The CISO: the enabler of innovation
With digital transformation already in focus for many businesses, adding a now
distributed workforce on top of this scenario ratchets up the security
challenge. One in five CEOs and CISOs saw a major increase in all types of cyber
attacks since COVID-19, with supply chain attacks topping the table side by side
with ransomware. The key here is to enable and drive businesses, rather than
impede them. By moving to support remote workers by adjusting policies and
controls discreetly, businesses can enable teams to work better in their own
role in their own job. This means allowing them to access data from anywhere
while providing better visibility 24/7, enabling more proactive alerts and
controls. In fact, 58% of CEOs and CISOs have recognised the need for a more
integrated trust framework, with 48% also substantially increasing the use of
cloud-based cyber security systems. In the future, the workforce will have
even more autonomy within the decentralised cultures that develop as business
leaders find new ways to drive collaboration and creativity. For the CISO, this
means continuous adapting to an evolving workplace.Why unstructured data is the future of data management
Today, data is a valuable corporate asset. You’ve got to be strategic with it
because it’s not just for your BI teams, but for the R&D and customer
success teams. They need historical data to build new products or to improve the
ones they already have. This is super relevant in manufacturing, such as in the
semiconductor chip industry, but also in other industries that are so important
to our economy, such as pharmaceuticals. COVID researchers depended upon access
to SARS data when developing vaccines and treatments. Data often becomes
valuable again later, and what if you don’t know what you have or you can’t find
it? We’ve had customers in the media and entertainment business, and in the past
when they wanted to find an old show, they’d need access to a tape archive.
Then, they needed an asset tag to locate the tape. That can be very difficult,
and it’s why archiving is not popular. Live archive solutions that are available
today make archived data instantly accessible and transparently tier data so
users can easily locate files and access them anytime.
Here’s how to check your phone for Pegasus spyware using Amnesty’s tool
:format(webp)/cdn.vox-cdn.com/uploads/chorus_image/image/69614140/acastro_190204_1777_privacy_0002.0.jpg)
The first thing to note is the tool is command line or terminal based, so it
will take either some amount of technical skill or a bit of patience to run. We
try to cover a lot of what you need to know to get up and running here, but it’s
something to know before jumping in. The second note is that the analysis
Amnesty is running seems to work best for iOS devices. In its documentation,
Amnesty says the analysis its tool can run on Android phone backups is limited,
but the tool can still check for potentially malicious SMS messages and APKs.
Again, we recommend following its instructions. ... If you’re using a Mac to run
the check, you’ll first need to install both Xcode, which can be downloaded from
the App Store, and Python3 before you can install and run mvt. The easiest way
to obtain Python3 is using a program called Homebrew, which can be installed and
run from the Terminal. After installing these, you’ll be ready to run through
Amnesty’s iOS instructions. If you run into issues while trying to decrypt your
backup, you’re not alone. The tool was giving me errors when I tried to point it
to my backup, which was in the default folder. Critical Jira Flaw in Atlassian Could Lead to RCE
The vulnerability has to do with a missing authentication check in Jira’s
implementation of Ehcache, which is an open-source, Java distributed cache for
general-purpose caching, Java EE and lightweight containers that’s used for
performance and which simplifies scalability. Atlassian said that the bug was
introduced in version 6.3.0 of Jira Data Center, Jira Core Data Center, Jira
Software Data Center and Jira Service Management Data Center (known as Jira
Service Desk prior to 4.14). According to Atlassian’s security advisory, that
list of products exposed a Ehcache remote method invocation (RMI) network
service that attackers – who can connect to the service on port 40001 and
potentially 40011 – could use to “execute arbitrary code of their choice in
Jira” through deserialization, due to missing authentication. RMI is an API that
acts as a mechanism to enable remote communication between programs written in
Java. It allows an object residing in one Java virtual machine (JVM) to invoke
an object running on another JVM; Often, it involves one program on a server and
one on a client. ...”Improving Your Productivity With Dynamic Problems
First, a Huffman code tree is built. Let the original alphabet consist of n
characters, the i-th of which occurs pi times in the input text. Initially, all
symbols are considered active nodes of the future tree, the i-th node is marked
with pi. At each step, we take two active vertices with the smallest labels,
create a new vertex, labeling it with the sum of the labels of these vertices,
and make it their parent. The new vertex becomes active, and its two children
are removed from the list of active vertices. The process is repeated many times
until only one active vertex remains, which is assumed to be the root of the
tree. Note that the symbols of the alphabet are represented by the leaves of
this tree. For each leaf (symbol), the length of its Huffman code is equal to
the length of the path from the root of the tree to it. The code itself is
constructed as follows: for each internal vertex of the tree, consider two arcs
going from it to the children. We assign the label 0 to one of the arcs, and to
the other 1. The code of each symbol is a sequence of zeros and ones on the path
from the root to the leaf.Top 5 NCSC Cloud Security Principles for Compliance
Modern business IT infrastructures are complex, and data regularly moves between
different across the network. It’s critical to protect sensitive data belonging
to your customers and employees as it traverses between business
applications/devices and the cloud. It’s also imperative that your cloud vendor
protects data in transit inside the cloud such as when data is replicated to a
different region to ensure high availability. ... Different regulations have
different requirements about where protected data can be stored. For example,
some regulations stipulate that data can only be transferred to companies with
sufficient levels of protection in processing personal data. If your business
opts for a cloud provider that doesn’t provide transparency over the location of
data, you could end up unknowingly in breach of regulations. ... The last thing
your business wants is to use a public cloud service only to find that a
malicious hacker accessed your sensitive data by compromising another customer
first. This type of concerning non-compliance scenario can happen when there is
an insufficient separation between different customers of a cloud service.Data and Analytics Salaries Heat Up in Recovery Economy
There are a few reasons why the market is really strong for data scientist and
analytics pros right now. First, we are coming off a period of stagnation where
no one wanted to change jobs and salaries stayed the same. That means those
individuals who were considering a job change most likely put those plans on
hold during the pandemic. Now all those people are getting back into the market.
