Daily Tech Digest - July 01, 2023

CERT-In cyber security norms bar use of Anydesk, Teamviewer by govt dept

Cyber security watchdog CERTin has barred the use of remote desktop softwares like Anydesk and Teamviewer in the government department under new security guidelines released on Friday. The guidelines prescribe government departments use virtual private networks (VPN) for accessing network resources from remote locations and enable multi-factor authentication (MFA) for VPN accounts. "Ensure to block access to any remote desktop applications, such as Anydesk, Teamviewer, Ammyy admin etc," Guidelines on Information Security Practices for Government Entities said. CERT-In (Indian Computer Emergency Response Team ) said the purpose of these guidelines is to establish a prioritised baseline for cyber security measures and controls within government organisations and their associated organisations. Minister of State for Electronics and IT Rajeev Chandrasekhar in an official statement said the government has taken several initiatives to ensure an open, safe and trusted and accountable digital space.


Navigating Product Owner Accountability in Scrum: Debunking Myths and Overcoming Anti-Patterns

In a misguided attempt to ‘help’ Product Owners with their important responsibilities, some organizations establish two Product Owners for a single Product. However, while this may seem, at first, to be helpful, this actually causes a lot of problems for both Product Owners involved. When multiple Product Owners exist, conflicting ideas and visions may arise, diluting the product's direction and impeding progress. ... Instead, the Product Owner can delegate tasks such as creating Product Backlog items, maintaining the roadmap, or gathering metrics to Developers on the Scrum team. However, it is important to note that while the Product Owner may delegate as needed, the Product Owner ultimately remains accountable for items in the Product Backlog as well as the product forecast or roadmap, thus ensuring that there is a single, unifying vision and goal for the product and that the Product Backlog is in alignment with that vision. If the Product Owner is delegating the creation of Product Backlog items to Developers, what does that mean? 


Cisco firewall upgrade boosts visibility into encrypted traffic

“What our competitors are saying is ‘just decrypt everything.’ But we know in the real world, customers refrain from doing that due to data privacy concerns and to meet legal/compliance requirements. Furthermore, decrypting and re-encrypting data requires technical prowess not everyone has, increases the attack surface, and also causes severe performance challenges,” Miles said. EVE works by extracting two primary types of data features from the initial packet of a network connection, according to a blog written by Blake Anderson, a software engineer in Cisco’s advanced security research group. First, information about the client is represented by the Network Protocol Fingerprint (NPF), which extracts sequences of bytes from the initial packet and is indicative of the process, library, and/or operating system that initiated the connection. Second, it extracts information about the server such as its IP address, port, and domain name (for example a TLS server_name or HTTP Host). 


Scrum vs. Kanban vs. Lean: Choosing Your Path in Agile Development

While Scrum is commonly associated with software development teams, its principles and lessons have broad applicability across various domains of teamwork. This versatility is one of the key factors contributing to the widespread popularity of Scrum. Scrum is founded upon the concept of time-boxed iterations called sprints, which are designed to enhance team efficiency within cyclical development cycles. ... Kanban is well-suited for organizations seeking to embrace the benefits of agility while minimizing drastic workflow changes. It is particularly suitable for projects where priorities frequently shift, and ad hoc tasks can arise anytime. Kanban is a flexible methodology that can be applied to various domains and teams beyond software development. ... Lean methodology strongly emphasizes market validation and creating successful products that provide value to users. It is particularly well-suited for new product development teams or startups operating in emerging niches where a finished product may not yet exist, and resources are limited.


3 Ways to Build a More Skilled Cybersecurity Workforce

In addition to insights around highly sought-after skill sets and job titles, OECD's report also reveals that demand for cybersecurity professionals has spread beyond the confines of major urban centers. It calls for a more decentralized workforce to meet demand in underserved areas. ... If companies are to close the skills gap and meet the current demand for cybersecurity workers, they will need to broaden their horizons to account for more nontraditional cybersecurity career paths. In doing so, they will enhance the industry with a broader range of unique experiences and life skills. Recruiting more diverse candidates also allows companies to approach security challenges from different angles and identify solutions that may not have been considered otherwise. When a workforce is as diverse as the cybersecurity threats an organization faces, it can pull from a broader range of professional and personal experiences to more effectively and inclusively protect themselves and their end users.


