compatible with your organization’s strategy and rely on the interview to make sure they’re a cultural fit.
Some security experts are debating whether it's time to update the HIPAA Security Rule itself - and not just the NIST guidance. "The HIPAA Security Rule is a very process-oriented rule, by intent," says privacy attorney Kirk Nahra of the law firm WilmerHale. "It addresses ways to think about and approach security, rather than identify specific standards to follow. That means that, from my perspective, it is in many ways a perfect rule that does not need to be updated in its language - the [compliance] process must be updated regularly by any covered entity or business associate, but that 'updating' is already incorporated into the rule." NIST is trying to give organizations "a way to turn the HIPAA process into reality - to move from process to substance," with updated guidance, he contends. If HHS were to consider changes to the HIPAA Security Rule, "I would only caution them as they move through the process of evaluating potential changes to keep the idea of the HIPAA Security Rule as it is, and not to turn a broad process that is flexible and scalable to adjust to the wide volume of different kinds of entities regulated by HIPAA into something more specific and less flexible," Nahra says.
Although much of the hype around cognitive automation has focused on business processes, there are also significant benefits of cognitive automation that have to do with enhanced IT automation. "Cognitive automation can be the differentiator and value-add CIOs need to meet and even exceed heightened expectations in today's enterprise environment," said Ali Siddiqui, chief product officer at BMC. In this domain, cognitive automation is benefiting from improvements in AI for ITSM and in using natural language processing to automate trouble ticket resolution. Cognitive automation could also help detect and solve problems buried deep within an enterprise that could go undetected until a problem arises and then takes up the bulk of IT's time to resolve, such as a critical system bug, site outage or a potential security threat. Instead of having to deal with back-end issues handled by RPA and intelligent automation, IT can focus on tasks that require more critical thinking, including the complexities involved with remote work or scaling their enterprises as their company grows.
Technology hasn't yet evolved to a point where we can do away with passwords altogether. Instead, we keep inventing ways of making passwords more secure, propping them up as a viable way in which to secure our data. Two-step authentication does exactly what it sounds like, requiring an additional step in the login process beyond simply entering a password. Once a user has entered the password, that person will be sent a text message with a unique code or be asked to generate one via an authenticator app, which is needed to gain access to their account. This kind of multifactor authentication certainly offers an additional layer of security. It means that even if hackers crack your password, they aren't going to get very far without your mobile phone or access to your code generator. However, it's not entirely without flaws. For one, it makes the login process extremely tedious for the user, requiring additional hoops to jump through. It also creates an unwanted dependency on third parties, such as mobile service providers. What happens when a user is unable to receive their authenticator code via SMS because they're out of signal range or their operator's network goes down?
Quote for the day:
"If you don't understand that you work for your mislabeled 'subordinates,' then you know nothing of leadership. You know only tyranny." -- Dee Hock