Daily Tech Digest - December 17, 2023

Soft Skills Every CISO Needs to Inspire Better Boardroom Relationships

CISOs now need to understand how to communicate with stakeholders and the boards around an incident. The only way to do this is to collaborate not only with chief financial officers (CFOs) to understand what stakeholders want to hear, but also with the legal department to set clear standards with the board on what they define as material. Working together allows the CISO to break down these silos, ensuring close collaboration toward business goals without adding unnecessary cybersecurity risk. If done right, with the appropriate transparency, any additional measures that are needed to combat a new or emerging risk or regulation should be easier to accept. ... CISOs also have to be good storytellers, using data to craft a narrative around how the business is mitigating growing risk. This includes taking a key performance indicator (KPI) — again using language and metrics that the board and other business stakeholders understand — and showcasing whether existing efforts are falling short and, if so, presenting a strategy to improve results. 

AI-Powered Test Case Generation: A Game-Changer for Testers

Unlike traditional methods, AI brings unimagined intelligence to the test case creation process, complementing everything from functional to performance testing services. The process involves active use of Machine learning algorithms to analyze patterns and identify critical scenarios. Besides, Natural Language Processing (NLP) enables AI to comprehend and interpret complex requirements, streamlining the translation of specifications into effective test cases. Additionally, predictive modelling anticipates potential system behaviors, contributing to more comprehensive test coverage. Overall, the amalgamation of advanced technologies empowers AI to autonomously generate test cases, significantly reducing manual efforts and enhancing the precision of test scenarios. As a result, AI not only accelerates the testing lifecycle but also elevates the overall quality and reliability of software applications. By harnessing the capabilities of artificial intelligence, QA service providers and test teams could yield a transformative approach to redefining the traditional test case generation practices.

UK AI National Institute Urges 'Red Lines' For Generative AI

The report singled out autonomous agents as a specific application of generative AI that warrants close oversight in a national security context. Autonomous agents build on LLMs by interacting with their environment and taking actions with little human intervention. The technology has the potential to accelerate national security analysis such as by rapidly processing vast amounts of open-source data, providing preliminary risk assessments and generating hypotheses for human analysts to pursue, the report said. But critics told report authors that the technology falls short of human-level reasoning and can't reproduce the innate understanding of risk that humans use to avoid failure. Among the mitigations the report suggested are recording actions and decision taken by autonomous agents. "The agent architecture must not obscure or undermine any potential aspects of explainability originating from the LLM." It also suggests attaching warnings to "every stage" of generative AI output and documenting what an agent-based system would do in a worst-case scenario.

From Vision to Value: A DevOps Framework for Sustainable Innovation

The landscape of innovation is fertile ground for emerging technologies, which act as enablers and accelerators in the product development lifecycle. The plethora of tools available today — from sophisticated design software to robust development environments — has dramatically reshaped the process of innovation. Technologies such as cloud computing platforms, low-code development environments, and powerful coding frameworks empower organizations to bring ideas to life with unprecedented speed and efficiency. In the spectrum of tooling options, the decision between low-code platforms and traditional coding environments presents a strategic choice for teams. Low-code platforms can significantly reduce the complexity and time involved in creating applications, democratizing the development process and allowing a broader range of professionals to contribute to innovation. This accessibility can accelerate the prototyping phase, enabling rapid iteration and user feedback integration. Conversely, traditional coding remains indispensable for building highly customized and sophisticated systems. 

From Institutions to AI: The Blockchain Trends Emerging for 2024

Technology moves faster than regulation, and banks and regulators must be able to collaborate more quickly and innovate for the technology to succeed, thrive, and benefit real people, says Anthony Moro, CEO of Provenance Blockchain Foundation, which is responsible for the Provenance Blockchain, a Layer 1 blockchain purpose-built for financial services. “2024 will be a period in which regulators gain more familiarity with innovations being developed on-chain and increase participation in experiments and discussion,” he says. In addition, private, permissioned environments are also poised to help streamline banks’ internal operations, including cross-border payments and settlements, according to Moro. They offer a potential solution for banks and financial institutions to participate in the evolving digital economy while adhering to regulatory requirements and maintaining a level of control over their own products and processes. “Banks and even regulators can use permissioned blockchain zones as ‘sandboxes’ to test out new financial products and services in a controlled and safe environment, which ultimately minimizes risks and stays within the confines of existing regulations,” Moro says.