Second, there are so many new remote job opportunities, which opens up a whole
new realm of job possibilities for data science and analytics pros. Third, as
people move on to new jobs, they create vacancies where they were, opening up
additional job vacancies. Fourth, there are some industries that had to change
their business models to continue to operate during the pandemic economy. Burtch
Works specifically points to retail, which had to enable digital channels to
replace sales lost in brick-and-mortar stores. The Burtch Works report notes
that many retailers have been expanding their data science and analytics teams
and offering higher compensation than Burtch Works has typically seen in
retail.Home-office networks demand better monitoring tools
Networking professionals said they are enhancing their network operations
toolsets in three primary ways. First, 54.2% are looking for tools that
deliver security-related insights into home-office environments. This will
help them collaborate with security teams to ensure that their increasing
distributed networks are compliant with policies. It will also help them
discern whether a user-experience issue is related to a security problem.
Second, 52.6% need new dashboard and reporting features that allow them to
focus on home offices and remote workers, which will help admins and engineers
spot problems and troubleshoot them more efficiently. If their existing tools
lack adequate dashboard and reporting customization, they’ll have to look
elsewhere for this view into their networks. Third, 49.4% need to upgrade the
scalability of their tools. ... Network teams will need to integrate their
tools with other systems to improve their ability to support home workers. For
instance, 43% said home-office monitoring requirements are producing a need
for their monitoring tools to integrate with their SD-WAN or secure access
service edge (SASE) solution. Hybrid work: 7 ways to enable asynchronous collaboration
One of the main differences between asynchronous and synchronous work is that
the former tends to center on time- or task-defied work processes. “Asynchronous
work requires a grasp of what the outcome – the final product of work – needs to
be, as opposed to the amount of time spent in close coordination producing the
final product,” says Dee Anthony, director at global technology research and
advisory firm ISG. IT leaders need to get better at defining, managing, and
measuring outcomes. Anthony suggests taking a page out of the agile playbook:
Identify outcomes, estimate the effort required to accomplish them, track work
velocity, and perform regular reviews. You must also foster a culture of trust.
“Having people work across time, even in the same country, means that the old
nine-to-five is out the window,” says Iain Fisher, director at ISG. "Managers
cannot be there all the time, so a culture change of trust and respect must
evolve." ... “Working asynchronously requires very strong written communication
skills to avoid ambiguity and misunderstanding,” says Lars HylandOutcome Mapping - How to Collaborate With Clarity
The Outcome Map is an excellent way to create energetic communication, clarity, and alignment from the start (or re-start) of any initiative. It also reminds you to stay on track as you progress, and how to know when we’re drifting from the path. By adding measurements and methods, you can describe where you want to go and how you plan to get there. In both a project and product approach, clarity of outcomes is critical, but what’s often forgotten are the factors affecting the odds of achieving the outcome. Outcome mapping allows us to explore, anticipate, and design mitigation approaches to factors impacting our desired outcome. For this reason, it’s also commonly referred to as impact mapping. In practice, you can map many factors involved in a given outcome, but a few critical ingredients should always be present. Defining measures (or indicators) of progress (summarized as ‘Measures’ in the map itself) allows you to measure and celebrate progress without waiting until the distant deadline of your primary outcome to find out if you’ve succeeded or failed.Quote for the day:
"It is the responsibility of leadership to provide opportunity, and the responsibility of individuals to contribute." -- William Pollard
No comments:
Post a Comment