Improving Supply Chain Security, Resiliency
Regulatory compliance plays a vital role in how cybersecurity strategies are
built: Compliance mandates like GDPR and the NIST Cybersecurity Framework
provide foundations for data protection, access control, and incident response.
“With these baselines in place, organizations can ensure that there is a certain
level of security across all supply chain partners, which reduces the overall
risk landscape,” Bachwani says. “Compliance also fosters a culture of security,
which drives continuous improvement.” He adds that the pressure to meet
regulatory standards necessitates ongoing risk assessments, proactive risk
management practices, and regular vulnerability patching, which prioritizes
cybersecurity in decision-making. “Regulatory frameworks often come with heavy
fines and reputational damage for those who do not comply,” Bachwani notes.
“This incentivizes everyone within the supply chain to prioritize cybersecurity
and invest in robust safeguards.” Christopher Warner, senior security consultant
at GuidePoint Security, says regulatory frameworks often specify security
controls and standards that organizations must follow.
Quantum entanglement discovery is a revolutionary step forward
This discovery opens the door to new quantum communication protocols, utilizing
topology as a medium for quantum information processing. Such protocols could
revolutionize how we encode and transmit information in quantum systems,
especially in scenarios where traditional encoding methods fail due to minimal
entanglement. In summary, the significance of this research lies in its
potential for practical applications. For decades, preserving entangled states
has been a major challenge. The team’s findings suggest that topology can remain
intact even as entanglement decays, offering a novel encoding mechanism for
quantum systems. Professor Forbes concludes with a forward-looking statement,
saying, “We are now poised to define new protocols and explore the vast
landscape of topological nonlocal quantum states, potentially revolutionizing
how we approach quantum communication and information processing.” ... It’s
a physical process where pairs or groups of particles are generated, interact,
or share spatial proximity in ways such that the quantum state of each particle
cannot be described independently of the state of the others, even when the
particles are separated by a large distance.
Staffing levels: are data centers at risk of unnecessary outages?
As for whether there were sufficient staff onsite during the Microsoft outage,
and what should be the optimal number of staff present, John Booth, Managing
Director of Carbon3IT Ltd, and Chair of the Energy Efficiency Group of the Data
Centre Alliance, says it very much depends on the design and scale of the data
center, as well as on the level of automation for monitoring and maintenance.
Data centers are also often reliant on outsourced personnel for specific
maintenance and emergency tasks and offer a 4-hour response. Beyond this, he
suggests there is a need for more information to determine whether 7 staff were
sufficient but admits that 3 members of staff are usually the norm for a night
shift, “with perhaps more during the day depending on the rate of churn of
equipment.” Davis adds that there is no reliable rule of thumb because each and
every organization and site is different. However, there are generally accepted
staff calculation techniques that can determine the right staffing levels for a
particular data center site. As for the Microsoft incident, he’d need to
formally do the calculations to decide whether 3 or 7 technicians were
sufficient. It’s otherwise just a guess.
Projecting 2024 Cybertrends and C-Suite Responsibilities
Organizations must comply with various regulations and standards, such as the
EU General Data Protection Regulation (GDPR), the US State of California
Consumer Privacy Act (CCPA), the Payment Card Industry Data Security Standard
(PCI DSS), and the US Health Insurance Portability and Accountability Act
(HIPAA). Non-compliance can result in fines, legal action, or reputational
damage. Compliance can be achieved if C-suite executives establish a
compliance framework that requires them to assess and monitor their compliance
status and implement necessary policies and procedures. They should also stay
up to date on the changing regulatory and compliance landscape and engage with
regulators and policymakers.The persistent cybersecurity skills gap is the
shortage of qualified and experienced cybersecurity professionals on the job
market. The cybersecurity skills gap can affect the ability of organizations
to prevent, detect, and respond to cyberthreats. To help fill the skills gap,
C-level executives should invest in the recruitment, retention, and
development of their cybersecurity talent, and offer competitive compensation
and benefits.
Here’s what you should look for in an OKR Management Tool
Communication is central to ensuring the success of any goal-setting
framework. Make sure the technology you are leveraging allows the capturing of
feedback, thoughts and comments on an ongoing basis. Using Keka’s OKR tool,
teams can engage in meaningful discussions, share insights, and offer feedback
directly on objectives and key results, fostering a culture of transparency
and continuous improvement via the comments and 1 on 1 meeting feature. This
functionality also empowers teams to set their own aligned goals, tailoring
objectives to their unique strengths and challenges while still contributing
to the larger organisational mission. ... Reminders about OKRs are highly
advantageous as they keep objectives and key results at the forefront of
individuals' and teams' attention, minimising the risk of goals becoming
overlooked or forgotten during daily tasks. These reminders serve as nudges,
encouraging consistent progress tracking, timely updates, and proactive
adjustments. By maintaining goal visibility and urgency, this feature ensures
that teams stay on track, deadlines are met, and alignment with broader
strategic objectives remains strong, ultimately driving improved goal
achievement and organisational success.