Ditch Brainstorming: Adam Grant's Brainwriting Revolution

Unlike traditional brainstorming sessions, brainwriting levels the playing field and ensures that all team members, regardless of their inclination towards extroversion or introversion get an equal opportunity to contribute. The process of writing ideas not only allows thoughtful consideration but also prevents the overshadowing of quieter voices. ... Written communication drastically minimises the fear of judgment as compared to voicing it in front of the dominant ideas. This helps in fostering an environment where individuals feel comfortable sharing unconventional or "wild" ideas. This can lead to breakthrough innovations that may have been overlooked in a traditional brainstorming setting. ... Brainwriting allows individuals to think more deeply about their ideas before sharing them with the group. This deliberate reflection can result in not only more refined and fully developed concepts but also more confidence in the idea ultimately improving the overall quality of the generated ideas. ... Unlike the sequential nature of verbal brainstorming, multiple ideas can be generated simultaneously by different team members in the process of brainwriting.

If Computer Science Is Doomed, What Comes Next?

But when it comes to AI replacing human programmers, “I think this is all something that we really have to take seriously…” Welsh said. “I don’t think that this is just — I am exaggerating for effect. But the industry is going to change. So the natural question then is, well, what happens when we cut humans out of the loop? How do we build software? How do we ship product?” Welsh ponders the ramifications of this world. Our current code optimizations like readability and reusability “are only because poor humans have to wrangle with this stuff.” But imagine a world where “It doesn’t really matter if it’s duplicative or repetitive or modular or nicely abstracted.” Welsh put up a diagram of how he envisions the software team of the future… Welsh hedges that he’s “not sure” if all of computer science will one day become a historical artifact — but presents his vision of a “plausible” future, with people “not writing programs in the conventional way that we do today, and instead, having an AI do their bidding.” It happens partly through the use of platforms like Fixie, his company’s platform for easily creating AI-based applications.

4 ways to overcome your biggest worries about generative AI

Avivah Litan, distinguished VP analyst at Gartner, says one of the key issues to be aware of is the pressure for change from people outside the IT department. "The business is wanting to charge full steam ahead," she says, referring to the adoption of generative AI tools by professionals across the organization, with or without the say-so of those in charge. "The security and risk people are having a hard time getting their arms around this deployment, keeping track of what people are doing, and managing the risk." As a result, there's a lot of tension between two groups: the people who want to use AI, and the people who need to manage its use. "No one wants to stifle innovation, but the security and risk people have never had to deal with something like this before," she says in a video chat with ZDNET. "Even though AI has been around for years, they didn't have to really worry about any of this technology until the rise of generative AI." Litan says the best way to allay concerns is to create a task force for AI that draws on experts from across the business and which considers privacy, security, and risk.

Why Cloud Auditing Data Federation is important for an enterprise

The Cloud Auditing Data Federation (CADF) facilitates the federation of normative audit event data to and from cloud providers, which is why it is significant. It offers fresh perspectives on the hardware, software, and network infrastructure of the provider that are used to power certain tenant applications in a multi-vendor setting. Regardless of where applications run, on-premises, in a hybrid cloud, or in a public cloud, compliance with corporate policies and industry laws is a crucial component of every organization’s strategy. By making existing cloud and service audit interfaces, technologies, and tools more consistent, compatible, and even functional, CADF seeks to address significant issues. ... Application security (AppSec) is the practice of identifying and reducing the number of security flaws while reducing the probability of successful assault. It addresses every security issue that comes up during the design, creation, and deployment of an application. CADF offers application security certification, self-management, and self-audit in cloud environments, which can assist customers in ensuring compliance with corporate policies and industry laws.

The CISO risk calculus: Navigating the thin line between paranoia and vigilance

Sometimes we forget the critical survival role that paranoia and anxiety have served in the collective survival of our species. Our early ancestors lived in environments filled with predators and other unknown threats. A healthy dose of paranoia enabled them to be more vigilant, helping them detect and avoid potential dangers. The challenge in our modern era is being able to distinguish genuine threats from the endless noise of false alarms, ensuring that our inherited paranoia and anxiety serve us, rather than hinder us. It also requires that we acknowledge and address the human element in the security calculus. ... Security training shouldn’t be a one-off initiative. While establishing robust policies is a crucial first step, it’s unrealistic to expect that people will automatically understand and consistently adhere to them. Human nature is not inherently programmed to retain and act on information presented only once. It’s not merely about providing information; it’s about continuously reinforcing that knowledge through repeated training. 

Quote for the day:

“The first step toward success is taken when you refuse to be a captive of the environment in which you first find yourself.” -- Mark Caine

No comments:

Post a Comment