Software is an iterative product, and much of it has been developed over decades, by teams of workers with significant experience and institutional knowledge. These teams are also responsible for maintaining and managing older technologies and platforms. But as business priorities change over time, systems built on older code can be neglected. Software development teams’ attention turns elsewhere, either by choice or force – which can create disenfranchisement among staff if not managed correctly. When access to and knowledge of older code resides only among a few people, we see potential insider threat risk of particular concern if software is being used to run critical IT infrastructure. To that end, IT leaders must factor in succession planning into any strategic discussions they’re having. All workers eventually leave or retire, and if knowledge isn’t shared, you risk older systems becoming impossible to manage by newer employees. The importance of getting the basics right, such as applying updates and patches or managing configurations, never goes away, even for older systems.
The key to understanding whether you should base your API design principles on REST or GQL is to grasp a concept in computer science known as Separation of Concerns (SoC). Well-designed yet non-trivial software is composed of many layers where each layer is segmented into many modules. If the SoC for each layer and module is clearly articulated and rigorously followed, then the software will be easier to comprehend and less complex. Why is that? If you know where to look for the implementation of any particular feature, then you will understand how to navigate the codebase (most likely spread across multiple repositories) quickly and efficiently. Just as REST and GQL queries provide consistency in API design, a clear SoC means that you have a consistent approach to where the implementation for each feature belongs. Developers are less likely to introduce new bugs in software that they understand well. It is up to the software architect to set the standard for a consistent SoC. Here is a common catalog of the various layers and what should go in each layer.
While in the very early days of computing hacker was a value-neutral term for a curious and exploratory computer user, today most people use the word to describe bad guys who try to break into systems where they don't belong for fun or (usually) profit. An ethical hacker is someone who uses those hacking skills—the ability to find bugs in code or weaknesses in cyber defenses—for good, rather than for evil, tipping the potential victims off and using the insights gained to implement improved security measures. In some ways, the term "ethical hacker" arises from a milieu where many "black hat" bad guy hackers do in fact switch sides and become good guys and defenders rather than attackers. But it's also just a sexy term for a discipline that goes by other, more boring names like "penetration testing" or "offensive security research." You might also hear the term "red team" used—in large-scale penetration testing exercises, the red team plays the role of the attackers, while the blue team makes up the defenders. Still, whatever you call it, it's a job that's in demand: more and more companies are recognizing the business case for having in-house hackers probing their defenses for weakness, or using bug bounties to encourage freelance ethical hackers to find problems they may have missed.
Historically, network and security technologies were deployed independently with the latter typically being an overlay to the network. This was never ideal but worked well enough to stop the majority of breaches. Network engineers would design the network, and security professionals would deploy security tools at each point of ingress. One of the challenges today is that there are hundreds if not thousands of points of entry ranging from SaaS applications to VPN tunnels to guest access on Wi-Fi networks. Even if a business had infinite dollars, it would be impossible to deploy all the necessary security tools to defend each point. Another point of complexity is that the number of security tools continues to grow. In the past, firewalls and IDS/IPS systems were sufficient to protect an enterprise. Modern security includes those but also zero trust network access (ZTNA), secure web gateways (SWG), cloud access security brokers (CASB), endpoint and network detection-and-response, and other tools. One growing way to secure an enterprise is by embedding security into the network as a cloud service.
Healthcare information systems struggle to replicate the achievements of sectors like banking and retail not only because of the increased regulatory scrutiny, but also because incentives are more complicated. "It’s not an 'I’m trying to sell you something, you’re trying to buy something' one-to-one relationship where you’re free to choose," said Dr. Stephanie Lahr, CIO and CMIO at Monument Health (formerly Regional Health). "We have payers in the middle of that construct, and that totally changes the dynamic of how those patients can come together and makes it difficult for us to look at airlines and banking and things like that [for examples]," said Lahr. "There’s a middle person with their own agenda and goals. … That’s one of the things that makes this difficult, because it’s not a free market." "The answer to every question is always time, money and motivation," said Dr. Yaa Kumah-Crystal, assistant professor of biomedical informatics and pediatric endocrinology at Vanderbilt University Medical Center.
