Daily Tech Digest - May 21, 2021

What does CUI mean for government agencies?

Prior to NARA’s implementation of the CUI cyber security protection framework, government agencies employed ad hoc agency-specific policies, procedures, and markings to safeguard and control all unclassified information that did not meet the criteria required for classification. The rule was designed to primarily safeguard sensitive government data that had not been assigned as confidential or secret, whilst it was shared between different government and commercial entities. But this confusing patchwork resulted in inconsistent marking and safeguarding of documents, which led to unclear or unnecessarily restrictive dissemination policies and created barriers to authorised information sharing. Today, the CUI Program is a unified effort between Executive Branch agencies to standardise protections and practices across departments and agencies. It defines a central data classification policy for the handling, safeguarding and dissemination of ‘sensitive but unclassified’ (SBU) government information. NARA maintains a public CUI registry reflecting authorised CUI categories and subcategories, associated markings, and applicable data safeguarding, dissemination, and decontrol procedures as data moves through non-federal systems.

3 Reasons Many Of The World’s Most Booming Businesses Come From Humble Beginnings

Humble beginnings often require founders to reset their expectations, or even adapt the way they work so they can deal with the unusual circumstances that accompany starting their business in a garage or a small nook of their apartment. Such circumstances teach flexibility and other valuable leadership lessons in a way that starting in a cushy office never could. After all, you’ll learn a lot more about flexibility if you’re starting out of a home where your kids can come in and interrupt you at any given hour. This flexible mindset can also improve your creative thinking and leave you more open to new ideas. Studies have found that experts who practice humility actually become more flexible as they acquire more knowledge. ... Writing for Idealist Careers, Liz Peintner explains that such leaders “are especially effective in cultivating strong social relationships, helpfulness, forgiveness, and social justice amongst their team members; creating teams with more satisfied employees who stay longer at the organization; leading well in unpredictable situations by using a trial-and-error approach; and minimizing negative feelings and intentions toward ‘out-group’ members, resulting in a more inclusive work environment.”

Industry 4.0 and its impact on network architecture

Organisations will further benefit from strengthened flexibility and agility, in addition to offering better customer service. Industry 4.0 enables businesses to improve the service offered to customers with streamlined experiences and more choice for consumers. Following this, companies can achieve higher revenues and improved innovation opportunities, which will help to ensure that they receive a significant return on investment. However, with its benefits, businesses need to consider the challenges that derive from Industry 4.0 adoption when looking to transition their business and its operations. Organisations will need to evaluate the opportunity cost associated with the fourth industrial revolution. There are two major costs to review: technology and expertise. Having the understanding and knowledge of newer technologies can often lead to budget constraints and businesses will need highly skilled employees to manage the integration successfully. We have seen a number of organisations launch Industry 4.0 initiatives, but more often than not, a lack of direction and measurable objectives can lead to failure. 

The way we teach coding is all wrong. Here's how it needs to change

Hands-on experience will always be a deciding factor – though Lavenne acknowledges that the majority of students will be lacking this by default. Instead, he suggests university courses and coding programs encourage as much project work as possible – which will at least help equip them with a working knowledge the various components of the software development cycle. There are also a handful of specific tools and technologies that Lavenne feels that every aspiring developer should have under their belt. "Putting an emphasis on JavaScript and TypeScript is important; Node.js is a moving force of the world right now in web technologies and others. People have to start learning TypeScript in school," he says. "On the skillsets for languages that are super marketable; the technologies that are very marketable today are web and APIs. Every single software engineer that will come out on the market will work with APIs - they have to speak APIs, they have to speak JSON. XML is fading out into the distance; the world is speaking JSON from computer to computer, and REST APIs are everything." 

Putting digital at the heart of strategy

Consider the early days of the commercial internet. In the late 1990s, companies scrambled to launch websites, believing that having an online presence would differentiate them and hoping to achieve a first-mover advantage. But eventually, every company had a website. And companies competed, as they always do, on the strength of their broader strategies. We will see the same as companies embrace the digital pivots that support digital enterprises. Cloud computing, automation, and artificial intelligence will not provide meaningful differentiation in themselves. Instead, they will be the new platform on which companies will compete. We see two major ways that digitally driven strategies offer organizations the opportunity to succeed in the long term. The first is by enabling resilience: the ability to thrive amid uncertainty and change. The second is by driving differentiation: the ability to deliver value that cannot be found anywhere else. We explore each of these aspects below. To survive and thrive in an uncertain and rapidly changing world, organizations will need to innovate at speed, keep pace with technological and industry change, and cultivate greater resilience.

