Daily Tech Digest - October 14, 2022

Which cybersecurity metrics matter most to CISOs today?

Given the rapid increase in malware-free attacks, there’s a tendency on the part of cybersecurity teams to add more metrics. Seeing more reported data as a panacea for rising risks that aren’t immediately understood, cybersecurity teams will turn on as many metrics as possible, looking for clues. Relying on antivirus, SIEM (security information and event management), security ticketing systems, vulnerability scanners, and more, CISOs’ teams generate an overwhelming number of metrics that lack context. CISOs warn that presenting metrics straight from tools without a narrative supporting them is a mistake. C-level executives and the boards they report to are more focused on new insights that are contextually relevant than a series of tactical measures. Every new high-profile intrusion or breach drives up to a dozen or more internal user requests for new metrics. Managing user requests by how much value they provide to contextual intelligence and delivering business value is critical. CISOs tell VentureBeat it’s easy to say no to additional metrics requests when there is no connection to requested metrics that quantify the value cybersecurity delivers.

Making everything connect for smart cities

It’s a vision of how smart cities can be holistically planned by connecting the different city domains and addressing Sustainable Development Goals (SDGs) globally. In this way, mobility, energy, the environment, health, education, security and the economy are not treated separately, but rather as a whole consistent continuity of human-centric services. Smart cities need to be much better at creating an open platform of dialogue that is accessible to all citizens. ... These allow residents to engage with a wide array of data, as well as completing personal tasks like paying bills, finding efficient transportation and assessing energy consumption in the home. Smart cities also need to account for social infrastructure that provides a cultural fabric, making the city attractive to residents and offering a sense of local identity. It is often the social and cultural aspects of a city that citizens find makes it most attractive to live in – aspects such as green open spaces, a wide choice of retail outlets, and bustling nightlife. This is particularly important for cities that are being created ‘from scratch’ (rather than already existing) and need to find effective ways to attract residents.

Dell gets more edge-specific with Project Frontier platform

Dell also said it is expanding its current edge portfolio in the following ways: Edge analytics and operations - Manufacturers can optimize how they deploy edge applications with an Dell Validated Design for Manufacturing Edge, the company said. This now includes new Dell-validated partner applications to support advanced edge use cases, and improve factory processes and efficiencies, while reducing waste and raw materials usage for more sustainable operations. Manufacturers can respond quickly to changes in demand, and enable reconfigurable production lines with Dell's private 5G capability, Dell said. Edge computing and analytics - The PowerEdge XR4000 is the smallest server in the Dell lineup at about the size of a shoebox. The XR4000 is 60% shorter than conventional data center servers, and its multiple mounting options allow it to be installed in a rack, on walls or ceilings, saving valuable floor space. The multi-node, 2U chassis server can survive unpredictable conditions, such as heat waves or falls, the company said.

The White House can build on its AI Bill of Rights blueprint today

Several current uses of AI clearly violate the blueprint and should no longer be used. The president should also stop encouraging agencies to spend American Rescue Plan funds on ShotSpotter and other “gunshot detection” technologies, which change police behavior but have not been shown to decrease gun violence. These tools are in violation of the blueprint’s principles that AI tools must be safe, effective, nondiscriminatory, and transparent. ... On the legislative front, the AI Bill of Rights principles are embodied in both the American Data Privacy Protection Act and the Algorithmic Accountability Act of 2022, both of which the administration could put its support behind. There has been substantial investment in the development and adoption of AI, but nowhere near as much money or energy put toward safeguards or protection. We should not repeat the same self-regulatory mistakes made with social media and online advertising that left us in the privacy crisis we are in today. 

How intelligent automation changes CI/CD

Intelligent automation addresses many of the core requirements for successful software delivery. Basic process automation can increase devops productivity by automating routine manual tasks through code. For example, a developer can run a build in Jenkins that then triggers an automated task that pushes the build to Artifactory and kicks off a delivery pipeline. However, combining automation with AI-powered intelligence can turbocharge processes and improve business outcomes. Intelligent automation can automate routine tasks and then constantly improve automated decision making as the release moves through the delivery lifecycle. Intelligence applied to the release process — when combined with deep tools integrations that provide access not only to events but also to all process data — can automate the detection of software risks and automatically flag release candidates for remediation before they make it to production. In addition to increased devops productivity and faster and more accurate software releases, intelligent automation provides the means to implement centralized, automated control over compliance and security. 