Cybersecurity has long been considered by many executives to be a cost to be managed or even a drag on overall performance. Today, however, “the realization that cybersecurity has to be part of every discussion is more pervasive now than ever,” says Bentham. “Regulations, now employed in many countries, are driving the accountability to companies, making them liable for damages to citizens, customers and the like.” Thus, technology leaders must incorporate cybersecurity investments into their digital plans and ROI calculations. “The digital transformation strategist forges an early partnership with the cybersecurity organization and integrates them at all levels of the business and technology,” Bentham explains. “This integration allows the cyber professionals, who write or interpret cyber policies, to do so through a business lens.” As more organizations evolve to a cloud-first model, their security metrics may need to evolve as well. “Because the cloud is more dynamic, new metrics like mean time to adapt (MTTA) or mean time to secure (MTTS) will apply,” says Vishal Jain
Although social networks are a good tool to create valuable content, generate interaction with your customers, create a community around your brand and even expand your reach, it is essential that you have a website, integrated with your social networks, on the that you can have total control of the messages and images of your business and your products or services. On your own website, you can personalize the customer experience with the colors and design of your brand, make photo or video galleries, as well as create a personalized email that matches your company name, create marketing campaigns by email and even spice up your own online store. With the right service provider as a partner, you can link your website and online store with your social networks and even design the images and update the products that you show in them, directly from your website. Having your own website and online store to sell your products and services can help increase your customers' trust in your brand and make them commit to your business.
JUnit was introduced in 1997 as an open-source Java-based framework for unit testing. It is a part of XUnit, which is a representation of the family of unit testing frameworks. It allows developers to write and run repeatable tests. It is used extensively along with Selenium for writing web automation tests. Its latest programmer-friendly version is JUnit 5, which creates a robust base for developer-based testing on the Java Virtual Machine. TestNG is also a Java-based unit testing framework developed in 2007 on the same lines of JUnit but with new and improved functionalities. These new functionalities include flexible test configuration, support for parameters, data-driven testing, annotations, various integrations, and many more. TestNG performs unit, end-to-end, and integration testing. TestNG generates reports that help developers understand the passed, failed, and skipped status of all the test cases. With the help of TestNG in Selenium, you can run failed tests separately using a testng-failed.xml file to run only failed test cases.
DevSecOps is a modern approach to software development which makes security an integral part of the software lifecycle right from the outset. Security teams are integrated into the development and operations teams, meaning that app security is not just an afterthought, but a fundamental part of the architecture. Here you will also empower the security teams to introduce new security capabilities that can enhance user experience. In the traditional approach, IT teams operate within silos that don’t necessarily communicate effectively with each other during a threat. Bottlenecks can occur as the buck is passed from security to development and back again, which has a detrimental effect on the ability to respond to threats in a timely fashion. When everyone’s on the same team, and security is built into the core of an app, your organisation can take a much more agile approach, and be better prepared for potential security breaches. To take full advantage of DevSecOps, your systems should make use of full-stack observability, the ability to monitor the entire IT stack from customer-facing applications down to core network and infrastructure.
We can divide the challenge to two parts. The first challenge is developing a solution that will provide actional insights or an automated operation to reduce the “alert fatigue syndrome” which affects most of today’s security operations centers (SOCs). The second challenge is to recruit, train and maintain cyber professionals, and for that we need to develop and utilize advanced methodologies and technologies. When discussing national level cyber security operations center, we need to remember that national grade challenges require national grade solutions. These solutions have to incorporate several elements: state of the art technology; effective, field proven methodology; constant innovation, since the cyber domain is constantly evolving; collaboration (and I already elaborated about the Israeli Cyber Companies Consortium) and finally capacity buildup, addressing the human factor – training, certification and awareness.
Quote for the day:
"It is time for a new generation of leadership to cope with new problems and new opportunities for there is a new world to be won." -- John E Kennedy