AI's Teachable Moment: How ChatGPT Is Transforming the Classroom

"Teachers could say, 'Hey my students are really interested in TikTok,' then feed that to the AI," says Liu. "An AI could come up with three analogies related to TikTok that connect students to their needs and interests." Liu believes we absolutely need to acknowledge the immediate threats surrounding AI and its initial impact on teachers, particularly around skills assessments and cheating. One approach he takes is to speak openly with students and acknowledge that AI is the new thing and that we're all learning about it – what it can do, where it might lead. The more open conversations educators have with students, he says, the better. In the near term, students are going to cheat. That's impossible to avoid. YouTube and TikTok are bulging at the seams with tricks to help students avoid plagiarism trackers. In the medium term, Liu believes, we need to reevaluate what it means to grade students. Does that mean allowing students to use AI in assessments? Or changing how to teach topics? Liu isn't 100% sure.


Top 5 Benefits Of Blockchain Technology

Transparency within the Blockchain ecosystem refers to the open visibility of transactions, enabling all participants to validate and verify the recorded data. Unlike traditional systems that rely on centralized authorities, Blockchain operates on a decentralized network, where each transaction is recorded on a public ledger known as the Blockchain. ... Immutability is a cornerstone of Blockchain technology. It guarantees that once a transaction is recorded on the Blockchain, it becomes virtually impossible to alter or tamper with the data. This is achieved through a combination of cryptographic techniques and consensus mechanisms. Blockchain achieves data immutability by using cryptographic hashing. Each transaction is assigned a unique cryptographic hash, which is essentially a digital fingerprint. This hash is created by applying complex mathematical algorithms to the transaction data, resulting in a fixed-length string of characters. Furthermore, Blockchain relies on consensus mechanisms such as Proof of Work (PoW) or Proof of Stake (PoS) to validate and verify transactions.


Technical Debt tracking supports projects to “do it right”

For decades, there have been logs of outstanding bugs found in testing but not corrected before the project is implemented. The term technical debt adds the concept that there are consequences to those decisions, and that there are strong reasons to prioritize the follow-up to fix things and clear that list. Most of us are aware of workarounds that were left in place permanently and eventually cost too much. We may have seen a system with poor performance that slowed the work of key workers and/or was missing functionality that impacted the customer experience. All of these are important reasons that technical debt should be cleared up. There are other reasons too. Generally, people do not purposefully create poor designs or code with bugs. ... One of the interesting concepts that has been offered by Martin Fowler is the Technical Debt Quadrant that talks about the prudent but inadvertent technical debt that is created as we learn during a project and realize how the project should have been done.


Successful digital transformation requires simplistic thinking

While organizations are aggressively pursuing transformation goals, Chaudhry warned that antiquated mindsets and a range of internal factors can seriously inhibit innovation and prevent businesses from achieving their goals. Most notable among these is a complacent culture among some IT leaders who are stuck in a loop of traditional, outdated practices. “IT plays the most important role in driving transformation. You play the most important role, but you also need to act fast to drive change,” he said. “You can’t sit back and say ‘this is how things have been done for the last 30 years, so let’s keep doing so’.” ... Inertia, as he puts it, is a powerful inhibitor that locks IT leaders and organizations into an outdated mindset which prevents them from embracing change. “Inertia is powerful, and it holds you back because we are comfortable with what we’ve been doing for the last 10, 20 years or so,” he said. Research has often identified inertia as a common inhibitor in digital transformation, whereby teams are reluctant - or unwilling - to accept change.


Strategies to drive the Data Mesh cultural transformation

It’s important to have consistent and clear communication to ensure that everyone understands the reasons and the effects of change. Leaders must communicate the vision and benefits of Data Mesh. They also need to guide on how the new ways of working are going to be adopted through well-defined structures, roles and responsibilities for the new data product teams. To ensure data product ownership and accountability, defining clear KPIs and metrics for each data product team to measure success and track progress is critical. ... Rather than trying to adopt Data Mesh all at once, organizations can start with small pilot projects and gradually expand. This approach can help understand how processes defined in vitro work in real life. It also comes with lessons learned which help followers avoid the initial mistakes. ... This ensures that everyone in the organizationunderstands the new concepts and ways of working. It could include training sessions and coaching on Data Mesh, product thinking, design, user research, agile methodologies, cross-functional team collaboration, and data product ownership.



Quote for the day:

"Leaders need to strike a balance between action and patience." -- Doug Smith

No comments:

Post a Comment