The CISO’s guide to accelerating quantum-safe readiness
With a dynamic perspective of their enterprise-wide cryptographic usage, CISOs
can begin the work of cybersecurity risk assessments. This step involves working
with cybersecurity and privacy managers to prioritize sensitive and critical
data sets most at risk from “harvest now, decrypt later” attacks and with the
highest business value and impact. To translate these insights into a
quantum-safe strategy, security leaders should evaluate the business relevance
in relation to the complexity of mitigation for specific assets so that they can
plan their quantum-safe transition in a way that optimizes performance,
compatibility and ease of integration. ... The final step in the journey to
quantum-safe security is the transformation of cryptographic infrastructure to
incorporate quantum-resistant cryptography. Before deploying quantum-safe
solutions to their stack, security leaders should equip their teams with the
tools and education to test the new cryptographic protocols and evaluate the
potential impact on systems and performance. Quantum-safe solutions that can be
updated without having to overhaul their cybersecurity infrastructure will help
CISOs establish crypto-agility and ensure they can proactively and seamlessly
address potential quantum vulnerabilities.
Magic Keyboard vulnerability allows takeover of iOS, Android, Linux, and MacOS devices
“The user does not have to have a keyboard paired with their phone already. And
as long as Bluetooth is enabled on the Android device, at any time the phone is
on them, and Bluetooth is on, the attacker can then force pair an emulated
keyboard with the Android device and inject keystrokes, including at the lock
screen.” Newlin then turned to Linux. “It turns out that the Linux attack is
very, very similar,” he said. “On Linux, as long as the host is discoverable and
connectable over Bluetooth, the attacker can force-pair a keyboard and inject
keystrokes without the user’s confirmation. And so, this is distinct from
Android in that the device has to be not only connectable but also discoverable
and connectable on Linux for the attack.” Linux fixed this bug in 2020 but left
the fix disabled by default. ... Newlin encourages security researchers to
continue probing Bluetooth flaws. “I think it’ll probably be a while [before the
full extent of Bluetooth flaws is known] because it will take the community
actually fleshing these out and identifying all these additional effective
systems beyond what I’ve seen myself,” he said.
How Edge Analytics Can Deliver the Competitive Edge Your Business Needs
Traditional data analytics models struggle to keep up with all the data that’s
being generated. Traditional data analytics is also no match for today’s data
velocity. As the speed at which data is created continues to grow, there will be
an even greater need for real-time processing. The interpretation and
application of real-time analytics can vary based on the specific industry and
its requirements. Real-time analytics is a broad concept that is adapted to suit
the needs of different industries and sectors. ... By addressing
these traditional data analytics challenges, edge analytics is becoming more
prominent. It’s a natural progression -- taking data and business where they
need to go now. ... Businesses can move faster with edge analytics because of
its reduced latency. This is possible because edge analytics processes data
closer to where it was generated, so organizations get data insights quicker.
Reduced latency is particularly critical for applications that require real-time
response such as battlefield scenarios, fraud detection, and supply chain
management. Because edge analytics reduces the data load on the network, it also
saves energy, reduces carbon emissions, and helps organizations meet their
sustainability goals to protect the planet.
How OpenAI plans to handle genAI election fears
For its part, OpenAI said ChatGPT will redirect users to CanIVote.org for
specific election-related queries. The company is also focusing on enhancing the
transparency of AI-generated images using its DALL-E technology with plans to
incorporate a "cr" icon on such photos, signaling they are AI-generated. The
company also plans to enhance its ChatGPT platform by integrating it with
real-time global news reporting, including proper attribution and links. The
news initiative is an expansion of an agreement made last year with the German
media conglomerate Axel Springer. Under that deal, ChatGPT users gain access to
summarized versions of select global news content from Axel Springer's various
media channels. ... There's no universal rule for how genAI should be used in
politics. Last year, Meta declared it would prohibit political campaigns from
using genAI tools in their advertising and mandate that politicians reveal any
such use in their ads. Similarly, YouTube said all content creators must
disclose whether their videos contain "realistic" but altered media, including
those created with AI.
Storytelling for CIOs: From niche to bestseller
“For a CIO, or anyone in a senior position with responsibility for data, the
best way to succeed is to make projects come to life,” says Caroline
Carruthers, formerly a pioneering chief data officer at Network Rail, which
manages train stations and infrastructure in the UK, and now CEO of data
consultancy Carruthers and Jackson. “You can give people all the dashboards,
charts and figures in the world, but it’s when you help them understand the
thinking behind what you do and bring it to life that you get the buy-in you
need.” Often, CIOs use stories as a form of Esperanto or a translation layer.
“I always find there’s benefit in using a story to help my audience understand
what can sometimes be very technical concepts that I’m trying to communicate
to non-technical people,” says Adam Miller, CIO of UK insurer, Markerstudy
Group. “Get the story right, then people understand the plan and you’ve a much
better chance of them buying in. I also find that a good story is just as
important for highlighting the impact of inaction too, which can often be the
easiest option for people to take.”
Quote for the day:
"Leadership Seductions are behaviors
or attitudes in which we become 'stuck'" --
Catherine Robinson-Walker
No comments:
Post a Comment