The Second Pillar of Trusted AI: Operations

One key aspect of designing a system around AI is recognizing that any model’s predictions are probabilistic. For example, in binary classification, our model makes predictions in the form of raw scores between 0 and 1. Based on an optimized threshold, the model predicts either class 0 or class 1. However, there are situations in which the model is not confident in a prediction – for example, when very near to that optimized threshold, in a “low confidence” region. There are other scenarios too when analyzing the scoring data or prediction we may have reason to doubt the veracity of the model prediction. So how do we translate this into real-time protection to ensure our model makes safe and accurate decisions at the level of an individual prediction? Using a set of triggers, such as identifying outliers or an unseen categorical value, the system can take certain predefined actions to guard against uncertain predictions. Consider a model that predicts whether or not an image is a dog or a wolf. Perhaps the training data was authored by a photographer using professional equipment. A new scoring image is taken by a different photographer with much lower-quality equipment, resulting in a blurry, small image.

Use Of Artificial Intelligence In Cyber Security

Since the known vulnerabilities in a System or Network or Databases are difficult to manage, machine learning and AI processes such as User and Event Behavioral Analytics (herein after referred to as “UEBA”) can observe all kinds of behavior of User accounts and servers. Further, it can identify or analyze any abnormal behavior that might gives a hint of a zero-day attack which can be useful to preserve Companies or Organizations before any vulnerabilities are formally reported and patched. UEBA solutions have 3 major functioning as mentioned here below: UEBA uses ‘Data Analytics’ which in turn utilizes data as per User’s behavior. Further, Statistical technique has been utilized in order to detect abnormal or unusual behavior and then alert System Administrators; UEBA uses ‘Data Integration’ includes that there will be data comparison through numerous sources with the already existing Security Systems; and UEBA uses ‘Data Presentation’ from which UEBA Systems tries to communicate its findings and generate reports. It issues a request to Security Analyst within an Organization to investigate unusual behavior.

The US pipeline attack shows the energy sector must act now on cybersecurity.

This threat environment is the new normal for oil and gas infrastructure. Whether attackers are criminals motivated by financial gain or nation-state actors playing geopolitics, digitized oil and gas infrastructure makes a tempting target. Board members – and the information security officers they hold accountable – should be preparing for frequent, sophisticated attacks to be an ongoing operational risk. Even for industry leaders keenly aware of the risks and trends facing the oil and gas industry, building robust cybersecurity can be a daunting challenge. The World Economic Forum White Paper Cyber Resilience in the Oil and Gas Industry: Playbook for Boards and Corporate Officers provides a new blueprint to secure critical infrastructure to help oil and gas industry leaders address cyber-risk and implement key recommendations within their organizations, as well as to champion standards across the energy ecosystem. This new playbook is a result of discussions and collaboration of the World Economic Forum community of oil and gas industry partners – including Siemens Energy and Saudi Aramco – that prompted and produced a guide to help oil and gas industry leaders address cyber-risk and implement key recommendations within their organizations, as well as to champion as standards across the energy ecosystem.

Using Low-Code Tools in Enterprise Application Development

To ensure security of the applications that the low-code platform is building, they must go through the same security checks just as any other application. Even though some level of security, such as input validation, is baked into most low-code development platforms, developers still need to pay a great deal of attention to security issues and test for vulnerabilities. However, because there is no visibility to what’s going on underneath, scanning the application for security checks becomes tedious. The same features that make low-code development so attractive to some organizations can bring challenges when it comes to security. Creating enterprise applications also entails a large chunk of integration. A low-code solution might be capable of handling things if a developer follows a carefully constructed “happy” path. We are not talking about relying on low-code solutions to simply integrate applications with software-as-a-service (SaaS) applications and simple web APIs, however. Enterprise apps often need to also connect with distributed systems, archaic legacy applications, overly complex third-party APIs, commercial off-the-shelf systems and much more.

AI and data science jobs are hot. Here's what employers want

Much of the problem boils down to a lack of appropriate skills among applicants. More than two-thirds of businesses said they struggled to find candidates with the right technical skills and knowledge, while a significant minority of others (40%) reported a lack of work experience, as well as gaps in industry knowledge. So, what exactly should candidates for AI and data-science roles have on their CVs to convince future employers? Technical skills, of course, are key: businesses said that they were in search of applicants who understand AI concepts and algorithms, know programming skills and languages, and are familiar with software and systems engineering. A number of employers, said Ipsos, stressed the importance of deep learning in specialist roles, and of the need for candidates to know how to go beyond "low-level" AI. "We need people coming through the university system to learn from first principles how to create deep learning, neural network systems, rather than relying on off-the-shelf systems that are available through the big US companies," said one micro-business owner.

Quote for the day:

"A leader has the vision and conviction that a dream can be achieved._ He inspires the power and energy to get it done." -- Ralph Nader

No comments:

Post a Comment