A Big Threat for SMBs: Why Cybersecurity is Everyone’s Responsibility

It impacts everyone across every department and every element of operations. Cybersecurity is a collective responsibility. During this Cybersecurity Awareness Month, let’s debunk the pervasive misconception that cybersecurity is strictly an IT issue. To avoid becoming a statistic, SMBs need to develop a security culture that reinforces the idea that cybersecurity is the responsibility of every team member. From the founder who sets a security-focused tone to the specific teams that implement the policies, to the HR department responsible for onboarding new employees, to the IT team setting system password requirements, and to every employee that can potentially open a phishing email triggering a security incident, it’s a collective effort to stay aware. All individuals need to be trained, vigilant, and engaged. The devil is in the details, as it’s the tools, tasks, and routine activities each team member performs that will protect the company.

Seeing electron movement at fastest speed ever could help unlock next-level quantum computing

Seeing electrons move in increments of one quintillionth of a second could help push processing speeds up to a billion times faster than what is currently possible. In addition, the research offers a “game-changing” tool for the study of many-body physics. “Your current computer’s processor operates in gigahertz, that’s one billionth of a second per operation,” said Mackillo Kira, U-M professor of electrical engineering and computer science, who led the theoretical aspects of the study published in Nature. “In quantum computing, that’s extremely slow because electrons within a computer chip collide trillions of times a second and each collision terminates the quantum computing cycle. ... To see electron movement within two-dimensional quantum materials, researchers typically use short bursts of focused extreme ultraviolet (XUV) light. Those bursts can reveal the activity of electrons attached to an atom’s nucleus. But the large amounts of energy carried in those bursts prevent clear observation of the electrons that travel through semiconductors—as in current computers and in materials under exploration for quantum computers.

New data protection bill must enable a progressive data governance framework

The robust framework that vowed to safeguard the privacy of an individual’s data would have made the privacy design of the bill even more redundant. Consent and notice framework in the new Bill should be dealt with in such a way that it addresses the right to informational privacy while avoiding consent fatigue for consumers. For instance, individuals may receive innumerable privacy notifications causing consent fatigue; this issue was considered and acknowledged by the Justice Srikrishna committee report. Besides, from a business perspective, the cost of compliance, especially for small businesses, will be huge and may result in additional costs. The new personal data governance framework should focus on simplifying the consent and notice framework in such a manner that individuals can easily understand how and for what purpose is their personal data being processed. Besides, the new Bill must lay out better means and ways to obtain consent, which is inclusive, less tiresome, and efficient.

Emotional intelligence: How to create psychological safety for your IT team

The best leaders understand the complexities and imperfections of being human and are not afraid to present their true selves in the workplace. These leaders emanate compassion and encourage their team members to embrace and express their unique gifts and talents. Compassion cuts through mental constructs and perceptions. It begins when leaders examine and undo traditional rules, roles, and narratives that limit their thinking, decision-making, and worldview. Freedom from outdated narratives enables release, self-acceptance, and permission to bring one’s whole self to the workplace. Leaders who are driven by the needs of the ego struggle to let go of outdated competence, values, and skills. Marshall Goldsmith, one of the world’s foremost thought leaders on executive coaching, explains this perfectly in the title of his book, What Got You Here Won’t Get You There. The compulsive need to be right becomes more important than discovering new horizons, untapped potential, and possibilities. Self-righteousness creates a division between the self and the team, eroding trust.

Smart buildings may be your cybersecurity downfall

With the rise of IoT, a wave of adoption of IT and IoT solutions at all levels of building system architecture poses a serious cyber security issue. As it becomes increasingly difficult to distinguish between building automation systems and other systems used in companies and their infrastructures, more “cyber holes” tend to be left unmonitored. The use of insecure industrial protocols is another vulnerability that attackers take advantage of to disrupt smart buildings operations. This is especially the case for building automation systems. Popular protocols like BACnet and LonWorks are not implicitly secure and, like those used in the industrial production sector, tend to have their own vulnerabilities. ... As the cyber-physical equipment within buildings becomes increasingly distributed, especially due to the new trend of supervising building complexes from a central location, cyberattacks on smart buildings, as well as attacks on cities and other smart city infrastructures, can have a significant security impact for users.

Quote for the day:

"Personal leadership is the process of keeping your vision and values before you and aligning your life to be congruent with them." -- Stephen R. Covey

No comments:

Post a Comment